[PATCH for-4.14.y 4/5] Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Amit Pundir <amit.pundir@linaro.org>
To: Greg KH <gregkh@linuxfoundation.org>, Stable <stable@vger.kernel.org>
Cc: "Lukas Wunner" <lukas@wunner.de>,
	"Ronald Tschalär" <ronald@innovation.ch>,
	"Rob Herring" <rob.herring@linaro.org>,
	"Sumit Semwal" <sumit.semwal@linaro.org>,
	"Marcel Holtmann" <marcel@holtmann.org>
Subject: [PATCH for-4.14.y 4/5] Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
Date: Tue, 31 Jul 2018 18:32:20 +0530	[thread overview]
Message-ID: <1533042142-8681-4-git-send-email-amit.pundir@linaro.org> (raw)
In-Reply-To: <1533042142-8681-1-git-send-email-amit.pundir@linaro.org>

From: Lukas Wunner <lukas@wunner.de>

commit d73e172816652772114827abaa2dbc053eecbbd7 upstream.

John Stultz reports a boot time crash with the HiKey board (which uses
hci_serdev) occurring in hci_uart_tx_wakeup().  That function is
contained in hci_ldisc.c, but also called from the newer hci_serdev.c.
It acquires the proto_lock in struct hci_uart and it turns out that we
forgot to init the lock in the serdev code path, thus causing the crash.

John bisected the crash to commit 67d2f8781b9f ("Bluetooth: hci_ldisc:
Allow sleeping while proto locks are held"), but the issue was present
before and the commit merely exposed it.  (Perhaps by luck, the crash
did not occur with rwlocks.)

Init the proto_lock in the serdev code path to avoid the oops.

Stack trace for posterity:

Unable to handle kernel read from unreadable memory at 406f127000
[000000406f127000] user address but active_mm is swapper
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Hardware name: HiKey Development Board (DT)
Call trace:
 hci_uart_tx_wakeup+0x38/0x148
 hci_uart_send_frame+0x28/0x38
 hci_send_frame+0x64/0xc0
 hci_cmd_work+0x98/0x110
 process_one_work+0x134/0x330
 worker_thread+0x130/0x468
 kthread+0xf8/0x128
 ret_from_fork+0x10/0x18

Link: https://lkml.org/lkml/2017/11/15/908
Reported-and-tested-by: John Stultz <john.stultz@linaro.org>
Cc: Ronald Tschalär <ronald@innovation.ch>
Cc: Rob Herring <rob.herring@linaro.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
Not applicable for 4.9.y, 4.4.y and 3.18.y

 drivers/bluetooth/hci_serdev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c
index b725ac4f7ff6..52e6d4d1608e 100644
--- a/drivers/bluetooth/hci_serdev.c
+++ b/drivers/bluetooth/hci_serdev.c
@@ -304,6 +304,7 @@ int hci_uart_register_device(struct hci_uart *hu,
 	hci_set_drvdata(hdev, hu);
 
 	INIT_WORK(&hu->write_work, hci_uart_write_work);
+	percpu_init_rwsem(&hu->proto_lock);
 
 	/* Only when vendor specific setup callback is provided, consider
 	 * the manufacturer information valid. This avoids filling in the
-- 
2.7.4

next prev parent reply	other threads:[~2018-07-31 14:42 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-31 13:02 [PATCH for-4.14.y 1/5] mtd: nand: qcom: Add a NULL check for devm_kasprintf() Amit Pundir
2018-07-31 13:02 ` [PATCH for-4.14.y 2/5] phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals Amit Pundir
2018-07-31 13:02 ` [PATCH for-4.14.y 3/5] Bluetooth: hci_ldisc: Allow sleeping while proto locks are held Amit Pundir
2018-07-31 13:02 ` Amit Pundir [this message]
2018-07-31 13:02 ` [PATCH for-4.14.y 5/5] ARM: dts: imx6sx: fix irq for pcie bridge Amit Pundir
2018-08-13 17:20   ` Greg KH
2018-07-31 13:02 ` [PATCH for-4.9.y] IB/ocrdma: fix out of bounds access to local buffer Amit Pundir

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b725ac4f7ff dfblob:52e6d4d1608 )
 OR (
bs:"[PATCH for-4.14.y 4/5] Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1533042142-8681-4-git-send-email-amit.pundir@linaro.org \
    --to=amit.pundir@linaro.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=lukas@wunner.de \
    --cc=marcel@holtmann.org \
    --cc=rob.herring@linaro.org \
    --cc=ronald@innovation.ch \
    --cc=stable@vger.kernel.org \
    --cc=sumit.semwal@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).