From: Gustavo Padovan <gustavo@padovan.org>
To: Sedat Dilek <sedat.dilek@gmail.com>
Cc: linux-bluetooth@vger.kernel.org,
Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Subject: Re: [PATCH] Bluetooth: Fix race between hci_register_dev() and hci_dev_open()
Date: Thu, 11 Jul 2013 13:03:05 +0100 [thread overview]
Message-ID: <20130711120305.GA551@joana> (raw)
In-Reply-To: <CA+icZUU8Xin-UapmBObQPt7kidek4GZusV1+fqYBMtvfoKKcmQ@mail.gmail.com>
Hi Sedat,
* Sedat Dilek <sedat.dilek@gmail.com> [2013-07-11 13:26:44 +0200]:
> On Thu, Jul 11, 2013 at 1:19 PM, Gustavo Padovan <gustavo@padovan.org> wrote:
> > From: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
> >
> > If hci_dev_open() is called after hci_register_dev() added the device to
> > the hci_dev_list but before the workqueue are created we could run into a
> > NULL pointer dereference (showed in the crash below).
> >
>
> That sentense is hard to follow.
>
> s/showed in the crash below/see below
>
> > This is bug that is very unlikely to happen, systems using bluetoothd to
> > manage their bluetooth devices will never see this happens.
> >
>
> What about:
> "This bug is very unlikely to happen. Systems... will never see this happen."
Thank you for those suggestions, I'm not a native English speaker, so I still
do a lot of mistakes.
>
> > BUG: unable to handle kernel NULL pointer dereference
> > 0100
> > IP: [<ffffffff81077502>] __queue_work+0x32/0x3d0
> > (...)
> > Call Trace:
> > [<ffffffff81077be5>] queue_work_on+0x45/0x50
> > [<ffffffffa016e8ff>] hci_req_run+0xbf/0xf0 [bluetooth]
> > [<ffffffffa01709b0>] ? hci_init2_req+0x720/0x720 [bluetooth]
> > [<ffffffffa016ea06>] __hci_req_sync+0xd6/0x1c0 [bluetooth]
> > [<ffffffff8108ee10>] ? try_to_wake_up+0x2b0/0x2b0
> > [<ffffffff8150e3f0>] ? usb_autopm_put_interface+0x30/0x40
> > [<ffffffffa016fad5>] hci_dev_open+0x275/0x2e0 [bluetooth]
> > [<ffffffffa0182752>] hci_sock_ioctl+0x1f2/0x3f0 [bluetooth]
> > [<ffffffff815c6050>] sock_do_ioctl+0x30/0x70
> > [<ffffffff815c75f9>] sock_ioctl+0x79/0x2f0
> > [<ffffffff811a8046>] do_vfs_ioctl+0x96/0x560
> > [<ffffffff811a85a1>] SyS_ioctl+0x91/0xb0
> > [<ffffffff816d989d>] system_call_fastpath+0x1a/0x1f
> >
>
> Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
>
> Still-untested-by: ... (AFAICS it was hard to reproduce.)
I'll probably push this patch anyway, it is a simple change and can't cause
any regressions.
Gustavo
next prev parent reply other threads:[~2013-07-11 12:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-11 11:19 [PATCH] Bluetooth: Fix race between hci_register_dev() and hci_dev_open() Gustavo Padovan
2013-07-11 11:26 ` Sedat Dilek
2013-07-11 12:03 ` Gustavo Padovan [this message]
2013-07-11 12:03 ` [PATCH -v2] " Gustavo Padovan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130711120305.GA551@joana \
--to=gustavo@padovan.org \
--cc=gustavo.padovan@collabora.co.uk \
--cc=linux-bluetooth@vger.kernel.org \
--cc=sedat.dilek@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).