Re: Bluetooth is very ill in -next
From: Dave Young
Date: Sat Oct 10 2009 - 09:44:35 EST
On Sat, Oct 10, 2009 at 9:35 PM, Dave Young <hidave.darkstar@xxxxxxxxx> wrote:
> On Sat, Oct 10, 2009 at 12:40:24PM +0200, Marcel Holtmann wrote:
>> Hi Dave,
>>
>> > > Doing "sdptool search DUN" reliably crashes the kernel when using a USB
>> > > bluetooth dongle
>> > >
>> > > Language Base Attr List:
>> > > Â code_ISO639: 0x656e
>> > > Â encoding: Â Â0x6a
>> > > Â base_offset: 0x100
>> > > Profile Descriptor List:
>> > > Â "Dialup Networking" (0x1103)
>> > > Â Â Version: 0x0100
>> > >
>> > >
>> > > is as far as it gets
>> > >
>> > > It then explodes
>> > >
>> > > _spin_lock_irqsave
>> > > ?skb_dequeue
>> > > skb_dequeue
>> > > skb_queue_purge
>> > > l2cap_recv_frame
>> > > ?__lock_acquire
>> > > ?__usb_hcd_submit_urb
>> > > ?__lock_acquire
>> > > l2cap_recv_acldata
>> > > hci_rx_task
>> > > ?l2cap_recv_acldata
>> > > tasklet_action
>> > >
>> > > reliably.
>> > >
>> >
>> > Marcel, please take a look at following patch, same as previous
>> > dev_set_name problem.
>> >
>> > ---
>> > Due to driver core changes dev_set_drvdata will call kzalloc which should be
>> > in might_sleep context, but hci_conn_add will be called in atomic context
>> >
>> > Like dev_set_name just put all other device callbacks to work queue function.
>> >
>> > oops as following:
>> >
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001341] BUG: sleeping function called from invalid context at mm/slqb.c:1546
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001345] in_atomic(): 1, irqs_disabled(): 0, pid: 2133, name: sdptool
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001348] 2 locks held by sdptool/2133:
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001350] Â#0: Â(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.+.}, at: [<faa1d2f5>] lock_sock+0xa/0xc [l2cap]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001360] Â#1: Â(&hdev->lock){+.-.+.}, at: [<faa20e16>] l2cap_sock_connect+0x103/0x26b [l2cap]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001371] Pid: 2133, comm: sdptool Not tainted 2.6.31-mm1 #2
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001373] Call Trace:
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001381] Â[<c022433f>] __might_sleep+0xde/0xe5
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001386] Â[<c0298843>] __kmalloc+0x4a/0x15a
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001392] Â[<c03f0065>] ? kzalloc+0xb/0xd
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001396] Â[<c03f0065>] kzalloc+0xb/0xd
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001400] Â[<c03f04ff>] device_private_init+0x15/0x3d
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001405] Â[<c03f24c5>] dev_set_drvdata+0x18/0x26
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001414] Â[<fa51fff7>] hci_conn_init_sysfs+0x40/0xd9 [bluetooth]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001422] Â[<fa51cdc0>] ? hci_conn_add+0x128/0x186 [bluetooth]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001429] Â[<fa51ce0f>] hci_conn_add+0x177/0x186 [bluetooth]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001437] Â[<fa51cf8a>] hci_connect+0x3c/0xfb [bluetooth]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001442] Â[<faa20e87>] l2cap_sock_connect+0x174/0x26b [l2cap]
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001448] Â[<c04c8df5>] sys_connect+0x60/0x7a
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001453] Â[<c024b703>] ? lock_release_non_nested+0x84/0x1de
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001458] Â[<c028804b>] ? might_fault+0x47/0x81
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001462] Â[<c028804b>] ? might_fault+0x47/0x81
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001468] Â[<c033361f>] ? __copy_from_user_ll+0x11/0xce
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001472] Â[<c04c9419>] sys_socketcall+0x82/0x17b
>> > Oct Â2 17:41:59 darkstar kernel: [ Â438.001477] Â[<c020329d>] syscall_call+0x7/0xb
>> >
>> > Signed-off-by: Dave Young <hidave.darkstar@xxxxxxxxx>
>> > ---
>> > net/bluetooth/hci_sysfs.c | Â 18 ++++++++----------
>> > 1 file changed, 8 insertions(+), 10 deletions(-)
>> >
>> > --- linux-2.6.31.orig/net/bluetooth/hci_sysfs.c   2009-10-02 18:04:14.000000000 +0800
>> > +++ linux-2.6.31/net/bluetooth/hci_sysfs.c Â2009-10-02 18:05:22.000000000 +0800
>> > @@ -90,6 +90,14 @@ static void add_conn(struct work_struct
>> > Â Â struct hci_conn *conn = container_of(work, struct hci_conn, work_add);
>> > Â Â struct hci_dev *hdev = conn->hdev;
>> >
>> > + Â conn->dev.type = &bt_link;
>> > + Â conn->dev.class = bt_class;
>> > + Â conn->dev.parent = &hdev->dev;
>> > +
>> > + Â dev_set_drvdata(&conn->dev, conn);
>> > +
>> > + Â device_initialize(&conn->dev);
>> > +
>> > Â Â dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle);
>> >
>> > Â Â if (device_add(&conn->dev) < 0) {
>> > @@ -136,18 +144,8 @@ static void del_conn(struct work_struct
>> >
>> > Âvoid hci_conn_init_sysfs(struct hci_conn *conn)
>> > Â{
>> > - Â struct hci_dev *hdev = conn->hdev;
>> > -
>> > Â Â BT_DBG("conn %p", conn);
>> >
>> > - Â conn->dev.type = &bt_link;
>> > - Â conn->dev.class = bt_class;
>> > - Â conn->dev.parent = &hdev->dev;
>> > -
>> > - Â dev_set_drvdata(&conn->dev, conn);
>> > -
>> > - Â device_initialize(&conn->dev);
>> > -
>> > Â Â INIT_WORK(&conn->work_add, add_conn);
>> > Â Â INIT_WORK(&conn->work_del, del_conn);
>> > Â}
>> >
>>
>> I prefer if we only move dev_set_drvdata into the work queue and
>> actually do initialize the struct device here. I have tested this a bit
>> during this week and have not seen any problems. Would this work, too.
>>
>> Regards
>>
>> Marcel
>>
>>
>
> Hi, marcel
>
> Fine, both are ok for me, here is the updated version.
>
> Add oliver to cc-list. Would you mind test one more time?
Sorry, press 'y' in mutt in a hurry without adding.
>
> ---
> Due to driver core changes dev_set_drvdata will call kzalloc which should be
> in might_sleep context, but hci_conn_add will be called in atomic context
>
> Like dev_set_name move dev_set_drvdata to work queue function.
>
> oops as following:
>
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001341] BUG: sleeping function called from invalid context at mm/slqb.c:1546
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001345] in_atomic(): 1, irqs_disabled(): 0, pid: 2133, name: sdptool
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001348] 2 locks held by sdptool/2133:
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001350] Â#0: Â(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.+.}, at: [<faa1d2f5>] lock_sock+0xa/0xc [l2cap]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001360] Â#1: Â(&hdev->lock){+.-.+.}, at: [<faa20e16>] l2cap_sock_connect+0x103/0x26b [l2cap]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001371] Pid: 2133, comm: sdptool Not tainted 2.6.31-mm1 #2
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001373] Call Trace:
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001381] Â[<c022433f>] __might_sleep+0xde/0xe5
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001386] Â[<c0298843>] __kmalloc+0x4a/0x15a
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001392] Â[<c03f0065>] ? kzalloc+0xb/0xd
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001396] Â[<c03f0065>] kzalloc+0xb/0xd
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001400] Â[<c03f04ff>] device_private_init+0x15/0x3d
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001405] Â[<c03f24c5>] dev_set_drvdata+0x18/0x26
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001414] Â[<fa51fff7>] hci_conn_init_sysfs+0x40/0xd9 [bluetooth]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001422] Â[<fa51cdc0>] ? hci_conn_add+0x128/0x186 [bluetooth]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001429] Â[<fa51ce0f>] hci_conn_add+0x177/0x186 [bluetooth]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001437] Â[<fa51cf8a>] hci_connect+0x3c/0xfb [bluetooth]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001442] Â[<faa20e87>] l2cap_sock_connect+0x174/0x26b [l2cap]
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001448] Â[<c04c8df5>] sys_connect+0x60/0x7a
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001453] Â[<c024b703>] ? lock_release_non_nested+0x84/0x1de
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001458] Â[<c028804b>] ? might_fault+0x47/0x81
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001462] Â[<c028804b>] ? might_fault+0x47/0x81
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001468] Â[<c033361f>] ? __copy_from_user_ll+0x11/0xce
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001472] Â[<c04c9419>] sys_socketcall+0x82/0x17b
> Oct Â2 17:41:59 darkstar kernel: [ Â438.001477] Â[<c020329d>] syscall_call+0x7/0xb
>
> Signed-off-by: Dave Young <hidave.darkstar@xxxxxxxxx>
> ---
> net/bluetooth/hci_sysfs.c | Â Â4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> --- linux-2.6.31.orig/net/bluetooth/hci_sysfs.c 2009-10-09 20:50:43.000000000 +0800
> +++ linux-2.6.31/net/bluetooth/hci_sysfs.c   Â2009-10-10 21:24:56.000000000 +0800
> @@ -92,6 +92,8 @@ static void add_conn(struct work_struct
>
> Â Â Â Âdev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle);
>
> + Â Â Â dev_set_drvdata(&conn->dev, conn);
> +
> Â Â Â Âif (device_add(&conn->dev) < 0) {
> Â Â Â Â Â Â Â ÂBT_ERR("Failed to register connection device");
> Â Â Â Â Â Â Â Âreturn;
> @@ -144,8 +146,6 @@ void hci_conn_init_sysfs(struct hci_conn
> Â Â Â Âconn->dev.class = bt_class;
> Â Â Â Âconn->dev.parent = &hdev->dev;
>
> - Â Â Â dev_set_drvdata(&conn->dev, conn);
> -
> Â Â Â Âdevice_initialize(&conn->dev);
>
> Â Â Â ÂINIT_WORK(&conn->work_add, add_conn);
>
--
Regards
dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/