[BUG] net: bluetooth: a possible sleep-in-atomic-context bug in disconnect_all_peers()

From: Jia-Ju Bai
Date: Wed Dec 18 2019 - 07:37:26 EST

Next message: Wang Long: "[PATCH] sched/psi: create /proc/pressure and /proc/pressure/{io|memory|cpu} only when psi enabled"
Previous message: Ben Dooks (Codethink): "[PATCH] vfio/mdev: make create attribute static"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The kernel module may sleep while holding a spinlock.
The function call path (from bottom to top) in Linux 4.19 is:

net/bluetooth/l2cap_core.c, 840:
ÂÂÂ mutex_lock in l2cap_get_ident
net/bluetooth/l2cap_core.c, 1402:
ÂÂÂ l2cap_get_ident in l2cap_send_disconn_req
net/bluetooth/l2cap_core.c, 736:
ÂÂÂ l2cap_send_disconn_req in l2cap_chan_close
net/bluetooth/6lowpan.c, 1053:
ÂÂÂ l2cap_chan_close in disconnect_all_peers
net/bluetooth/6lowpan.c, 1051:
ÂÂÂ spin_lock in disconnect_all_peers

mutex_lock() can sleep at runtime.

I am not sure how to properly fix this possible bug, so I only report it.

This bug is found by a static analysis tool STCheck written by myself.

Best wishes,
Jia-Ju Bai

Next message: Wang Long: "[PATCH] sched/psi: create /proc/pressure and /proc/pressure/{io|memory|cpu} only when psi enabled"
Previous message: Ben Dooks (Codethink): "[PATCH] vfio/mdev: make create attribute static"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]