| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2009 10:58:56 +0100
From: Pavel Machek <pavel@....cz>
To: Marcel Holtmann <marcel@...tmann.org>,
"Rafael J. Wysocki" <rjw@...k.pl>
Cc: Greg KH <greg@...ah.com>,
kernel list <linux-kernel@...r.kernel.org>
Subject: Re: 2.6.29-rc5+: usb bluetooth crashes system
Hi!
> >>>> Since switch to 2.6.29-rc, bluetooth crashes system... usually on
> >>>> disconnect or killall pppd.
> >>>
> >>> Do we have a trace?
> >>
> >> We have "bad magic" message, see bugzilla. I guess it is use of
> >> spinlock after free?
> >
> > can you double check with the net-next-2.6 or bluetooth-next-2.6 tree
> > and see if that issue is still present.
>
> Well, I took btusb.c from 2.6.28 and that fixed the issue; so we know
> the regression is in btusb.c file between 28 and 29-rc7. If you have
> specific version of btusb.c you want me to test, please mail it to me.
This smaller patch (partial revert of btusb.c to 2.6.28 state) seems
to help, too....
Pavel
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index b5fbda6..75f9fc0 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -655,19 +680,8 @@ static void btusb_notify(struct hci_dev *hdev, unsigned int evt)
BT_DBG("%s evt %d", hdev->name, evt);
- if (hdev->conn_hash.acl_num > 0) {
- if (!test_and_set_bit(BTUSB_BULK_RUNNING, &data->flags)) {
- if (btusb_submit_bulk_urb(hdev, GFP_ATOMIC) < 0)
- clear_bit(BTUSB_BULK_RUNNING, &data->flags);
- else
- btusb_submit_bulk_urb(hdev, GFP_ATOMIC);
- }
- } else {
- clear_bit(BTUSB_BULK_RUNNING, &data->flags);
- usb_unlink_anchored_urbs(&data->bulk_anchor);
- }
-
- schedule_work(&data->work);
+ if (evt == HCI_NOTIFY_CONN_ADD || evt == HCI_NOTIFY_CONN_DEL)
+ schedule_work(&data->work);
}
static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting)
@@ -718,6 +732,18 @@ static void btusb_work(struct work_struct *work)
struct btusb_data *data = container_of(work, struct btusb_data, work);
struct hci_dev *hdev = data->hdev;
+ if (hdev->conn_hash.acl_num > 0) {
+ if (!test_and_set_bit(BTUSB_BULK_RUNNING, &data->flags)) {
+ if (btusb_submit_bulk_urb(hdev) < 0)
+ clear_bit(BTUSB_BULK_RUNNING, &data->flags);
+ else
+ btusb_submit_bulk_urb(hdev);
+ }
+ } else {
+ clear_bit(BTUSB_BULK_RUNNING, &data->flags);
+ usb_kill_anchored_urbs(&data->bulk_anchor);
+ }
+
if (hdev->conn_hash.sco_num > 0) {
if (data->isoc_altsetting != 2) {
clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
@@ -852,23 +876,9 @@ static int btusb_probe(struct usb_interface *intf,
if (id->driver_info & BTUSB_BROKEN_ISOC)
data->isoc = NULL;
- if (id->driver_info & BTUSB_DIGIANSWER) {
- data->cmdreq_type = USB_TYPE_VENDOR;
- set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
- }
-
- if (id->driver_info & BTUSB_CSR) {
- struct usb_device *udev = data->udev;
-
- /* Old firmware would otherwise execute USB reset */
- if (le16_to_cpu(udev->descriptor.bcdDevice) < 0x117)
- set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
- }
-
if (id->driver_info & BTUSB_SNIFFER) {
struct usb_device *udev = data->udev;
- /* New sniffer firmware has crippled HCI interface */
if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997)
set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists