diff mbox series

Bluetooth: Fix crash when replugging CSR fake controllers

Message ID 20221129205413.1537851-1-luiz.dentz@gmail.com
State New
Headers show
Series Bluetooth: Fix crash when replugging CSR fake controllers | expand

Commit Message

Luiz Augusto von Dentz Nov. 29, 2022, 8:54 p.m. UTC
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

It seems fake CSR 5.0 clones can cause the suspend notifier to be
registered twice causing the following kernel panic:

[   71.986122] Call Trace:
[   71.986124]  <TASK>
[   71.986125]  blocking_notifier_chain_register+0x33/0x60
[   71.986130]  hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da]
[   71.986154]  btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477]
[   71.986159]  ? __pm_runtime_set_status+0x1a9/0x300
[   71.986162]  ? ktime_get_mono_fast_ns+0x3e/0x90
[   71.986167]  usb_probe_interface+0xe3/0x2b0
[   71.986171]  really_probe+0xdb/0x380
[   71.986174]  ? pm_runtime_barrier+0x54/0x90
[   71.986177]  __driver_probe_device+0x78/0x170
[   71.986180]  driver_probe_device+0x1f/0x90
[   71.986183]  __device_attach_driver+0x89/0x110
[   71.986186]  ? driver_allows_async_probing+0x70/0x70
[   71.986189]  bus_for_each_drv+0x8c/0xe0
[   71.986192]  __device_attach+0xb2/0x1e0
[   71.986195]  bus_probe_device+0x92/0xb0
[   71.986198]  device_add+0x422/0x9a0
[   71.986201]  ? sysfs_merge_group+0xd4/0x110
[   71.986205]  usb_set_configuration+0x57a/0x820
[   71.986208]  usb_generic_driver_probe+0x4f/0x70
[   71.986211]  usb_probe_device+0x3a/0x110
[   71.986213]  really_probe+0xdb/0x380
[   71.986216]  ? pm_runtime_barrier+0x54/0x90
[   71.986219]  __driver_probe_device+0x78/0x170
[   71.986221]  driver_probe_device+0x1f/0x90
[   71.986224]  __device_attach_driver+0x89/0x110
[   71.986227]  ? driver_allows_async_probing+0x70/0x70
[   71.986230]  bus_for_each_drv+0x8c/0xe0
[   71.986232]  __device_attach+0xb2/0x1e0
[   71.986235]  bus_probe_device+0x92/0xb0
[   71.986237]  device_add+0x422/0x9a0
[   71.986239]  ? _dev_info+0x7d/0x98
[   71.986242]  ? blake2s_update+0x4c/0xc0
[   71.986246]  usb_new_device.cold+0x148/0x36d
[   71.986250]  hub_event+0xa8a/0x1910
[   71.986255]  process_one_work+0x1c4/0x380
[   71.986259]  worker_thread+0x51/0x390
[   71.986262]  ? rescuer_thread+0x3b0/0x3b0
[   71.986264]  kthread+0xdb/0x110
[   71.986266]  ? kthread_complete_and_exit+0x20/0x20
[   71.986268]  ret_from_fork+0x1f/0x30
[   71.986273]  </TASK>
[   71.986274] ---[ end trace 0000000000000000 ]---
[   71.986284] btusb: probe of 2-1.6:1.0 failed with error -17

Link: https://bugzilla.kernel.org/show_bug.cgi?id=216683
Cc: stable@vger.kernel.org
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/hci_core.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

bluez.test.bot@gmail.com Nov. 29, 2022, 9:45 p.m. UTC | #1
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=700236

---Test result---

Test Summary:
CheckPatch                    PASS      0.68 seconds
GitLint                       FAIL      0.58 seconds
SubjectPrefix                 PASS      0.09 seconds
BuildKernel                   PASS      43.46 seconds
BuildKernel32                 PASS      39.22 seconds
TestRunnerSetup               PASS      542.86 seconds
TestRunner_l2cap-tester       PASS      18.75 seconds
TestRunner_iso-tester         PASS      19.38 seconds
TestRunner_bnep-tester        PASS      6.76 seconds
TestRunner_mgmt-tester        PASS      128.18 seconds
TestRunner_rfcomm-tester      PASS      11.48 seconds
TestRunner_sco-tester         PASS      10.40 seconds
TestRunner_ioctl-tester       PASS      12.38 seconds
TestRunner_mesh-tester        PASS      8.84 seconds
TestRunner_smp-tester         PASS      10.18 seconds
TestRunner_userchan-tester    PASS      7.07 seconds
IncrementalBuild              PASS      39.71 seconds

Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
Bluetooth: Fix crash when replugging CSR fake controllers

11: B1 Line exceeds max length (97>80): "[   71.986130]  hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da]"
12: B1 Line exceeds max length (88>80): "[   71.986154]  btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477]"


---
Regards,
Linux Bluetooth
patchwork-bot+bluetooth@kernel.org Dec. 2, 2022, 9:25 p.m. UTC | #2
Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 29 Nov 2022 12:54:13 -0800 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> It seems fake CSR 5.0 clones can cause the suspend notifier to be
> registered twice causing the following kernel panic:
> 
> [   71.986122] Call Trace:
> [   71.986124]  <TASK>
> [   71.986125]  blocking_notifier_chain_register+0x33/0x60
> [   71.986130]  hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da]
> [   71.986154]  btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477]
> [   71.986159]  ? __pm_runtime_set_status+0x1a9/0x300
> [   71.986162]  ? ktime_get_mono_fast_ns+0x3e/0x90
> [   71.986167]  usb_probe_interface+0xe3/0x2b0
> [   71.986171]  really_probe+0xdb/0x380
> [   71.986174]  ? pm_runtime_barrier+0x54/0x90
> [   71.986177]  __driver_probe_device+0x78/0x170
> [   71.986180]  driver_probe_device+0x1f/0x90
> [   71.986183]  __device_attach_driver+0x89/0x110
> [   71.986186]  ? driver_allows_async_probing+0x70/0x70
> [   71.986189]  bus_for_each_drv+0x8c/0xe0
> [   71.986192]  __device_attach+0xb2/0x1e0
> [   71.986195]  bus_probe_device+0x92/0xb0
> [   71.986198]  device_add+0x422/0x9a0
> [   71.986201]  ? sysfs_merge_group+0xd4/0x110
> [   71.986205]  usb_set_configuration+0x57a/0x820
> [   71.986208]  usb_generic_driver_probe+0x4f/0x70
> [   71.986211]  usb_probe_device+0x3a/0x110
> [   71.986213]  really_probe+0xdb/0x380
> [   71.986216]  ? pm_runtime_barrier+0x54/0x90
> [   71.986219]  __driver_probe_device+0x78/0x170
> [   71.986221]  driver_probe_device+0x1f/0x90
> [   71.986224]  __device_attach_driver+0x89/0x110
> [   71.986227]  ? driver_allows_async_probing+0x70/0x70
> [   71.986230]  bus_for_each_drv+0x8c/0xe0
> [   71.986232]  __device_attach+0xb2/0x1e0
> [   71.986235]  bus_probe_device+0x92/0xb0
> [   71.986237]  device_add+0x422/0x9a0
> [   71.986239]  ? _dev_info+0x7d/0x98
> [   71.986242]  ? blake2s_update+0x4c/0xc0
> [   71.986246]  usb_new_device.cold+0x148/0x36d
> [   71.986250]  hub_event+0xa8a/0x1910
> [   71.986255]  process_one_work+0x1c4/0x380
> [   71.986259]  worker_thread+0x51/0x390
> [   71.986262]  ? rescuer_thread+0x3b0/0x3b0
> [   71.986264]  kthread+0xdb/0x110
> [   71.986266]  ? kthread_complete_and_exit+0x20/0x20
> [   71.986268]  ret_from_fork+0x1f/0x30
> [   71.986273]  </TASK>
> [   71.986274] ---[ end trace 0000000000000000 ]---
> [   71.986284] btusb: probe of 2-1.6:1.0 failed with error -17
> 
> [...]

Here is the summary with links:
  - Bluetooth: Fix crash when replugging CSR fake controllers
    https://git.kernel.org/bluetooth/bluetooth-next/c/dbd24be48422

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 9d9fb3dff22a..56f8569ace86 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2764,7 +2764,8 @@  int hci_register_suspend_notifier(struct hci_dev *hdev)
 {
 	int ret = 0;
 
-	if (!test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks)) {
+	if (!hdev->suspend_notifier.notifier_call &&
+	    !test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks)) {
 		hdev->suspend_notifier.notifier_call = hci_suspend_notifier;
 		ret = register_pm_notifier(&hdev->suspend_notifier);
 	}
@@ -2776,8 +2777,11 @@  int hci_unregister_suspend_notifier(struct hci_dev *hdev)
 {
 	int ret = 0;
 
-	if (!test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks))
+	if (hdev->suspend_notifier.notifier_call) {
 		ret = unregister_pm_notifier(&hdev->suspend_notifier);
+		if (!ret)
+			hdev->suspend_notifier.notifier_call = NULL;
+	}
 
 	return ret;
 }