diff mbox series

[v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing

Message ID 20220405100200.64f56e50@gandalf.local.home (mailing list archive)
State Accepted
Commit 373ae6de43614d4c00ff7ded839cf1b36ed5abca
Headers show
Series [v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing | expand

Checks

Context Check Description
tedd_an/pre-ci_am fail error: patch failed: drivers/bluetooth/hci_qca.c:696 error: drivers/bluetooth/hci_qca.c: patch does not apply hint: Use 'git am --show-current-patch' to see the failed patch

Commit Message

Steven Rostedt April 5, 2022, 2:02 p.m. UTC 
From: Steven Rostedt <rostedt@goodmis.org>

While looking at a crash report on a timer list being corrupted, which
usually happens when a timer is freed while still active. This is
commonly triggered by code calling del_timer() instead of
del_timer_sync() just before freeing.

One possible culprit is the hci_qca driver, which does exactly that.

Eric mentioned that wake_retrans_timer could be rearmed via the work
queue, so also move the destruction of the work queue before
del_timer_sync().

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@vger.kernel.org
Fixes: 0ff252c1976da ("Bluetooth: hciuart: Add support QCA chipset for UART")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
Changes since v1: https://lkml.kernel.org/r/20220404182236.1caa174e@rorschach.local.home
 - Moved destroy_workqueue() before del_timer_sync() calls (Eric Dumazet).

 drivers/bluetooth/hci_qca.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

bluez.test.bot@gmail.com April 6, 2022, 2:18 a.m. UTC | #1 
This is an automated email and please do not reply to this email.

Dear Submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.

----- Output -----
error: patch failed: drivers/bluetooth/hci_qca.c:696
error: drivers/bluetooth/hci_qca.c: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch


Please resolve the issue and submit the patches again.


---
Regards,
Linux Bluetooth
patchwork-bot+bluetooth@kernel.org April 15, 2022, 1:31 p.m. UTC | #2 
Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Marcel Holtmann <marcel@holtmann.org>:

On Tue, 5 Apr 2022 10:02:00 -0400 you wrote:
> From: Steven Rostedt <rostedt@goodmis.org>
> 
> While looking at a crash report on a timer list being corrupted, which
> usually happens when a timer is freed while still active. This is
> commonly triggered by code calling del_timer() instead of
> del_timer_sync() just before freeing.
> 
> [...]

Here is the summary with links:
  - [v2] Bluetooth: hci_qca: Use del_timer_sync() before freeing
    https://git.kernel.org/bluetooth/bluetooth-next/c/373ae6de4361

You are awesome, thank you!
diff mbox series

Patch

diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index f6e91fb432a3..eab34e24d944 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -696,9 +696,9 @@  static int qca_close(struct hci_uart *hu)
 	skb_queue_purge(&qca->tx_wait_q);
 	skb_queue_purge(&qca->txq);
 	skb_queue_purge(&qca->rx_memdump_q);
-	del_timer(&qca->tx_idle_timer);
-	del_timer(&qca->wake_retrans_timer);
 	destroy_workqueue(qca->workqueue);
+	del_timer_sync(&qca->tx_idle_timer);
+	del_timer_sync(&qca->wake_retrans_timer);
 	qca->hu = NULL;
 
 	kfree_skb(qca->rx_skb);