hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/net
History
Octavian Purdila 66f0129696 Bluetooth: Fix RFCOMM session reference counting issue 
There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:

[  685.010159] BUG: unable to handle kernel paging request at 6b6b6b6b
[  685.010169] IP: [<c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[  685.010181] *pdpt = 000000002d665001 *pde = 0000000000000000
[  685.010191] Oops: 0000 [#1] PREEMPT SMP
[  685.010247]
[  685.010255] Pid: 947, comm: krfcommd Tainted: G         C  3.0.16-mid8-dirty #44
[  685.010266] EIP: 0060:[<c149d76d>] EFLAGS: 00010246 CPU: 1
[  685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[  685.010281] EAX: e79f551c EBX: 6b6b6b6b ECX: 00000007 EDX: e79f40b4
[  685.010288] ESI: e79f4060 EDI: ed4e1f70 EBP: ed4e1f68 ESP: ed4e1f50
[  685.010295]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  685.010303] Process krfcommd (pid: 947, ti=ed4e0000 task=ed43e5e0 task.ti=ed4e0000)
[  685.010308] Stack:
[  685.010312]  ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[  685.010331]  00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[  685.010348]  00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[  685.010367] Call Trace:
[  685.010376]  [<c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[  685.010387]  [<c149ec10>] rfcomm_process_sessions+0xb7/0xde
[  685.010398]  [<c149ec87>] rfcomm_run+0x50/0x6d
[  685.010409]  [<c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[  685.010419]  [<c104fe01>] kthread+0x63/0x68
[  685.010431]  [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[  685.010442]  [<c14dae82>] kernel_thread_helper+0x6/0xd

This issue has been brought up earlier here:

https://lkml.org/lkml/2011/5/21/127

The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.

There have been several attempts to fix these issue:

6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it

but AFAICS they do not fix the issue just make it harder to reproduce.

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
 		2012-02-13 17:01:31 +02:00
..
9p virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf 2012-01-12 15:44:42 +10:30
802 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
8021q vlan: static functions 2011-12-14 02:39:30 -05:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm net: Rename dst_get_neighbour{, _raw} to dst_get_neighbour_noref{, _raw}. 2011-12-05 15:20:19 -05:00
ax25 ax25: avoid overflows in ax25_setsockopt() 2011-12-28 14:08:08 -05:00
batman-adv batman-adv: Fix merge error. 2011-12-16 15:07:28 -05:00
bluetooth Bluetooth: Fix RFCOMM session reference counting issue 2012-02-13 17:01:31 +02:00
bridge bridge: BH already disabled in br_fdb_cleanup() 2012-01-17 10:17:32 -05:00
caif caif: Remove bad WARN_ON in caif_dev 2012-01-17 10:46:55 -05:00
can can: remove references to berlios mailinglist 2011-10-17 19:22:46 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2011-12-13 14:59:42 -08:00
core net: fix NULL-deref in WARN() in skb_gso_segment() 2012-01-17 15:51:23 -05:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp inet_diag: Rename inet_diag_req into inet_diag_req_v2 2012-01-11 12:56:06 -08:00
decnet net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa dsa: Move switch drivers to new directory drivers/net/dsa 2011-11-29 00:21:36 -05:00
econet net: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:09 -05:00
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154 net: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:09 -05:00
ipv4 inetpeer: initialize ->redirect_genid in inet_getpeer() 2012-01-17 15:52:12 -05:00
ipv6 ipv6: fix per device IP snmp counters 2012-01-17 23:56:18 -05:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda irda: use msecs_to_jiffies() rather than manual calculation 2011-12-21 15:46:22 -05:00
iucv af_iucv: get rid of state IUCV_SEVERED 2011-12-20 14:05:03 -05:00
key net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
l2tp l2tp: ensure sk->dst is still valid 2011-11-26 15:57:36 -05:00
lapb wan: make LAPB callbacks const 2011-09-16 19:20:20 -04:00
llc llc: llc_cmsg_rcv was getting called after sk_eat_skb. 2011-12-19 15:58:52 -05:00
mac80211 mac80211: do not call rate control .tx_status before .rate_init 2012-02-08 16:07:31 -05:00
netfilter netfilter: ipset: dumping error triggered removing references twice 2012-01-17 10:52:55 +01:00
netlabel net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
netlink genetlink: add auto module loading 2011-12-28 13:48:55 -05:00
netrom netrom: avoid overflows in nr_setsockopt() 2011-12-28 14:08:08 -05:00
nfc nfc: NULL vs zero in nci_activate_target() 2012-01-27 14:57:04 -05:00
openvswitch openvswitch: Fix multipart datapath dumps. 2012-01-17 23:56:19 -05:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-30 13:04:14 -05:00
phonet net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
rds RDS: Remove some unused iWARP code 2012-01-12 20:05:28 -08:00
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-01-05 10:13:24 -05:00
rose net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rxrpc net: fix assignment of 0/1 to bool variables. 2011-12-19 22:27:29 -05:00
sched net_sched: sfq: add optional RED on top of SFQ 2012-01-12 20:05:28 -08:00
sctp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-01-08 13:21:22 -08:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-01-12 20:30:02 -08:00
tipc tipc: rename struct bearer_name to struct tipc_bearer_names 2011-12-29 21:53:30 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-01-09 14:46:52 -08:00
wanrouter wanrouter: Remove kernel_lock annotations 2011-11-07 13:27:30 -05:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless mac80211: off by one in mcs mask handling 2012-02-06 14:55:41 -05:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
nonet.c
socket.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
sysctl_net.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00