From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>,
Paul Menzel <pmenzel@molgen.mpg.de>,
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 53/93] Bluetooth: btnxpuart: Fix random crash seen while removing driver
Date: Sun, 1 Sep 2024 18:16:40 +0200 [thread overview]
Message-ID: <20240901160809.360434406@linuxfoundation.org> (raw)
In-Reply-To: <20240901160807.346406833@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
[ Upstream commit 35237475384ab3622f63c3c09bdf6af6dacfe9c3 ]
This fixes the random kernel crash seen while removing the driver, when
running the load/unload test over multiple iterations.
1) modprobe btnxpuart
2) hciconfig hci0 reset
3) hciconfig (check hci0 interface up with valid BD address)
4) modprobe -r btnxpuart
Repeat steps 1 to 4
The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),
which gets scheduled after module is removed, causing a kernel crash.
This hidden issue got highlighted after enabling Power Save by default
in 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on
startup)
The new ps_cleanup() deasserts UART break immediately while closing
serdev device, cancels any scheduled ps_work and destroys the ps_lock
mutex.
[ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258
[ 85.884624] Mem abort info:
[ 85.884625] ESR = 0x0000000086000007
[ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits
[ 85.884633] SET = 0, FnV = 0
[ 85.884636] EA = 0, S1PTW = 0
[ 85.884638] FSC = 0x07: level 3 translation fault
[ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000
[ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000
[ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP
[ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]
[ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1
[ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT)
[ 85.936182] Workqueue: events 0xffffd4a61638f380
[ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 85.952817] pc : 0xffffd4a61638f258
[ 85.952823] lr : 0xffffd4a61638f258
[ 85.952827] sp : ffff8000084fbd70
[ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000
[ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305
[ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970
[ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000
[ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090
[ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139
[ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50
[ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8
[ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000
[ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000
[ 85.977443] Call trace:
[ 85.977446] 0xffffd4a61638f258
[ 85.977451] 0xffffd4a61638f3e8
[ 85.977455] process_one_work+0x1d4/0x330
[ 85.977464] worker_thread+0x6c/0x430
[ 85.977471] kthread+0x108/0x10c
[ 85.977476] ret_from_fork+0x10/0x20
[ 85.977488] Code: bad PC value
[ 85.977491] ---[ end trace 0000000000000000 ]---
Preset since v6.9.11
Fixes: 86d55f124b52 ("Bluetooth: btnxpuart: Deasset UART break before closing serdev device")
Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btnxpuart.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c
index f72086ee614fb..814dd966b1a45 100644
--- a/drivers/bluetooth/btnxpuart.c
+++ b/drivers/bluetooth/btnxpuart.c
@@ -438,6 +438,23 @@ static bool ps_wakeup(struct btnxpuart_dev *nxpdev)
return false;
}
+static void ps_cleanup(struct btnxpuart_dev *nxpdev)
+{
+ struct ps_data *psdata = &nxpdev->psdata;
+ u8 ps_state;
+
+ mutex_lock(&psdata->ps_lock);
+ ps_state = psdata->ps_state;
+ mutex_unlock(&psdata->ps_lock);
+
+ if (ps_state != PS_STATE_AWAKE)
+ ps_control(psdata->hdev, PS_STATE_AWAKE);
+
+ ps_cancel_timer(nxpdev);
+ cancel_work_sync(&psdata->work);
+ mutex_destroy(&psdata->ps_lock);
+}
+
static int send_ps_cmd(struct hci_dev *hdev, void *data)
{
struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
@@ -1307,7 +1324,6 @@ static int btnxpuart_close(struct hci_dev *hdev)
{
struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
- ps_wakeup(nxpdev);
serdev_device_close(nxpdev->serdev);
skb_queue_purge(&nxpdev->txq);
kfree_skb(nxpdev->rx_skb);
@@ -1457,8 +1473,8 @@ static void nxp_serdev_remove(struct serdev_device *serdev)
nxpdev->new_baudrate = nxpdev->fw_init_baudrate;
nxp_set_baudrate_cmd(hdev, NULL);
}
- ps_cancel_timer(nxpdev);
}
+ ps_cleanup(nxpdev);
hci_unregister_dev(hdev);
hci_free_dev(hdev);
}
--
2.43.0
next prev parent reply other threads:[~2024-09-01 16:27 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-01 16:15 [PATCH 6.6 00/93] 6.6.49-rc1 review Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 01/93] ALSA: seq: Skip event type filtering for UMP events Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 02/93] LoongArch: Remove the unused dma-direct.h Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 03/93] btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 04/93] btrfs: run delayed iputs when flushing delalloc Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 05/93] smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 06/93] pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 07/93] pinctrl: single: fix potential NULL dereference in pcs_get_function() Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 08/93] of: Add cleanup.h based auto release via __free(device_node) markings Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 09/93] wifi: wfx: repair open network AP mode Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 10/93] wifi: mwifiex: duplicate static structs used in driver instances Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 11/93] net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Greg Kroah-Hartman
2024-09-01 16:15 ` [PATCH 6.6 12/93] mptcp: close subflow when receiving TCP+FIN Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 13/93] mptcp: sched: check both backup in retrans Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 14/93] mptcp: pm: reuse ID 0 after delete and re-add Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 15/93] mptcp: pm: skip connecting to already established sf Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 16/93] mptcp: pm: reset MPC endp ID when re-added Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 17/93] mptcp: pm: send ACK on an active subflow Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 18/93] mptcp: pm: do not remove already closed subflows Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 19/93] mptcp: pm: fix ID 0 endp usage after multiple re-creations Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 20/93] mptcp: pm: ADD_ADDR 0 is not a new address Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 21/93] selftests: mptcp: join: check removing ID 0 endpoint Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 22/93] selftests: mptcp: join: no extra msg if no counter Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 23/93] selftests: mptcp: join: check re-re-adding ID 0 endp Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 24/93] drm/amdgpu: align pp_power_profile_mode with kernel docs Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 25/93] drm/amdgpu/swsmu: always force a state reprogram on init Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 26/93] drm/vmwgfx: Fix prime with external buffers Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 27/93] tracing: Have format file honor EVENT_FILE_FL_FREED Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 28/93] usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 29/93] of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put() handling Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 30/93] thermal: of: Fix OF node leak in thermal_of_trips_init() error path Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 31/93] thermal: of: Fix OF node leak in of_thermal_zone_find() error paths Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 32/93] ASoC: amd: acp: fix module autoloading Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 33/93] ASoC: SOF: amd: Fix for acp init sequence Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 34/93] pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 35/93] pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 36/93] ovl: pass string to ovl_parse_layer() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 37/93] ovl: fix wrong lowerdir number check for parameter Opt_lowerdir Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 38/93] ovl: ovl_parse_param_lowerdir: Add missed \n for pr_err Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 39/93] mm: Fix missing folio invalidation calls during truncation Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 40/93] cifs: Fix FALLOC_FL_PUNCH_HOLE support Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 41/93] Revert "change alloc_pages name in dma_map_ops to avoid name conflicts" Greg Kroah-Hartman
2024-09-02 10:58 ` Frank Scheiner
2024-09-01 16:16 ` [PATCH 6.6 42/93] selinux,smack: dont bypass permissions check in inode_setsecctx hook Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 43/93] iommufd: Do not allow creating areas without READ or WRITE Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 44/93] phy: fsl-imx8mq-usb: fix tuning parameter name Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 45/93] soundwire: stream: fix programming slave ports for non-continous port maps Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 46/93] dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 47/93] dmaengine: dw-edma: Do not enable watermark " Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 48/93] phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 49/93] dmaengine: dw: Add peripheral bus width verification Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 50/93] dmaengine: dw: Add memory " Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 51/93] Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 52/93] Bluetooth: btnxpuart: Handle FW Download Abort scenario Greg Kroah-Hartman
2024-09-01 16:16 ` Greg Kroah-Hartman [this message]
2024-09-01 16:16 ` [PATCH 6.6 54/93] Bluetooth: hci_core: Fix not handling hibernation actions Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 55/93] iommu: Do not return 0 from map_pages if it doesnt do anything Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 56/93] netfilter: nf_tables: restore IP sanity checks for netdev/egress Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 57/93] wifi: iwlwifi: fw: fix wgds rev 3 exact size Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 58/93] ethtool: check device is present when getting link settings Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 59/93] netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 60/93] selftests: forwarding: no_forwarding: Down ports on cleanup Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 61/93] selftests: forwarding: local_termination: " Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 62/93] bonding: implement xdo_dev_state_free and call it after deletion Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 63/93] bonding: extract the use of real_device into local variable Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 64/93] bonding: change ipsec_lock from spin lock to mutex Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 65/93] gtp: fix a potential NULL pointer dereference Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 66/93] sctp: fix association labeling in the duplicate COOKIE-ECHO case Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 67/93] drm/amd/display: avoid using null object of framebuffer Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 68/93] net: busy-poll: use ktime_get_ns() instead of local_clock() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 69/93] nfc: pn533: Add poll mod list filling check Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 70/93] soc: qcom: cmd-db: Map shared memory as WC, not WB Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 71/93] soc: qcom: pmic_glink: Actually communicate when remote goes down Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 6.6 72/93] soc: qcom: pmic_glink: Fix race during initialization Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 73/93] cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 74/93] firmware: qcom: scm: Mark get_wq_ctx() as atomic call Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 75/93] scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 76/93] USB: serial: option: add MeiG Smart SRM825L Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 77/93] ARM: dts: imx6dl-yapp43: Increase LED current to match the yapp4 HW design Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 78/93] usb: dwc3: omap: add missing depopulate in probe error path Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 79/93] usb: dwc3: core: Prevent USB core invalid event buffer address access Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 80/93] usb: dwc3: st: fix probed platform device ref count on probe error path Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 81/93] usb: dwc3: st: add missing depopulate in " Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 82/93] usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 83/93] usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 84/93] usb: cdnsp: fix for Link TRB with TC Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 85/93] ARM: dts: omap3-n900: correct the accelerometer orientation Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 86/93] arm64: dts: imx8mp-beacon-kit: Fix Stereo Audio on WM8962 Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 87/93] arm64: dts: imx93: add nvmem property for fec1 Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 88/93] arm64: dts: imx93: add nvmem property for eqos Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 89/93] arm64: dts: imx93: update default value for snps,clk-csr Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 90/93] arm64: dts: freescale: imx93-tqma9352: fix CMA alloc-ranges Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 91/93] arm64: dts: freescale: imx93-tqma9352-mba93xxla: fix typo Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 92/93] scsi: aacraid: Fix double-free on probe failure Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 6.6 93/93] apparmor: fix policy_unpack_test on big endian systems Greg Kroah-Hartman
2024-09-02 10:58 ` [PATCH 6.6 00/93] 6.6.49-rc1 review Frank Scheiner
2024-09-02 15:38 ` Naresh Kamboju
2024-09-03 7:16 ` Ron Economos
2024-09-03 8:45 ` Jon Hunter
2024-09-03 11:41 ` Takeshi Ogasawara
2024-09-03 11:44 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240901160809.360434406@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=luiz.von.dentz@intel.com \
--cc=neeraj.sanjaykale@nxp.com \
--cc=patches@lists.linux.dev \
--cc=pmenzel@molgen.mpg.de \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.