* [PATCH v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing
@ 2022-04-05 14:02 Steven Rostedt
2022-04-15 13:31 ` patchwork-bot+bluetooth
0 siblings, 1 reply; 2+ messages in thread
From: Steven Rostedt @ 2022-04-05 14:02 UTC (permalink / raw)
To: LKML
Cc: Marcel Holtmann, Johan Hedberg, Luiz Augusto von Dentz,
Ben Young Tae Kim, Thomas Gleixner, Eric Dumazet, linux-bluetooth
From: Steven Rostedt <rostedt@goodmis.org>
While looking at a crash report on a timer list being corrupted, which
usually happens when a timer is freed while still active. This is
commonly triggered by code calling del_timer() instead of
del_timer_sync() just before freeing.
One possible culprit is the hci_qca driver, which does exactly that.
Eric mentioned that wake_retrans_timer could be rearmed via the work
queue, so also move the destruction of the work queue before
del_timer_sync().
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@vger.kernel.org
Fixes: 0ff252c1976da ("Bluetooth: hciuart: Add support QCA chipset for UART")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
Changes since v1: https://lkml.kernel.org/r/20220404182236.1caa174e@rorschach.local.home
- Moved destroy_workqueue() before del_timer_sync() calls (Eric Dumazet).
drivers/bluetooth/hci_qca.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index f6e91fb432a3..eab34e24d944 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -696,9 +696,9 @@ static int qca_close(struct hci_uart *hu)
skb_queue_purge(&qca->tx_wait_q);
skb_queue_purge(&qca->txq);
skb_queue_purge(&qca->rx_memdump_q);
- del_timer(&qca->tx_idle_timer);
- del_timer(&qca->wake_retrans_timer);
destroy_workqueue(qca->workqueue);
+ del_timer_sync(&qca->tx_idle_timer);
+ del_timer_sync(&qca->wake_retrans_timer);
qca->hu = NULL;
kfree_skb(qca->rx_skb);
--
2.35.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing
2022-04-05 14:02 [PATCH v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing Steven Rostedt
@ 2022-04-15 13:31 ` patchwork-bot+bluetooth
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+bluetooth @ 2022-04-15 13:31 UTC (permalink / raw)
To: Steven Rostedt
Cc: linux-kernel, marcel, johan.hedberg, luiz.dentz, ytkim, tglx,
eric.dumazet, linux-bluetooth
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Marcel Holtmann <marcel@holtmann.org>:
On Tue, 5 Apr 2022 10:02:00 -0400 you wrote:
> From: Steven Rostedt <rostedt@goodmis.org>
>
> While looking at a crash report on a timer list being corrupted, which
> usually happens when a timer is freed while still active. This is
> commonly triggered by code calling del_timer() instead of
> del_timer_sync() just before freeing.
>
> [...]
Here is the summary with links:
- [v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing
https://git.kernel.org/bluetooth/bluetooth-next/c/373ae6de4361
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-15 13:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-05 14:02 [PATCH v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing Steven Rostedt
2022-04-15 13:31 ` patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox