From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Arseniy Krasnov <avkrasnov@salutedevices.com>,
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
Sasha Levin <sashal@kernel.org>,
marcel@holtmann.org, luiz.dentz@gmail.com,
linux-bluetooth@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 17/18] Bluetooth: hci_uart: fix race during initialization
Date: Thu, 3 Apr 2025 15:08:43 -0400 [thread overview]
Message-ID: <20250403190845.2678025-17-sashal@kernel.org> (raw)
In-Reply-To: <20250403190845.2678025-1-sashal@kernel.org>
From: Arseniy Krasnov <avkrasnov@salutedevices.com>
[ Upstream commit 366ceff495f902182d42b6f41525c2474caf3f9a ]
'hci_register_dev()' calls power up function, which is executed by
kworker - 'hci_power_on()'. This function does access to bluetooth chip
using callbacks from 'hci_ldisc.c', for example 'hci_uart_send_frame()'.
Now 'hci_uart_send_frame()' checks 'HCI_UART_PROTO_READY' bit set, and
if not - it fails. Problem is that 'HCI_UART_PROTO_READY' is set after
'hci_register_dev()', and there is tiny chance that 'hci_power_on()' will
be executed before setting this bit. In that case HCI init logic fails.
Patch moves setting of 'HCI_UART_PROTO_READY' before calling function
'hci_uart_register_dev()'.
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_ldisc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index c1feebd9e3a03..5dc2f38c7b9a7 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -709,12 +709,13 @@ static int hci_uart_set_proto(struct hci_uart *hu, int id)
hu->proto = p;
+ set_bit(HCI_UART_PROTO_READY, &hu->flags);
+
err = hci_uart_register_dev(hu);
if (err) {
return err;
}
- set_bit(HCI_UART_PROTO_READY, &hu->flags);
return 0;
}
--
2.39.5
next prev parent reply other threads:[~2025-04-03 19:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-03 19:08 [f2fs-dev] [PATCH AUTOSEL 6.1 01/18] f2fs: don't retry IO for corrupted data scenario Sasha Levin via Linux-f2fs-devel
2025-04-03 19:08 ` Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 02/18] page_pool: avoid infinite loop to schedule delayed worker Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 03/18] jfs: Fix uninit-value access of imap allocated in the diMount() function Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 04/18] fs/jfs: cast inactags to s64 to prevent potential overflow Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 05/18] fs/jfs: Prevent integer overflow in AG size calculation Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 06/18] jfs: Prevent copying of nlink with value 0 from disk inode Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 07/18] jfs: add sanity check for agwidth in dbMount Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 08/18] ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Sasha Levin
2025-04-03 19:08 ` [f2fs-dev] [PATCH AUTOSEL 6.1 09/18] f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Sasha Levin via Linux-f2fs-devel
2025-04-03 19:08 ` Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 10/18] ahci: add PCI ID for Marvell 88SE9215 SATA Controller Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 11/18] ext4: protect ext4_release_dquot against freezing Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 12/18] ext4: ignore xattrs past end Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 13/18] scsi: st: Fix array overflow in st_setup() Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 14/18] wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 15/18] net: vlan: don't propagate flags on open Sasha Levin
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 16/18] tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Sasha Levin
2025-04-03 19:08 ` Sasha Levin [this message]
2025-04-03 19:08 ` [PATCH AUTOSEL 6.1 18/18] Bluetooth: qca: simplify WCN399x NVM loading Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403190845.2678025-17-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=avkrasnov@salutedevices.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=luiz.von.dentz@intel.com \
--cc=marcel@holtmann.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.