Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp860464img; Tue, 26 Feb 2019 09:48:12 -0800 (PST) X-Google-Smtp-Source: AHgI3Ibx/Y1LR5kaUD3xogBnZ6YFtXqoh76/uKrEXyj3upZlY2nwnzt+4HNp7RnVfc1beMble/a4 X-Received: by 2002:a63:29c9:: with SMTP id p192mr22513476pgp.176.1551203292282; Tue, 26 Feb 2019 09:48:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551203292; cv=none; d=google.com; s=arc-20160816; b=gnHkv2bp2Y4Rnst08ZOa2SkVInqWFcAVzUiFC8FfWDMoVVqbrcj9LEDcUgFu8yZP2G mSy8WJW0EbanAEqeW6tgBbDuy6tWz63+eLLGuilS5K8+VuBy5krY84TbG2XHBLVvfRI9 H0cFKzgtvpH5PdjoKwXnp6gmSBTIG56GkYPi+A77X26hKlNSdJZuSbNjusoOs86xrYoy k0kkVHE6r38MvTD1Ds/o8xp9GUALGoFbR6rLXwhB1I3Faa8pX8SzvvzhCxfmdCes9Hxg wwe8NfZmMhU0FTfELQLnnJifnNLL2cKvxWbZvACdF0qGQ/iVZZIgP2T5YVg/8i7yjXSO faqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=47wSO3jDVCuhQD8VNAchueS0Mz7W+J5JiVS1ii/OeIo=; b=AP64kWUI0xWKl44Oa45OuiwrowUJS1wS7fEdscM7HTXCXAZxL1vE6L4qEf0BXPCGge mFgHovYJvLhALUcrod7WZpePje0uI2dFCv3vVE8Mj/Op1hpz2eQHzEWjFlocVJ2cOk7C c7d/FzyTcbqIPXGC0kJA8jwQcXW2MhJwPcEnTBi1NmrE0/33vw2+OOFnpq8c5/Iay6Zc EA05N+EjRrYWrEMIoRjCAdSN8/r1Zpn84WLdIGfavtF9fSDnh751McmYryI7o/lgZShK CAFYH8dSZx7pWhFv1gICvZBbx68TPPl/ndi3TFoxUOUr8sssHvanXKZI4lJ/ob8efCk1 xPNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@kemnade.info header.s=20180802 header.b=a8DiqMIp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a5si11815380pgt.408.2019.02.26.09.47.57; Tue, 26 Feb 2019 09:48:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@kemnade.info header.s=20180802 header.b=a8DiqMIp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728870AbfBZRq7 (ORCPT + 99 others); Tue, 26 Feb 2019 12:46:59 -0500 Received: from mail.andi.de1.cc ([85.214.239.24]:60402 "EHLO h2641619.stratoserver.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727108AbfBZRq6 (ORCPT ); Tue, 26 Feb 2019 12:46:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kemnade.info; s=20180802; h=Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=47wSO3jDVCuhQD8VNAchueS0Mz7W+J5JiVS1ii/OeIo=; b=a8DiqMIpjVzQWGuv4nR9+ICUl MpAfFutwTD1/BqveGtHPHF3LsKN0E4UTWMbfa/5NMYNZadLrhHYeTqyTy03CMoyxk69uK2uJbSqJF fZqQ458hB2kUdgg7s0nh+Ad2+BKC7G3zMVOuQPh8bU6V+9lWO3RyizD8xPZTT6Up85jAk=; Received: from p5dcc35d1.dip0.t-ipconnect.de ([93.204.53.209] helo=aktux) by h2641619.stratoserver.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gygog-0000yX-4n; Tue, 26 Feb 2019 18:46:54 +0100 Date: Tue, 26 Feb 2019 18:46:36 +0100 From: Andreas Kemnade To: Marcel Holtmann Cc: Johan Hedberg , linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, josua.mayer@jm0.eu Subject: Re: [PATCH] Bluetooth: hci_bcm: fix double-free irq on removal Message-ID: <20190226184636.02694ee7@aktux> In-Reply-To: References: <20190225195010.32277-1-andreas@kemnade.info> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/WVJCC+9UZ.7UTS_H671g+Kf"; protocol="application/pgp-signature" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --Sig_/WVJCC+9UZ.7UTS_H671g+Kf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Marcel, On Tue, 26 Feb 2019 09:53:27 +0100 Marcel Holtmann wrote: > Hi Andreas, >=20 > > after rmmod hci_uart a warning about doubly freed > > interrupts appears, so do it only once. Instead disable it. > > It is already implicitely freed by the devm framework. > >=20 > > [ 230.782948] ------------[ cut here ]------------ > > [ 230.787708] WARNING: CPU: 0 PID: 2715 at kernel/irq/devres.c:146 dev= m_free_irq+0x59/0x60 > > [ 230.798345] Modules linked in: usb_f_ecm u_ether libcomposite spidev= hidp rfcomm hci_uart(-) btbcm bluetooth ecdh_generic brcmfmac brcmutil cfg= 80211 rfkill evdev sun8i_codec_analog sun8i_adda_pr_regmap snd_soc_core snd= _pcm_dmaengine pwrseq_simple snd_pcm snd_timer snd soundcore hih6130 cpufre= q_dt uio_pdrv_genirq gpio_keys uio thermal_sys > > [ 230.828282] CPU: 0 PID: 2715 Comm: rmmod Not tainted 5.0.0-rc8+ #14 > > [ 230.834540] Hardware name: Allwinner sun8i Family > > [ 230.839266] [] (unwind_backtrace) from [] (show_= stack+0x11/0x14) > > [ 230.847014] [] (show_stack) from [] (dump_stack+= 0x67/0x74) > > [ 230.854240] [] (dump_stack) from [] (__warn+0xb9= /0xcc) > > [ 230.861115] [] (__warn) from [] (warn_slowpath_n= ull+0x2f/0x34) > > [ 230.868681] [] (warn_slowpath_null) from [] (dev= m_free_irq+0x59/0x60) > > [ 230.876881] [] (devm_free_irq) from [] (bcm_clos= e+0x35/0xa8 [hci_uart]) > > [ 230.885264] [] (bcm_close [hci_uart]) from [] (h= ci_uart_unregister_device+0x33/0x3c [hci_uart]) > > [ 230.895708] [] (hci_uart_unregister_device [hci_uart]) fro= m [] (bcm_serdev_remove+0xf/0x10 [hci_uart]) > > [ 230.906755] [] (bcm_serdev_remove [hci_uart]) from [] (serdev_drv_remove+0x13/0x20) > > [ 230.916150] [] (serdev_drv_remove) from [] (devi= ce_release_driver_internal+0xf7/0x158) > > [ 230.925799] [] (device_release_driver_internal) from [] (driver_detach+0x49/0x78) > > [ 230.935013] [] (driver_detach) from [] (bus_remo= ve_driver+0x31/0x70) > > [ 230.943108] [] (bus_remove_driver) from [] (bcm_= deinit+0x1b/0xcc4 [hci_uart]) > > [ 230.951994] [] (bcm_deinit [hci_uart]) from [] (= hci_uart_exit+0x1b/0x34 [hci_uart]) > > [ 230.961389] [] (hci_uart_exit [hci_uart]) from [= ] (sys_delete_module+0x135/0x178) > > [ 230.970603] [] (sys_delete_module) from [] (ret_= fast_syscall+0x1/0x62) > > [ 230.978855] Exception stack(0xd66b7fa8 to 0xd66b7ff0) > > [ 230.983906] 7fa0: 00c3dd00 00000000 00c3dd3c 00000= 800 88297c00 88297c00 > > [ 230.992078] 7fc0: 00c3dd00 00000000 bef05e82 00000081 bef05b88 00000= 001 bef05d7c 00000000 > > [ 231.000245] 7fe0: 0045bf6c bef05b24 00441303 b6edab26 > > [ 231.005332] ---[ end trace dc4caa46c945c790 ]--- > > [ 231.009946] ------------[ cut here ]------------ > > [ 231.014567] WARNING: CPU: 0 PID: 2715 at kernel/irq/manage.c:1600 __= free_irq+0x83/0x20c > > [ 231.025070] Trying to free already-free IRQ 92 > > [ 231.029505] Modules linked in: usb_f_ecm u_ether libcomposite spidev= hidp rfcomm hci_uart(-) btbcm bluetooth ecdh_generic brcmfmac brcmutil cfg= 80211 rfkill evdev sun8i_codec_analog sun8i_adda_pr_regmap snd_soc_core snd= _pcm_dmaengine pwrseq_simple snd_pcm snd_timer snd soundcore hih6130 cpufre= q_dt uio_pdrv_genirq gpio_keys uio thermal_sys > > [ 231.059389] CPU: 0 PID: 2715 Comm: rmmod Tainted: G W = 5.0.0-rc8+ #14 > > [ 231.067032] Hardware name: Allwinner sun8i Family > > [ 231.071740] [] (unwind_backtrace) from [] (show_= stack+0x11/0x14) > > [ 231.079481] [] (show_stack) from [] (dump_stack+= 0x67/0x74) > > [ 231.086701] [] (dump_stack) from [] (__warn+0xb9= /0xcc) > > [ 231.093574] [] (__warn) from [] (warn_slowpath_f= mt+0x33/0x48) > > [ 231.101054] [] (warn_slowpath_fmt) from [] (__fr= ee_irq+0x83/0x20c) > > [ 231.108966] [] (__free_irq) from [] (free_irq+0x= 27/0x5c) > > [ 231.116012] [] (free_irq) from [] (devm_free_irq= +0x3f/0x60) > > [ 231.123326] [] (devm_free_irq) from [] (bcm_clos= e+0x35/0xa8 [hci_uart]) > > [ 231.131690] [] (bcm_close [hci_uart]) from [] (h= ci_uart_unregister_device+0x33/0x3c [hci_uart]) > > [ 231.142133] [] (hci_uart_unregister_device [hci_uart]) fro= m [] (bcm_serdev_remove+0xf/0x10 [hci_uart]) > > [ 231.153174] [] (bcm_serdev_remove [hci_uart]) from [] (serdev_drv_remove+0x13/0x20) > > [ 231.162562] [] (serdev_drv_remove) from [] (devi= ce_release_driver_internal+0xf7/0x158) > > [ 231.172209] [] (device_release_driver_internal) from [] (driver_detach+0x49/0x78) > > [ 231.181422] [] (driver_detach) from [] (bus_remo= ve_driver+0x31/0x70) > > [ 231.189517] [] (bus_remove_driver) from [] (bcm_= deinit+0x1b/0xcc4 [hci_uart]) > > [ 231.198399] [] (bcm_deinit [hci_uart]) from [] (= hci_uart_exit+0x1b/0x34 [hci_uart]) > > [ 231.207793] [] (hci_uart_exit [hci_uart]) from [= ] (sys_delete_module+0x135/0x178) > > [ 231.217005] [] (sys_delete_module) from [] (ret_= fast_syscall+0x1/0x62) > > [ 231.225256] Exception stack(0xd66b7fa8 to 0xd66b7ff0) > > [ 231.230305] 7fa0: 00c3dd00 00000000 00c3dd3c 00000= 800 88297c00 88297c00 > > [ 231.238476] 7fc0: 00c3dd00 00000000 bef05e82 00000081 bef05b88 00000= 001 bef05d7c 00000000 > > [ 231.246644] 7fe0: 0045bf6c bef05b24 00441303 b6edab26 > > [ 231.251688] ---[ end trace dc4caa46c945c791 ]--- > >=20 > > Signed-off-by: Andreas Kemnade > > --- > > drivers/bluetooth/hci_bcm.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > >=20 > > diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c > > index ddbe518c3e5b..97a8ba607d0c 100644 > > --- a/drivers/bluetooth/hci_bcm.c > > +++ b/drivers/bluetooth/hci_bcm.c > > @@ -488,7 +488,7 @@ static int bcm_close(struct hci_uart *hu) > >=20 > > if (bdev) { > > if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) { > > - devm_free_irq(bdev->dev, bdev->irq, bdev); > > + disable_irq(bdev->irq); > > device_init_wakeup(bdev->dev, false); > > pm_runtime_disable(bdev->dev); > > } =20 >=20 > this fix is too simplistic I think. If we don=E2=80=99t free it here, the= n subsequent calls to btattach will leave an IRQ around. Or driver unbind/r= ebind action might trigger this as well. >=20 hmm, driver bind/unbind should be no problem, devm will clean up. a close()+setup() without unbind/removal in between could be a problem. But then we can simply solve the problem by not use a devm-managed irq here. So setup()+close() will look symmetrical. Regards, Andreas --Sig_/WVJCC+9UZ.7UTS_H671g+Kf Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7sDbhY5mwNpwYgrAfb1qx03ikyQFAlx1e3wACgkQfb1qx03i kyQdHQ/9GnO0gAO7Rft1oF8p8e/uiftsKt3xRIEz0fRFZyC8iLwaSk//4MtJ/YAc GBt2oIt8kjR9FzlkCCLbgrIPnI2yXM792+orYDA6JyG8Mww2NiGUIOQnx2hLzp3t DTOJ8tWAtuPEVOH7PDcCY3O6HvPlV9GrvFDoAd4003AUyToKxePykGA2xiQfWRBj qpRUrO8JEVmooky8FAEFsc07hSvp6sfCeRNwhRb2sETBbX8rQpQ8wR090CN8HUWc gQD7vZwafge/Vxp//wSIoGco/3qBCCWyR6eDmIEbi+MQo6T9bHVhiudyEsvT183z siUpAB22jzTLgpzUnfTx+3AgKYpKrCsjvH/UrCue3SSEToSSHczXGUGQ1oPC4M50 alNvJ6ejmBbUcsSs7/6XIZ2oHioslPAPdJ5a0TBVolpnOEvMf91NEdYBcN8A3+Dq CVldj3Q7TKpN2/5GlbKYW9LR87nsBjerELGVXYiUSePe7x4P07Ko2Q17F+2uFzYD FQRhAr3AWag+goeuUUUiLQ13eeTNAgr7/fbc9oePyTegEA6nMbL03mIMZmX9IGi4 5kbKocavPf2VuYBI6Zrvvrwm1BCVRlCPkoBexgoXipsX9irh3uePE9h0XcN7AocA LVIvPylGPy4dUNMjpCn0TCCz53nYXeue4gkf/T6y6g/gjTDjE1c= =CugM -----END PGP SIGNATURE----- --Sig_/WVJCC+9UZ.7UTS_H671g+Kf--