[Bluetooth] Fix deadlock in the L2CAP layer
The Bluetooth L2CAP layer has 2 locks that are used in softirq context, (one spinlock and one rwlock, where the softirq usage is readlock) but where not all usages of the lock were _bh safe. The patch below corrects this. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
parent
0263603a01
commit
fd1278d720
@ -185,7 +185,7 @@ static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
|
|||||||
{
|
{
|
||||||
struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
|
struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
|
||||||
|
|
||||||
write_lock(&l->lock);
|
write_lock_bh(&l->lock);
|
||||||
if (sk == l->head)
|
if (sk == l->head)
|
||||||
l->head = next;
|
l->head = next;
|
||||||
|
|
||||||
@ -193,7 +193,7 @@ static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
|
|||||||
l2cap_pi(next)->prev_c = prev;
|
l2cap_pi(next)->prev_c = prev;
|
||||||
if (prev)
|
if (prev)
|
||||||
l2cap_pi(prev)->next_c = next;
|
l2cap_pi(prev)->next_c = next;
|
||||||
write_unlock(&l->lock);
|
write_unlock_bh(&l->lock);
|
||||||
|
|
||||||
__sock_put(sk);
|
__sock_put(sk);
|
||||||
}
|
}
|
||||||
@ -313,9 +313,9 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
|
|||||||
static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
|
static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
|
||||||
{
|
{
|
||||||
struct l2cap_chan_list *l = &conn->chan_list;
|
struct l2cap_chan_list *l = &conn->chan_list;
|
||||||
write_lock(&l->lock);
|
write_lock_bh(&l->lock);
|
||||||
__l2cap_chan_add(conn, sk, parent);
|
__l2cap_chan_add(conn, sk, parent);
|
||||||
write_unlock(&l->lock);
|
write_unlock_bh(&l->lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
|
static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
|
||||||
@ -328,14 +328,14 @@ static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
|
|||||||
* 200 - 254 are used by utilities like l2ping, etc.
|
* 200 - 254 are used by utilities like l2ping, etc.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
spin_lock(&conn->lock);
|
spin_lock_bh(&conn->lock);
|
||||||
|
|
||||||
if (++conn->tx_ident > 128)
|
if (++conn->tx_ident > 128)
|
||||||
conn->tx_ident = 1;
|
conn->tx_ident = 1;
|
||||||
|
|
||||||
id = conn->tx_ident;
|
id = conn->tx_ident;
|
||||||
|
|
||||||
spin_unlock(&conn->lock);
|
spin_unlock_bh(&conn->lock);
|
||||||
|
|
||||||
return id;
|
return id;
|
||||||
}
|
}
|
||||||
@ -1416,11 +1416,11 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
|
|||||||
if (!sk)
|
if (!sk)
|
||||||
goto response;
|
goto response;
|
||||||
|
|
||||||
write_lock(&list->lock);
|
write_lock_bh(&list->lock);
|
||||||
|
|
||||||
/* Check if we already have channel with that dcid */
|
/* Check if we already have channel with that dcid */
|
||||||
if (__l2cap_get_chan_by_dcid(list, scid)) {
|
if (__l2cap_get_chan_by_dcid(list, scid)) {
|
||||||
write_unlock(&list->lock);
|
write_unlock_bh(&list->lock);
|
||||||
sock_set_flag(sk, SOCK_ZAPPED);
|
sock_set_flag(sk, SOCK_ZAPPED);
|
||||||
l2cap_sock_kill(sk);
|
l2cap_sock_kill(sk);
|
||||||
goto response;
|
goto response;
|
||||||
@ -1458,7 +1458,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
|
|||||||
result = status = 0;
|
result = status = 0;
|
||||||
|
|
||||||
done:
|
done:
|
||||||
write_unlock(&list->lock);
|
write_unlock_bh(&list->lock);
|
||||||
|
|
||||||
response:
|
response:
|
||||||
bh_unlock_sock(parent);
|
bh_unlock_sock(parent);
|
||||||
|
Loading…
Reference in New Issue
Block a user