From: Pauli Virtanen <pav@iki.fi>
To: linux-bluetooth@vger.kernel.org
Cc: Pauli Virtanen <pav@iki.fi>
Subject: [PATCH v2 0/3] Bluetooth: ISO-related concurrency fixes
Date: Tue, 13 Jun 2023 21:06:01 +0300 [thread overview]
Message-ID: <cover.1686589290.git.pav@iki.fi> (raw)
This series addresses some concurrency issues (NULL / GPF) in ISO
sockets or related.
v2:
- Use RCU for the pend_le_* lists, avoid using hci_dev_lock.
- Always call disconn_cfm before hci_conn_del (L2CAP also needs it).
These were found while testing patches that make hci_le_set_cig_params
check the validity of the configuration and return false if incorrect.
This causes dropping of hci_conn just created, which apparently makes
hitting race conditions easier.
The test setup was primitive
while true; do bluetoothctl power on; sleep 12; bluetoothctl power off; sleep 1.5; bluetoothctl power off; sleep 2.5; done;
while true; do sudo systemctl restart bluetooth; sleep 110; done
while true; do systemctl --user restart pipewire wireplumber pipewire-pulse; sleep 91; done
while true; do paplay sample.flac & sleep 2; kill %1; sleep 0.7; done
and equivalent operations manually, on VM + connect to TWS earbuds. This
eventually hit the NULL / GFP errors here, but they are hard to
reproduce aside from the first one that appears in iso-tester.
Pauli Virtanen (3):
Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync
Bluetooth: hci_event: call disconnect callback before deleting conn
Bluetooth: ISO: fix iso_conn related locking and validity issues
include/net/bluetooth/hci_core.h | 5 ++
net/bluetooth/hci_conn.c | 9 ++--
net/bluetooth/hci_core.c | 34 +++++++++---
net/bluetooth/hci_event.c | 15 +++---
net/bluetooth/hci_sync.c | 93 ++++++++++++++++++++++++++++----
net/bluetooth/iso.c | 53 ++++++++++--------
net/bluetooth/mgmt.c | 30 +++++------
7 files changed, 175 insertions(+), 64 deletions(-)
--
2.40.1
next reply other threads:[~2023-06-13 18:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-13 18:06 Pauli Virtanen [this message]
2023-06-13 18:06 ` [PATCH v2 1/3] Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync Pauli Virtanen
2023-06-13 18:35 ` Bluetooth: ISO-related concurrency fixes bluez.test.bot
2023-06-13 19:04 ` [PATCH v2 1/3] Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync Luiz Augusto von Dentz
2023-06-13 19:38 ` Luiz Augusto von Dentz
2023-06-13 23:07 ` Pauli Virtanen
2023-06-14 16:19 ` Luiz Augusto von Dentz
2023-06-15 20:10 ` Pauli Virtanen
2023-06-15 22:32 ` Luiz Augusto von Dentz
2023-06-13 18:06 ` [PATCH v2 2/3] Bluetooth: hci_event: call disconnect callback before deleting conn Pauli Virtanen
2023-06-13 18:06 ` [PATCH v2 3/3] Bluetooth: ISO: fix iso_conn related locking and validity issues Pauli Virtanen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1686589290.git.pav@iki.fi \
--to=pav@iki.fi \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.