Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp985316pxb; Wed, 6 Apr 2022 06:04:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBKiLT4ISKe+U20FfuidjgBoNwsefWfjHUkg/R+cAnBP6nhXPytn+np5u6AP7ZhptiTliy X-Received: by 2002:a05:6602:1512:b0:648:cced:ad64 with SMTP id g18-20020a056602151200b00648ccedad64mr4049532iow.152.1649250244051; Wed, 06 Apr 2022 06:04:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649250244; cv=none; d=google.com; s=arc-20160816; b=hHSb3JkPtoSTkI46TnNvZfH8xGwzC3qzjTfwSCtshgj9gogg+D3I3OgA/RNOFq2lM1 lRiWXTqyVd+Gw9ZL4T4FV20ywi3dNK1JIYtSoLfWyh/Kbud1KaJ57NCsUhJ44FhHeYmd 1vEj64m5zYZCgbsph+4MeAyAEOXUP6o+x4m/dpGD7YHqzxqkNAHw1jkK30+5umQwCp67 1z5tZc4Xmx7YzGiF4sP19fJvKqlVs1cJzYzj99yGEA3/Hl0lwNsRNPmhB/N9kT5CCVQn IghC/HkgROHmXQQ9AZqI59kpmDH3IUKPLLVm0traiKGPO7WjHTv1W8cRBk3+Q0eG6+F3 pTIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wwD0564jgy1YYhmqVqUonP5E250qa15IctaJhSFSoQc=; b=QyKx9GofWXLnBehYuJ1hVYRJg6iO3RzTas/MLCNXUx26wgMUFcbVet5J396UtV31/y pMqM2pRAvtbxCWsdr/xneFVlBxAPJ3JipoI0/8unEbligiCn40CDeqxnGG2wNAM1UWG6 Ncl4Zw24im3rqTipz465FpEmupU+ne0b7Rn/RAGoH0+EGrPRl2moAmFA4FMmqcR6h3Ox iWsljNSiobX1RD1kvOocNb0apyPqbYu4PQnb7+yK2/377l8UfqKaOkeW+Ozo6Ymt/946 iMAfaMRZS8r5JzXSKnPZIkiQEERPQmsUwZUbvHPbkrqnJxWu6jCqOJXJfdfmvxkTJ8qz sxGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ax4sgprK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id a13-20020a927f0d000000b002c7d601c58bsi8552520ild.159.2022.04.06.06.04.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 06:04:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ax4sgprK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D6A5C666AD7; Wed, 6 Apr 2022 03:24:17 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1455153AbiDEWkV (ORCPT + 99 others); Tue, 5 Apr 2022 18:40:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349307AbiDEJtg (ORCPT ); Tue, 5 Apr 2022 05:49:36 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB9AFB99; Tue, 5 Apr 2022 02:43:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5AC6061368; Tue, 5 Apr 2022 09:43:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61CF4C385A2; Tue, 5 Apr 2022 09:43:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649151831; bh=uQoHJ3NW9CnApT7MV8GyRFwYt2MTapU0cySGZldJvYo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ax4sgprKOyNRtQSJ2FMKXrkV0l09CPyv9OShtF78PdE1sxz8azt/3oGl+n17o7iYS 1dGsdEdJ7D7PEN2OjiYZS08znanJabm+JAE4IgX9NDbzGQUX2tVqA+UK+m1jZYem3+ 6rya1Nj1+7KqrbbHgPUr5/Hj1hrC2KLHzyIccLwU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Niels Dossche , Marcel Holtmann , Sasha Levin Subject: [PATCH 5.15 557/913] Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed Date: Tue, 5 Apr 2022 09:26:59 +0200 Message-Id: <20220405070356.542777819@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220405070339.801210740@linuxfoundation.org> References: <20220405070339.801210740@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Niels Dossche [ Upstream commit 9fa6b4cda3b414e990f008f45f9bcecbcb54d4d1 ] hci_le_conn_failed function's documentation says that the caller must hold hdev->lock. The only callsite that does not hold that lock is hci_le_conn_failed. The other 3 callsites hold the hdev->lock very locally. The solution is to hold the lock during the call to hci_le_conn_failed. Fixes: 3c857757ef6e ("Bluetooth: Add directed advertising support through connect()") Signed-off-by: Niels Dossche Signed-off-by: Marcel Holtmann Signed-off-by: Sasha Levin --- net/bluetooth/hci_conn.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 2b5059a56cda..7a7e92be1652 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -541,7 +541,9 @@ static void le_conn_timeout(struct work_struct *work) if (conn->role == HCI_ROLE_SLAVE) { /* Disable LE Advertising */ le_disable_advertising(hdev); + hci_dev_lock(hdev); hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); + hci_dev_unlock(hdev); return; } -- 2.34.1