Return-Path: Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\)) Subject: Re: [PATCH] Bluetooth: hci_ldisc: Fix another race when closing the tty. From: Marcel Holtmann In-Reply-To: <20171026051519.GA15958@innovation.ch> Date: Mon, 30 Oct 2017 15:49:16 +0100 Cc: "Gustavo F. Padovan" , Johan Hedberg , Dean Jenkins , Lukas Wunner , "open list:BLUETOOTH DRIVERS" , linux-kernel@vger.kernel.org Message-Id: References: <20171026051519.GA15958@innovation.ch> To: =?us-ascii?B?PT9VVEYtOD9xP1JvbmFsZD0yMFRzY2hhbD1DMz1BNHI/PQ==?= Sender: linux-kernel-owner@vger.kernel.org List-ID: Hi Ronald, > The following race condition still existed: > > P1 P2 > cancel_work_sync() > hci_uart_tx_wakeup() > hci_uart_write_work() > hci_uart_dequeue() > clear_bit(HCI_UART_PROTO_READY) > hci_unregister_dev(hdev) > hci_free_dev(hdev) > hu->proto->close(hu) > kfree(hu) > access to hdev and hu > > Cancelling the work after clearing the HCI_UART_PROTO_READY bit avoids > this as any hci_uart_tx_wakeup() issued after the flag is cleared will > detect that and not schedule further work. > > Signed-off-by: Ronald Tschalär > Cc: Dean Jenkins > Cc: Lukas Wunner > Cc: Marcel Holtmann > Cc: Gustavo Padovan > Cc: Johan Hedberg > --- > drivers/bluetooth/hci_ldisc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel