RE: [PATCH] Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading
From: Bough Chen
Date: Mon May 27 2024 - 03:16:07 EST
> -----Original Message-----
> From: Luke Wang <ziniu.wang_1@xxxxxxx>
> Sent: 2024年5月17日 19:16
> To: marcel@xxxxxxxxxxxx; luiz.dentz@xxxxxxxxx
> Cc: linux-bluetooth@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Amitkumar
> Karwar <amitkumar.karwar@xxxxxxx>; Rohit Fule <rohit.fule@xxxxxxx>;
> Neeraj Sanjay Kale <neeraj.sanjaykale@xxxxxxx>; Sherry Sun
> <sherry.sun@xxxxxxx>; Bough Chen <haibo.chen@xxxxxxx>; Jun Li
> <jun.li@xxxxxxx>; Guillaume Legoupil <guillaume.legoupil@xxxxxxx>; Salim
> Chebbo <salim.chebbo@xxxxxxx>; imx@xxxxxxxxxxxxxxx
> Subject: [PATCH] Bluetooth: btnxpuart: Shutdown timer and prevent rearming
> when driver unloading
>
> From: Luke Wang <ziniu.wang_1@xxxxxxx>
>
> When unload the btnxpuart driver, its associated timer will be deleted.
> If the timer happens to be modified at this moment, it leads to the kernel call
> this timer even after the driver unloaded, resulting in kernel panic.
> Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.
>
> panic log:
> Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP
> Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O)
> crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card
> snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg
> snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils
> ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last
> unloaded: btnxpuart]
> CPU: 5 PID: 723 Comm: memtester Tainted: G O
> 6.6.23-lts-next-06207-g4aef2658ac28 #1
> Hardware name: NXP i.MX95 19X19 board (DT)
> pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : 0xffff80007a2cf464
> lr : call_timer_fn.isra.0+0x24/0x80
> ...
> Call trace:
> 0xffff80007a2cf464
> __run_timers+0x234/0x280
> run_timer_softirq+0x20/0x40
> __do_softirq+0x100/0x26c
> ____do_softirq+0x10/0x1c
> call_on_irq_stack+0x24/0x4c
> do_softirq_own_stack+0x1c/0x2c
> irq_exit_rcu+0xc0/0xdc
> el0_interrupt+0x54/0xd8
> __el0_irq_handler_common+0x18/0x24
> el0t_64_irq_handler+0x10/0x1c
> el0t_64_irq+0x190/0x194
> Code: ???????? ???????? ???????? ???????? (????????)
> ---[ end trace 0000000000000000 ]---
> Kernel panic - not syncing: Oops: Fatal exception in interrupt
> SMP: stopping secondary CPUs
> Kernel Offset: disabled
> CPU features: 0x0,c0000000,40028143,1000721b
> Memory Limit: none
> ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Hi all,
This patch is already accepted, but I notice it lack fix tag, can anyone help add the following fix tag?
Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets")
Cc: stable@xxxxxxxxxxxxxxx
This patch should also put into stable tree. I add the stable tree mail list here.
Best Regards
Haibo Chen
>
> Signed-off-by: Luke Wang <ziniu.wang_1@xxxxxxx>
> ---
> drivers/bluetooth/btnxpuart.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index
> 7f88b6f52f26..77f974a5251b 100644
> --- a/drivers/bluetooth/btnxpuart.c
> +++ b/drivers/bluetooth/btnxpuart.c
> @@ -328,7 +328,7 @@ static void ps_cancel_timer(struct btnxpuart_dev
> *nxpdev)
> struct ps_data *psdata = &nxpdev->psdata;
>
> flush_work(&psdata->work);
> - del_timer_sync(&psdata->ps_timer);
> + timer_shutdown_sync(&psdata->ps_timer);
> }
>
> static void ps_control(struct hci_dev *hdev, u8 ps_state)
> --
> 2.34.1