From patchwork Wed Mar 29 06:10:54 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Scott <michael.scott@linaro.org>
X-Patchwork-Id: 9650957
Return-Path: <linux-wpan-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D902D602C8 for <patchwork-linux-wpan@patchwork.kernel.org>;
	Wed, 29 Mar 2017 06:11:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C879F2841A
	for <patchwork-linux-wpan@patchwork.kernel.org>;
	Wed, 29 Mar 2017 06:11:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BD80C28451; Wed, 29 Mar 2017 06:11:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6AC1E2841A
	for <patchwork-linux-wpan@patchwork.kernel.org>;
	Wed, 29 Mar 2017 06:11:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753487AbdC2GLe (ORCPT
	<rfc822;patchwork-linux-wpan@patchwork.kernel.org>);
	Wed, 29 Mar 2017 02:11:34 -0400
Received: from mail-ot0-f171.google.com ([74.125.82.171]:35492 "EHLO
	mail-ot0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753119AbdC2GLb (ORCPT
	<rfc822; linux-wpan@vger.kernel.org>); Wed, 29 Mar 2017 02:11:31 -0400
Received: by mail-ot0-f171.google.com with SMTP id y88so3841859ota.2
	for <linux-wpan@vger.kernel.org>;
	Tue, 28 Mar 2017 23:11:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id;
	bh=yH3jf4M6zlyVEKzem7okIlHL+7+u45jN3Cv5daMq7RU=;
	b=ekVggXmdvN3tSshRrJ1CUNUZhkd5mc5bs/h+maGkpYXLO2nQM73UufPxYxSghPzlcv
	RpogbvLFRqYf213X9vgpCG7Pr6YhBjgp6PzcHCKiB7V0kPZ10OqSxqdHZ/M0CkafGxna
	37hguiDSs9kyvawi+FODVz92lWXyt8U2BCLWc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=yH3jf4M6zlyVEKzem7okIlHL+7+u45jN3Cv5daMq7RU=;
	b=Rc2X2dMEvPYYqY7JW6urT0euhVmYi68kUlF5NwjOIjFDseGQ6rpugdWoVo9m3no2AV
	p8lmoYrjYeeLJlRidQynZj1qhbx25AG2mAlz8tPoeSElPca8unaXwO6PDUXouf+Idgk3
	oBThuXarBvXppwKZbu3P4Hz6cZmkXcOmo8vTlKMtH9z00N2gS4UNct/ndR7dCs0nn+HV
	xyEIDJbCQyoJYGFExKzGrsMV3ZF7bfjgMbtGnzvt3Hu8W9YHEfN9c9a8QyMsa2QgQtWS
	+b8WjqnWHPztwL3tysnYQ9metv8SgPNvuuYt7tOee5a26pfSObNC5XQm74YGbsKgf/Pn
	azxw==
X-Gm-Message-State: 
 AFeK/H2uny9a7vbFxnpBW2fxxSoMuM4b1HdqlXk8cYVwVfO3GG7p5FZpc/geRNrtn7irFzcf
X-Received: by 10.157.24.65 with SMTP id t1mr19313928ott.188.1490767871025;
	Tue, 28 Mar 2017 23:11:11 -0700 (PDT)
Received: from localhost.localdomain
	(107-198-5-8.lightspeed.irvnca.sbcglobal.net. [107.198.5.8])
	by smtp.googlemail.com with ESMTPSA id
	c62sm2898766otb.48.2017.03.28.23.11.09
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 28 Mar 2017 23:11:10 -0700 (PDT)
From: Michael Scott <michael.scott@linaro.org>
To: Marcel Holtmann <marcel@holtmann.org>,
	Gustavo Padovan <gustavo@padovan.org>,
	Johan Hedberg <johan.hedberg@gmail.com>
Cc: "David S . Miller" <davem@davemloft.net>,
	Jukka Rissanen <jukka.rissanen@linux.intel.com>,
	linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	Michael Scott <michael.scott@linaro.org>
Subject: [PATCH] bluetooth: 6lowpan: fix delay work init in add_peer_chan()
Date: Tue, 28 Mar 2017 23:10:54 -0700
Message-Id: <20170329061054.4300-1-michael.scott@linaro.org>
X-Mailer: git-send-email 2.11.0
Sender: linux-wpan-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wpan.vger.kernel.org>
X-Mailing-List: linux-wpan@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When adding 6lowpan devices very rapidly we sometimes see a crash:
[23122.306615] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.9.0-43-arm64 #1 Debian 4.9.9.linaro.43-1
[23122.315400] Hardware name: HiKey Development Board (DT)
[23122.320623] task: ffff800075443080 task.stack: ffff800075484000
[23122.326551] PC is at expire_timers+0x70/0x150
[23122.330907] LR is at run_timer_softirq+0xa0/0x1a0
[23122.335616] pc : [<ffff000008142dd8>] lr : [<ffff000008142f58>] pstate: 600001c5

This was due to add_peer_chan() unconditionally initializing the
lowpan_btle_dev->notify_peers delayed work structure, even if the
lowpan_btle_dev passed into add_peer_chan() had previously been
initialized.

Normally, this would go unnoticed as the delayed work timer is set for
100 msec, however when calling add_peer_chan() faster than 100 msec it
clears out a previously queued delay work causing the crash above.

To fix this, let add_peer_chan() know when a new lowpan_btle_dev is passed
in so that it only performs the delay work initialization when needed.

Signed-off-by: Michael Scott <michael.scott@linaro.org>
Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
---
 net/bluetooth/6lowpan.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
index e27be3ca0a0c..c282482edc2c 100644
--- a/net/bluetooth/6lowpan.c
+++ b/net/bluetooth/6lowpan.c
@@ -754,7 +754,8 @@ static void set_ip_addr_bits(u8 addr_type, u8 *addr)
 }
 
 static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
-					struct lowpan_btle_dev *dev)
+					struct lowpan_btle_dev *dev,
+					bool new_netdev)
 {
 	struct lowpan_peer *peer;
 
@@ -785,7 +786,8 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
 	spin_unlock(&devices_lock);
 
 	/* Notifying peers about us needs to be done without locks held */
-	INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers);
+	if (new_netdev)
+		INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers);
 	schedule_delayed_work(&dev->notify_peers, msecs_to_jiffies(100));
 
 	return peer->chan;
@@ -842,6 +844,7 @@ static int setup_netdev(struct l2cap_chan *chan, struct lowpan_btle_dev **dev)
 static inline void chan_ready_cb(struct l2cap_chan *chan)
 {
 	struct lowpan_btle_dev *dev;
+	bool new_netdev = false;
 
 	dev = lookup_dev(chan->conn);
 
@@ -852,12 +855,13 @@ static inline void chan_ready_cb(struct l2cap_chan *chan)
 			l2cap_chan_del(chan, -ENOENT);
 			return;
 		}
+		new_netdev = true;
 	}
 
 	if (!try_module_get(THIS_MODULE))
 		return;
 
-	add_peer_chan(chan, dev);
+	add_peer_chan(chan, dev, new_netdev);
 	ifup(dev->netdev);
 }