* [PATCH] Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready
@ 2026-04-12 18:47 Pauli Virtanen
2026-04-12 19:34 ` bluez.test.bot
2026-04-13 18:20 ` [PATCH] " patchwork-bot+bluetooth
0 siblings, 2 replies; 3+ messages in thread
From: Pauli Virtanen @ 2026-04-12 18:47 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
sco_conn_ready calls sleeping functions under conn->lock spinlock.
The critical section can be reduced: conn->hcon is modified only with
hdev->lock held. It is guaranteed to be held in sco_conn_ready, so
conn->lock is not needed to guard it.
Move taking conn->lock after lock_sock(parent). This also follows the
lock ordering lock_sock() > conn->lock elsewhere in the file.
Fixes: 27c24fda62b60 ("Bluetooth: switch to lock_sock in SCO")
Signed-off-by: Pauli Virtanen <pav@iki.fi>
---
net/bluetooth/sco.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 18826d4b9c0b..3a5479538e85 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -1377,26 +1377,24 @@ static void sco_conn_ready(struct sco_conn *conn)
sk->sk_state_change(sk);
release_sock(sk);
} else {
- sco_conn_lock(conn);
-
- if (!conn->hcon) {
- sco_conn_unlock(conn);
+ if (!conn->hcon)
return;
- }
+
+ lockdep_assert_held(&conn->hcon->hdev->lock);
parent = sco_get_sock_listen(&conn->hcon->src);
- if (!parent) {
- sco_conn_unlock(conn);
+ if (!parent)
return;
- }
lock_sock(parent);
+ sco_conn_lock(conn);
+
sk = sco_sock_alloc(sock_net(parent), NULL,
BTPROTO_SCO, GFP_ATOMIC, 0);
if (!sk) {
- release_sock(parent);
sco_conn_unlock(conn);
+ release_sock(parent);
return;
}
@@ -1417,9 +1415,9 @@ static void sco_conn_ready(struct sco_conn *conn)
/* Wake up parent */
parent->sk_data_ready(parent);
- release_sock(parent);
-
sco_conn_unlock(conn);
+
+ release_sock(parent);
}
}
--
2.53.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* RE: Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready
2026-04-12 18:47 [PATCH] Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready Pauli Virtanen
@ 2026-04-12 19:34 ` bluez.test.bot
2026-04-13 18:20 ` [PATCH] " patchwork-bot+bluetooth
1 sibling, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2026-04-12 19:34 UTC (permalink / raw)
To: linux-bluetooth, pav
[-- Attachment #1: Type: text/plain, Size: 4177 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1080410
---Test result---
Test Summary:
CheckPatch PENDING 0.50 seconds
GitLint PENDING 0.30 seconds
SubjectPrefix PASS 0.08 seconds
BuildKernel PASS 23.67 seconds
CheckAllWarning PASS 26.30 seconds
CheckSparse PASS 24.97 seconds
BuildKernel32 PASS 23.06 seconds
TestRunnerSetup PASS 517.43 seconds
TestRunner_l2cap-tester FAIL 27.72 seconds
TestRunner_iso-tester PASS 32.92 seconds
TestRunner_bnep-tester PASS 6.26 seconds
TestRunner_mgmt-tester FAIL 110.65 seconds
TestRunner_rfcomm-tester PASS 9.28 seconds
TestRunner_sco-tester PASS 14.05 seconds
TestRunner_ioctl-tester PASS 9.98 seconds
TestRunner_mesh-tester FAIL 11.46 seconds
TestRunner_smp-tester PASS 8.44 seconds
TestRunner_userchan-tester PASS 6.50 seconds
TestRunner_6lowpan-tester FAIL 8.83 seconds
IncrementalBuild PENDING 0.30 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
Total: 96, Passed: 95 (99.0%), Failed: 1, Not Run: 0
Failed Test Cases
L2CAP BR/EDR Server - Set PHY 2M Failed 0.114 seconds
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.102 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 1.829 seconds
Mesh - Send cancel - 2 Timed out 2.004 seconds
##############################
Test: TestRunner_6lowpan-tester - FAIL
Desc: Run 6lowpan-tester with test-runner
Output:
WARNING: possible circular locking dependency detected
7.0.0-rc2-g48abf361eec2 #1 Not tainted
------------------------------------------------------
kworker/0:1/11 is trying to acquire lock:
ffff888002767140 ((wq_completion)hci0#2){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x75/0x180
but task is already holding lock:
ffffffff8844d720 (rtnl_mutex){+.+.}-{4:4}, at: lowpan_unregister_netdev+0xd/0x30
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (rtnl_mutex){+.+.}-{4:4}:
lock_acquire+0xf7/0x2c0
__mutex_lock+0x16b/0x1fc0
lowpan_register_netdev+0x11/0x30
chan_ready_cb+0x836/0xd00
l2cap_recv_frame+0x6a06/0x8920
l2cap_recv_acldata+0x790/0xdf0
hci_rx_work+0x500/0xd00
process_scheduled_works+0xb16/0x1ac0
worker_thread+0x4ff/0xba0
kthread+0x368/0x490
ret_from_fork+0x498/0x7e0
ret_from_fork_asm+0x19/0x30
-> #3 (&chan->lock#3/1){+.+.}-{4:4}:
lock_acquire+0xf7/0x2c0
__mutex_lock+0x16b/0x1fc0
l2cap_chan_connect+0x74e/0x1980
lowpan_control_write+0x523/0x660
full_proxy_write+0x10b/0x190
vfs_write+0x1c0/0xf60
ksys_write+0xf1/0x1d0
do_syscall_64+0xa0/0x570
entry_SYSCALL_64_after_hwframe+0x74/0x7c
-> #2 (&conn->lock){+.+.}-{4:4}:
...
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
https://github.com/bluez/bluetooth-next/pull/72
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready
2026-04-12 18:47 [PATCH] Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready Pauli Virtanen
2026-04-12 19:34 ` bluez.test.bot
@ 2026-04-13 18:20 ` patchwork-bot+bluetooth
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+bluetooth @ 2026-04-13 18:20 UTC (permalink / raw)
To: Pauli Virtanen; +Cc: linux-bluetooth
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Sun, 12 Apr 2026 21:47:42 +0300 you wrote:
> sco_conn_ready calls sleeping functions under conn->lock spinlock.
>
> The critical section can be reduced: conn->hcon is modified only with
> hdev->lock held. It is guaranteed to be held in sco_conn_ready, so
> conn->lock is not needed to guard it.
>
> Move taking conn->lock after lock_sock(parent). This also follows the
> lock ordering lock_sock() > conn->lock elsewhere in the file.
>
> [...]
Here is the summary with links:
- Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready
https://git.kernel.org/bluetooth/bluetooth-next/c/d87bd74aeb54
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-13 18:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-12 18:47 [PATCH] Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready Pauli Virtanen
2026-04-12 19:34 ` bluez.test.bot
2026-04-13 18:20 ` [PATCH] " patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox