Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp1494285img; Tue, 26 Feb 2019 23:43:59 -0800 (PST) X-Google-Smtp-Source: AHgI3IbXGZAHGfdlsAnQHsIUeWk+ZIT8xHkMnvb+6WhEj2pWTJUWQvZmyG6C8CaFrqUCAoZQg4Bk X-Received: by 2002:aa7:8743:: with SMTP id g3mr297346pfo.109.1551253439007; Tue, 26 Feb 2019 23:43:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551253439; cv=none; d=google.com; s=arc-20160816; b=vn+ayIMJtXPeKyB4bRPqiF2VM8rDUo6Ehw9zxpVqdiJQ+rKBjbjN5t7GgR1NMgVab8 MbMuQ1AfT9MrTpi5eYTPKAjCL7JY+f7TVpHWl5pikD2JuZdiTyHXLqun5z3JQraPxapD /Rw/SIrAyWyd1d0xX8LTcMO/9Uv2q2ZIhaDb9bSlgpnNCreG+4Jk2YYLf7zEtrt3eAii vVVI0nv4+KN3yi+EPtvaA4/2IFXbD/r/NjJxCH1oTNmOCGlQ0GsuJqZXCB+DRhMpJ0yw GjgSFKS4oeK8iO2D9GXK0BWyZnYFKki1WCizyB/7JPP48FcTiuxg3vFywM6vFBmc05Bo nP0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=Qz3FMjxicuSQWQNy0WhwQE9GoohciVI797WdNSvitE4=; b=Bqa+5MazFN/pxs1IpbFcqLA5bev7W/VMGQGv8Mm/rCkbG62OiLzPlA+jegXS95o58j /MLOEUClWX1B8JMobhmX0Hl8CR26uKtfLKZ7GKGVtgX8Tax/ObHAVklJRG4rnS4L8tE5 EWrTlQH79561qoarNPa+MEnogYANEs0kykwPPZFkQwGg0Xx3fYP4TvhCBxya+Lo53xG0 BVn7QcmEmwGNJL8r5E9sf//Ax0PzXGMPx2S+cCg4vue+qtSjjBKe1r+tUhDAt/Ua2vz8 EI3x6B75lpWaZ4wQ0SjbJUH7E2H99w2w0PPadW2idSv6zgSWk1/UuSeuNAtB2tPQGIp7 aV/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w2si14452336pgm.456.2019.02.26.23.43.43; Tue, 26 Feb 2019 23:43:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729009AbfB0HnX convert rfc822-to-8bit (ORCPT + 99 others); Wed, 27 Feb 2019 02:43:23 -0500 Received: from coyote.holtmann.net ([212.227.132.17]:40712 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726724AbfB0HnX (ORCPT ); Wed, 27 Feb 2019 02:43:23 -0500 Received: from marcel-macpro.fritz.box (p4FF9F361.dip0.t-ipconnect.de [79.249.243.97]) by mail.holtmann.org (Postfix) with ESMTPSA id F1EECCF2AE; Wed, 27 Feb 2019 08:51:16 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: [PATCH] Bluetooth: hci_bcm: fix double-free irq on removal From: Marcel Holtmann In-Reply-To: <20190226184636.02694ee7@aktux> Date: Wed, 27 Feb 2019 08:43:21 +0100 Cc: Johan Hedberg , "open list:BLUETOOTH DRIVERS" , linux-kernel@vger.kernel.org, josua.mayer@jm0.eu Content-Transfer-Encoding: 8BIT Message-Id: References: <20190225195010.32277-1-andreas@kemnade.info> <20190226184636.02694ee7@aktux> To: Andreas Kemnade X-Mailer: Apple Mail (2.3445.102.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Andreas, >>> after rmmod hci_uart a warning about doubly freed >>> interrupts appears, so do it only once. Instead disable it. >>> It is already implicitely freed by the devm framework. >>> >>> [ 230.782948] ------------[ cut here ]------------ >>> [ 230.787708] WARNING: CPU: 0 PID: 2715 at kernel/irq/devres.c:146 devm_free_irq+0x59/0x60 >>> [ 230.798345] Modules linked in: usb_f_ecm u_ether libcomposite spidev hidp rfcomm hci_uart(-) btbcm bluetooth ecdh_generic brcmfmac brcmutil cfg80211 rfkill evdev sun8i_codec_analog sun8i_adda_pr_regmap snd_soc_core snd_pcm_dmaengine pwrseq_simple snd_pcm snd_timer snd soundcore hih6130 cpufreq_dt uio_pdrv_genirq gpio_keys uio thermal_sys >>> [ 230.828282] CPU: 0 PID: 2715 Comm: rmmod Not tainted 5.0.0-rc8+ #14 >>> [ 230.834540] Hardware name: Allwinner sun8i Family >>> [ 230.839266] [] (unwind_backtrace) from [] (show_stack+0x11/0x14) >>> [ 230.847014] [] (show_stack) from [] (dump_stack+0x67/0x74) >>> [ 230.854240] [] (dump_stack) from [] (__warn+0xb9/0xcc) >>> [ 230.861115] [] (__warn) from [] (warn_slowpath_null+0x2f/0x34) >>> [ 230.868681] [] (warn_slowpath_null) from [] (devm_free_irq+0x59/0x60) >>> [ 230.876881] [] (devm_free_irq) from [] (bcm_close+0x35/0xa8 [hci_uart]) >>> [ 230.885264] [] (bcm_close [hci_uart]) from [] (hci_uart_unregister_device+0x33/0x3c [hci_uart]) >>> [ 230.895708] [] (hci_uart_unregister_device [hci_uart]) from [] (bcm_serdev_remove+0xf/0x10 [hci_uart]) >>> [ 230.906755] [] (bcm_serdev_remove [hci_uart]) from [] (serdev_drv_remove+0x13/0x20) >>> [ 230.916150] [] (serdev_drv_remove) from [] (device_release_driver_internal+0xf7/0x158) >>> [ 230.925799] [] (device_release_driver_internal) from [] (driver_detach+0x49/0x78) >>> [ 230.935013] [] (driver_detach) from [] (bus_remove_driver+0x31/0x70) >>> [ 230.943108] [] (bus_remove_driver) from [] (bcm_deinit+0x1b/0xcc4 [hci_uart]) >>> [ 230.951994] [] (bcm_deinit [hci_uart]) from [] (hci_uart_exit+0x1b/0x34 [hci_uart]) >>> [ 230.961389] [] (hci_uart_exit [hci_uart]) from [] (sys_delete_module+0x135/0x178) >>> [ 230.970603] [] (sys_delete_module) from [] (ret_fast_syscall+0x1/0x62) >>> [ 230.978855] Exception stack(0xd66b7fa8 to 0xd66b7ff0) >>> [ 230.983906] 7fa0: 00c3dd00 00000000 00c3dd3c 00000800 88297c00 88297c00 >>> [ 230.992078] 7fc0: 00c3dd00 00000000 bef05e82 00000081 bef05b88 00000001 bef05d7c 00000000 >>> [ 231.000245] 7fe0: 0045bf6c bef05b24 00441303 b6edab26 >>> [ 231.005332] ---[ end trace dc4caa46c945c790 ]--- >>> [ 231.009946] ------------[ cut here ]------------ >>> [ 231.014567] WARNING: CPU: 0 PID: 2715 at kernel/irq/manage.c:1600 __free_irq+0x83/0x20c >>> [ 231.025070] Trying to free already-free IRQ 92 >>> [ 231.029505] Modules linked in: usb_f_ecm u_ether libcomposite spidev hidp rfcomm hci_uart(-) btbcm bluetooth ecdh_generic brcmfmac brcmutil cfg80211 rfkill evdev sun8i_codec_analog sun8i_adda_pr_regmap snd_soc_core snd_pcm_dmaengine pwrseq_simple snd_pcm snd_timer snd soundcore hih6130 cpufreq_dt uio_pdrv_genirq gpio_keys uio thermal_sys >>> [ 231.059389] CPU: 0 PID: 2715 Comm: rmmod Tainted: G W 5.0.0-rc8+ #14 >>> [ 231.067032] Hardware name: Allwinner sun8i Family >>> [ 231.071740] [] (unwind_backtrace) from [] (show_stack+0x11/0x14) >>> [ 231.079481] [] (show_stack) from [] (dump_stack+0x67/0x74) >>> [ 231.086701] [] (dump_stack) from [] (__warn+0xb9/0xcc) >>> [ 231.093574] [] (__warn) from [] (warn_slowpath_fmt+0x33/0x48) >>> [ 231.101054] [] (warn_slowpath_fmt) from [] (__free_irq+0x83/0x20c) >>> [ 231.108966] [] (__free_irq) from [] (free_irq+0x27/0x5c) >>> [ 231.116012] [] (free_irq) from [] (devm_free_irq+0x3f/0x60) >>> [ 231.123326] [] (devm_free_irq) from [] (bcm_close+0x35/0xa8 [hci_uart]) >>> [ 231.131690] [] (bcm_close [hci_uart]) from [] (hci_uart_unregister_device+0x33/0x3c [hci_uart]) >>> [ 231.142133] [] (hci_uart_unregister_device [hci_uart]) from [] (bcm_serdev_remove+0xf/0x10 [hci_uart]) >>> [ 231.153174] [] (bcm_serdev_remove [hci_uart]) from [] (serdev_drv_remove+0x13/0x20) >>> [ 231.162562] [] (serdev_drv_remove) from [] (device_release_driver_internal+0xf7/0x158) >>> [ 231.172209] [] (device_release_driver_internal) from [] (driver_detach+0x49/0x78) >>> [ 231.181422] [] (driver_detach) from [] (bus_remove_driver+0x31/0x70) >>> [ 231.189517] [] (bus_remove_driver) from [] (bcm_deinit+0x1b/0xcc4 [hci_uart]) >>> [ 231.198399] [] (bcm_deinit [hci_uart]) from [] (hci_uart_exit+0x1b/0x34 [hci_uart]) >>> [ 231.207793] [] (hci_uart_exit [hci_uart]) from [] (sys_delete_module+0x135/0x178) >>> [ 231.217005] [] (sys_delete_module) from [] (ret_fast_syscall+0x1/0x62) >>> [ 231.225256] Exception stack(0xd66b7fa8 to 0xd66b7ff0) >>> [ 231.230305] 7fa0: 00c3dd00 00000000 00c3dd3c 00000800 88297c00 88297c00 >>> [ 231.238476] 7fc0: 00c3dd00 00000000 bef05e82 00000081 bef05b88 00000001 bef05d7c 00000000 >>> [ 231.246644] 7fe0: 0045bf6c bef05b24 00441303 b6edab26 >>> [ 231.251688] ---[ end trace dc4caa46c945c791 ]--- >>> >>> Signed-off-by: Andreas Kemnade >>> --- >>> drivers/bluetooth/hci_bcm.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c >>> index ddbe518c3e5b..97a8ba607d0c 100644 >>> --- a/drivers/bluetooth/hci_bcm.c >>> +++ b/drivers/bluetooth/hci_bcm.c >>> @@ -488,7 +488,7 @@ static int bcm_close(struct hci_uart *hu) >>> >>> if (bdev) { >>> if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) { >>> - devm_free_irq(bdev->dev, bdev->irq, bdev); >>> + disable_irq(bdev->irq); >>> device_init_wakeup(bdev->dev, false); >>> pm_runtime_disable(bdev->dev); >>> } >> >> this fix is too simplistic I think. If we don’t free it here, then subsequent calls to btattach will leave an IRQ around. Or driver unbind/rebind action might trigger this as well. >> > hmm, driver bind/unbind should be no problem, devm will clean up. a > close()+setup() without unbind/removal in between could be a problem. > But then we can simply solve the problem by not use a devm-managed irq > here. So setup()+close() will look symmetrical. we might really better do that since the hci_ldisc is too convoluted and maybe not a good fit for devm_ variants. At some point this all needs to migrate to bauart.c and bt3wire.c new drivers. Regards Marcel