Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2241434pxm; Fri, 4 Mar 2022 12:08:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJy8X3tG6Hgf8bQ5Ys4hPQ04daAyhtMgit3wWz2gQTC9E0k3gwwgrhWGNvxe7BPhCeAcCo5S X-Received: by 2002:a17:902:6841:b0:150:9b8c:3a67 with SMTP id f1-20020a170902684100b001509b8c3a67mr18097pln.151.1646424514867; Fri, 04 Mar 2022 12:08:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646424514; cv=none; d=google.com; s=arc-20160816; b=IitREKRmoDlanM4Rx6+4dvXSk5fPjX2PtMMSJvAb94rZ2dzu9whlPjpw0Pro/kk+6K Xo05ejPjc5Ci+MxY8m9mLFi8sndB59K6u415yO1eJVnQD3PT3lpJXVLvPy85tVG92VQB Q8AUm6Z1QZGxZZtbPgxdtayGTu7XL5YHEgXLn9S79dw+mi4rNFmLyezzRDsH0DtBo720 GfWx4MFh2EET7vsvs5jHECzyzkfQNKNqkEUvi9crwvGFZoyrV9nzGLknla61nwtw/pEK dW4KtxvvFPhk33ogzO+z9ygIrGXAwe7NVopSxB/c7FEiagXoi23+LB1XD3wBk6QYpUV1 m//w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=pmYQ1GofDTqDs4bSz7CNIrkjRsWJxfVM2Kr/7FmZdfQ=; b=lQ4nLXFwuaUyR/uSTcYlbSZ/iTsVJGiuG1zX/4cKs+AO860B8z2wgr4BgrbEsSDGIQ B6DqjJ4zmn+E+bvoxStWbzqTyoibhZwPvZncSbwbmBG4CiBaXL76egTiX6yzh4qFVrlC 8E5iJ0ofBreP7FAq4BEYhvh9bzGYtwOW0tNQiURNeXeRoTKWjgTmwNwlU3Rt4x1kgMIv Lp9mVgCcjUeFnGu0R/xWMdTWHERUsvJPwHRedrxelqaJZq2aD8aXgCfkJSOslwgSMqfG F/hzg8w/z1bun6j76rTjo020mIZBrJqR1z6TA41SyCSSvmuUqyldEFeIm23fQm3unb1i T40A== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id y132-20020a62648a000000b004f6717a9bfcsi4640702pfb.316.2022.03.04.12.08.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Mar 2022 12:08:34 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0125F2CF487; Fri, 4 Mar 2022 11:27:22 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234485AbiCDPbK (ORCPT + 99 others); Fri, 4 Mar 2022 10:31:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229864AbiCDPbK (ORCPT ); Fri, 4 Mar 2022 10:31:10 -0500 Received: from mail.holtmann.org (coyote.holtmann.net [212.227.132.17]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2ED131C4B3A; Fri, 4 Mar 2022 07:30:22 -0800 (PST) Received: from smtpclient.apple (p5b3d2910.dip0.t-ipconnect.de [91.61.41.16]) by mail.holtmann.org (Postfix) with ESMTPSA id 4DDB3CECC9; Fri, 4 Mar 2022 16:30:21 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\)) Subject: Re: [PATCH] Bluetooth: hci_event: Add missing locking on hdev in hci_le_ext_adv_term_evt From: Marcel Holtmann In-Reply-To: <436acf8a-ea5f-a308-0e3e-fc7c6ffde7aa@ugent.be> Date: Fri, 4 Mar 2022 16:30:20 +0100 Cc: Johan Hedberg , Luiz Augusto von Dentz , LKML , linux-bluetooth@vger.kernel.org Content-Transfer-Encoding: 7bit Message-Id: <4E8D6D80-C300-4E79-B2EC-B733D5AFCACD@holtmann.org> References: <436acf8a-ea5f-a308-0e3e-fc7c6ffde7aa@ugent.be> To: Niels Dossche X-Mailer: Apple Mail (2.3693.60.0.1.1) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Niels, > Both hci_find_adv_instance and hci_remove_adv_instance have a comment > above their function definition saying that these two functions require > the caller to hold the hdev->lock lock. However, hci_le_ext_adv_term_evt > does not acquire that lock and neither does its caller hci_le_meta_evt > (hci_le_meta_evt calls hci_le_ext_adv_term_evt via an indirect function > call because of the lookup in hci_le_ev_table). > > The other event handlers all acquire and release the hdev->lock and they > follow the rule that hci_find_adv_instance and hci_remove_adv_instance > must be called while holding the hdev->lock lock. > > The solution is to make sure hci_le_ext_adv_term_evt also acquires and > releases the hdev->lock lock. The check on ev->status which logs a > warning and does an early return is not covered by the lock because > other functions also access ev->status without holding the lock. > > Signed-off-by: Niels Dossche > --- > net/bluetooth/hci_event.c | 19 ++++++++++++------- > 1 file changed, 12 insertions(+), 7 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel