releases/3.18.68/bluetooth-bnep-fix-possible-might-sleep-error-in-bnep_session.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 25717382c1dd0ddced2059053e3ca5088665f7a5 Mon Sep 17 00:00:00 2001
 From: Jeffy Chen <jeffy.chen@rock-chips.com>
 Date: Tue, 27 Jun 2017 17:34:42 +0800
 Subject: Bluetooth: bnep: fix possible might sleep error in bnep_session

 From: Jeffy Chen <jeffy.chen@rock-chips.com>

 commit 25717382c1dd0ddced2059053e3ca5088665f7a5 upstream.

 It looks like bnep_session has same pattern as the issue reported in
 old rfcomm:

 	while (1) {
 		set_current_state(TASK_INTERRUPTIBLE);
 		if (condition)
 			break;
 		// may call might_sleep here
 		schedule();
 	}
 	__set_current_state(TASK_RUNNING);

 Which fixed at:
 	dfb2fae Bluetooth: Fix nested sleeps

 So let's fix it at the same way, also follow the suggestion of:
 https://lwn.net/Articles/628628/

 Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
 Reviewed-by: Brian Norris <briannorris@chromium.org>
 Reviewed-by: AL Yu-Chen Cho <acho@suse.com>
 Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
 Cc: Jiri Slaby <jslaby@suse.cz>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  net/bluetooth/bnep/core.c |   11 +++++------
  1 file changed, 5 insertions(+), 6 deletions(-)

 --- a/net/bluetooth/bnep/core.c
 +++ b/net/bluetooth/bnep/core.c
 @@ -451,16 +451,16 @@ static int bnep_session(void *arg)
  	struct net_device *dev = s->dev;
  	struct sock *sk = s->sock->sk;
  	struct sk_buff *skb;
 -	wait_queue_t wait;
 +	DEFINE_WAIT_FUNC(wait, woken_wake_function);

  	BT_DBG("");

  	set_user_nice(current, -15);

 -	init_waitqueue_entry(&wait, current);
  	add_wait_queue(sk_sleep(sk), &wait);
  	while (1) {
 -		set_current_state(TASK_INTERRUPTIBLE);
 +		/* Ensure session->terminate is updated */
 +		smp_mb__before_atomic();

  		if (atomic_read(&s->terminate))
  			break;
 @@ -482,9 +482,8 @@ static int bnep_session(void *arg)
  				break;
  		netif_wake_queue(dev);

 -		schedule();
 +		wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
  	}
 -	__set_current_state(TASK_RUNNING);
  	remove_wait_queue(sk_sleep(sk), &wait);

  	/* Cleanup session */
 @@ -621,7 +620,7 @@ int bnep_del_connection(struct bnep_conn
  	s = __bnep_get_session(req->dst);
  	if (s) {
  		atomic_inc(&s->terminate);
 -		wake_up_process(s->task);
 +		wake_up_interruptible(sk_sleep(s->sock->sk));
  	} else
  		err = -ENOENT;
	From 25717382c1dd0ddced2059053e3ca5088665f7a5 Mon Sep 17 00:00:00 2001
	From: Jeffy Chen <jeffy.chen@rock-chips.com>
	Date: Tue, 27 Jun 2017 17:34:42 +0800
	Subject: Bluetooth: bnep: fix possible might sleep error in bnep_session

	From: Jeffy Chen <jeffy.chen@rock-chips.com>

	commit 25717382c1dd0ddced2059053e3ca5088665f7a5 upstream.

	It looks like bnep_session has same pattern as the issue reported in
	old rfcomm:

	while (1) {
	set_current_state(TASK_INTERRUPTIBLE);
	if (condition)
	break;
	// may call might_sleep here
	schedule();
	}
	__set_current_state(TASK_RUNNING);

	Which fixed at:
	dfb2fae Bluetooth: Fix nested sleeps

	So let's fix it at the same way, also follow the suggestion of:
	https://lwn.net/Articles/628628/

	Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
	Reviewed-by: Brian Norris <briannorris@chromium.org>
	Reviewed-by: AL Yu-Chen Cho <acho@suse.com>
	Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
	Cc: Jiri Slaby <jslaby@suse.cz>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	net/bluetooth/bnep/core.c \| 11 +++++------
	1 file changed, 5 insertions(+), 6 deletions(-)

	--- a/net/bluetooth/bnep/core.c
	+++ b/net/bluetooth/bnep/core.c
	@@ -451,16 +451,16 @@ static int bnep_session(void *arg)
	struct net_device *dev = s->dev;
	struct sock *sk = s->sock->sk;
	struct sk_buff *skb;
	- wait_queue_t wait;
	+ DEFINE_WAIT_FUNC(wait, woken_wake_function);

	BT_DBG("");

	set_user_nice(current, -15);

	- init_waitqueue_entry(&wait, current);
	add_wait_queue(sk_sleep(sk), &wait);
	while (1) {
	- set_current_state(TASK_INTERRUPTIBLE);
	+ /* Ensure session->terminate is updated */
	+ smp_mb__before_atomic();

	if (atomic_read(&s->terminate))
	break;
	@@ -482,9 +482,8 @@ static int bnep_session(void *arg)
	break;
	netif_wake_queue(dev);

	- schedule();
	+ wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
	}
	- __set_current_state(TASK_RUNNING);
	remove_wait_queue(sk_sleep(sk), &wait);

	/* Cleanup session */
	@@ -621,7 +620,7 @@ int bnep_del_connection(struct bnep_conn
	s = __bnep_get_session(req->dst);
	if (s) {
	atomic_inc(&s->terminate);
	- wake_up_process(s->task);
	+ wake_up_interruptible(sk_sleep(s->sock->sk));
	} else
	err = -ENOENT;