Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2d0dbec2 authored by Rupesh Tatiya's avatar Rupesh Tatiya Committed by Gerrit - the friendly Code Review server
Browse files

bluetooth: wait for write_work from protocol layer to finish 



Simplify the line discipline close function. The write work in line
discipline might be called from three places - namely tty driver, hci
device and protocol. During line discipline close, stop hci device and
protocol layer from submitting new work. Then perform cancel_work_sync.

Further, protocol close will free protocol device but it can referenced
in work handler. Use a lock at line discipline (parent of protocol) to
prevent NULL pointer dereference.

Change-Id: I96137194873627ce9e1c72e5883e7e45cd01842a
Signed-off-by: default avatarRupesh Tatiya <rtatiya@codeaurora.org>
parent 9f7af2ec

drivers/bluetooth/hci_ldisc.c

+33 −8
Original line number Diff line number Diff line
@@ -48,6 +48,16 @@ 


#define VERSION "2.2"



static inline void hci_uart_proto_lock(struct hci_uart *hu)

{

	mutex_lock(&hu->proto_lock);

}



static inline void hci_uart_proto_unlock(struct hci_uart *hu)

{

	mutex_unlock(&hu->proto_lock);

}



static struct hci_uart_proto *hup[HCI_UART_MAX_PROTO];



int hci_uart_register_proto(struct hci_uart_proto *p)
@@ -108,8 +118,15 @@ static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu) 
{

	struct sk_buff *skb = hu->tx_skb;



	if (!skb)

	if (!skb) {

		hci_uart_proto_lock(hu);

		if (!hu->proto) {

			hci_uart_proto_unlock(hu);

			return NULL;

		}

		skb = hu->proto->dequeue(hu);

		hci_uart_proto_unlock(hu);

	}

	else

		hu->tx_skb = NULL;
@@ -137,6 +154,8 @@ static void hci_uart_write_work(struct work_struct *work) 
	struct hci_dev *hdev = hu->hdev;

	struct sk_buff *skb;



	BT_DBG("hu %p hdev %p tty %p", hu, hdev, tty);



	/* REVISIT: should we cope with bad skbs or ->write() returning

	 * and error value ?

	 */
@@ -296,6 +315,7 @@ static int hci_uart_tty_open(struct tty_struct *tty) 
	INIT_WORK(&hu->write_work, hci_uart_write_work);



	spin_lock_init(&hu->rx_lock);

	mutex_init(&hu->proto_lock);



	/* Flush any pending characters in the driver and line discipline. */
@@ -328,19 +348,24 @@ static void hci_uart_tty_close(struct tty_struct *tty) 
		return;



	hdev = hu->hdev;

	if (hdev)

		hci_uart_close(hdev);



	if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) {

	if (hdev) {

		hci_uart_close(hdev);

		if (test_bit(HCI_UART_REGISTERED, &hu->flags))

			hci_unregister_dev(hdev);

			cancel_work_sync(&hu->write_work);

			hci_free_dev(hdev);

	}



	if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) {

		hci_uart_proto_lock(hu);

		hu->proto->close(hu);

		hu->proto = NULL;

		hci_uart_proto_unlock(hu);

	}



	cancel_work_sync(&hu->write_work);



	if (hdev)

		hci_free_dev(hdev);

	mutex_destroy(&hu->proto_lock);

	kfree(hu);

}

drivers/bluetooth/hci_uart.h

+1 −0
Original line number Diff line number Diff line
@@ -75,6 +75,7 @@ struct hci_uart { 
	struct work_struct	write_work;



	struct hci_uart_proto	*proto;

	struct mutex		proto_lock;

	void			*priv;



	struct sk_buff		*tx_skb;