From: "Steven Rostedt (Google)" <[email protected]>
Before a timer is freed, del_timer_shutdown() must be called.
Link: https://lore.kernel.org/all/[email protected]/
Cc: Marcel Holtmann <[email protected]>
Cc: Johan Hedberg <[email protected]>
Cc: Luiz Augusto von Dentz <[email protected]>
Cc: [email protected]
Signed-off-by: Steven Rostedt (Google) <[email protected]>
---
drivers/bluetooth/hci_bcsp.c | 2 +-
drivers/bluetooth/hci_h5.c | 2 +-
drivers/bluetooth/hci_qca.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
index cf4a56095817..69caaff37141 100644
--- a/drivers/bluetooth/hci_bcsp.c
+++ b/drivers/bluetooth/hci_bcsp.c
@@ -737,7 +737,7 @@ static int bcsp_close(struct hci_uart *hu)
{
struct bcsp_struct *bcsp = hu->priv;
- del_timer_sync(&bcsp->tbcsp);
+ del_timer_shutdown(&bcsp->tbcsp);
hu->priv = NULL;
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index c5a0409ef84f..08a36ea9eea9 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -253,7 +253,7 @@ static int h5_close(struct hci_uart *hu)
{
struct h5 *h5 = hu->priv;
- del_timer_sync(&h5->timer);
+ del_timer_shutdown(&h5->timer);
skb_queue_purge(&h5->unack);
skb_queue_purge(&h5->rel);
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 8df11016fd51..1796166ba35d 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -697,8 +697,8 @@ static int qca_close(struct hci_uart *hu)
skb_queue_purge(&qca->txq);
skb_queue_purge(&qca->rx_memdump_q);
destroy_workqueue(qca->workqueue);
- del_timer_sync(&qca->tx_idle_timer);
- del_timer_sync(&qca->wake_retrans_timer);
+ del_timer_shutdown(&qca->tx_idle_timer);
+ del_timer_shutdown(&qca->wake_retrans_timer);
qca->hu = NULL;
kfree_skb(qca->rx_skb);
--
2.35.1
Hi Steven,
On Thu, Oct 27, 2022 at 8:09 AM Steven Rostedt <[email protected]> wrote:
>
> From: "Steven Rostedt (Google)" <[email protected]>
>
> Before a timer is freed, del_timer_shutdown() must be called.
>
> Link: https://lore.kernel.org/all/[email protected]/
>
> Cc: Marcel Holtmann <[email protected]>
> Cc: Johan Hedberg <[email protected]>
> Cc: Luiz Augusto von Dentz <[email protected]>
> Cc: [email protected]
> Signed-off-by: Steven Rostedt (Google) <[email protected]>
Acked-by: Luiz Augusto von Dentz <[email protected]>
Btw, we do seem to have similar problems with the likes of
cancel_delayed_work/cancel_delayed_work_sync so wonder if it wouldn't
be the case to introduce something like shutdown_delayed_work before
freeing the struct/object containing it?
> ---
> drivers/bluetooth/hci_bcsp.c | 2 +-
> drivers/bluetooth/hci_h5.c | 2 +-
> drivers/bluetooth/hci_qca.c | 4 ++--
> 3 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
> index cf4a56095817..69caaff37141 100644
> --- a/drivers/bluetooth/hci_bcsp.c
> +++ b/drivers/bluetooth/hci_bcsp.c
> @@ -737,7 +737,7 @@ static int bcsp_close(struct hci_uart *hu)
> {
> struct bcsp_struct *bcsp = hu->priv;
>
> - del_timer_sync(&bcsp->tbcsp);
> + del_timer_shutdown(&bcsp->tbcsp);
>
> hu->priv = NULL;
>
> diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
> index c5a0409ef84f..08a36ea9eea9 100644
> --- a/drivers/bluetooth/hci_h5.c
> +++ b/drivers/bluetooth/hci_h5.c
> @@ -253,7 +253,7 @@ static int h5_close(struct hci_uart *hu)
> {
> struct h5 *h5 = hu->priv;
>
> - del_timer_sync(&h5->timer);
> + del_timer_shutdown(&h5->timer);
>
> skb_queue_purge(&h5->unack);
> skb_queue_purge(&h5->rel);
> diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
> index 8df11016fd51..1796166ba35d 100644
> --- a/drivers/bluetooth/hci_qca.c
> +++ b/drivers/bluetooth/hci_qca.c
> @@ -697,8 +697,8 @@ static int qca_close(struct hci_uart *hu)
> skb_queue_purge(&qca->txq);
> skb_queue_purge(&qca->rx_memdump_q);
> destroy_workqueue(qca->workqueue);
> - del_timer_sync(&qca->tx_idle_timer);
> - del_timer_sync(&qca->wake_retrans_timer);
> + del_timer_shutdown(&qca->tx_idle_timer);
> + del_timer_shutdown(&qca->wake_retrans_timer);
> qca->hu = NULL;
>
> kfree_skb(qca->rx_skb);
> --
> 2.35.1
--
Luiz Augusto von Dentz