From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthias Kaehlcke <mka@chromium.org>
Subject: Re: [PATCH] Bluetooth: Fix locking in bt_accept_enqueue() for BH
 context
Date: Mon, 12 Nov 2018 13:40:03 -0800
Message-ID: <20181112214003.GE22824@google.com>
References: <20181015223910.197729-1-mka@chromium.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Cc: linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
        Balakrishna Godavarthi <bgodavar@codeaurora.org>,
        Douglas Anderson <dianders@chromium.org>,
        Dmitry Grinberg <dmitrygr@google.com>
To: Marcel Holtmann <marcel@holtmann.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        "David S . Miller" <davem@davemloft.net>,
        Dean Jenkins <Dean_Jenkins@mentor.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <20181015223910.197729-1-mka@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

On Mon, Oct 15, 2018 at 03:39:10PM -0700, Matthias Kaehlcke wrote:
> With commit e16337622016 ("Bluetooth: Handle bt_accept_enqueue() socket
> atomically") lock_sock[_nested]() is used to acquire the socket lock
> before manipulating the socket. lock_sock[_nested]() may block, which
> is problematic since bt_accept_enqueue() can be called in bottom half
> context (e.g. from rfcomm_connect_ind()).
> 
> The socket API provides bh_lock_sock[_nested]() to acquire the socket
> lock in bottom half context. Check the context in bt_accept_enqueue()
> and use the appropriate locking mechanism for the context.
> 
> Fixes: e16337622016 ("Bluetooth: Handle bt_accept_enqueue() socket atomically")
> Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> ---
> Not sure if this is the correct solution, it's certainly not elegant and
> checkpatch.pl complains that in_atomic() shouldn't be used outside of
> core kernel code. I'm open to other suggestions :)
> 
>  net/bluetooth/af_bluetooth.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
> index deacc52d7ff1..0f0540dbb44a 100644
> --- a/net/bluetooth/af_bluetooth.c
> +++ b/net/bluetooth/af_bluetooth.c
> @@ -159,10 +159,20 @@ void bt_accept_enqueue(struct sock *parent, struct sock *sk)
>  	BT_DBG("parent %p, sk %p", parent, sk);
>  
>  	sock_hold(sk);
> -	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
> +
> +	if (in_atomic())
> +		bh_lock_sock_nested(sk);
> +	else
> +		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
> +
>  	list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q);
>  	bt_sk(sk)->parent = parent;
> -	release_sock(sk);
> +
> +	if (in_atomic())
> +		bh_unlock_sock(sk);
> +	else
> +		release_sock(sk);
> +
>  	parent->sk_ack_backlog++;
>  }
>  EXPORT_SYMBOL(bt_accept_enqueue);

Any comments or ideas for a better solutions?

Thanks

Matthias