Re: [Bluez-devel] Oops involving RFCOMM and sysfs

From: Cornelia Huck
Date: Thu Jan 17 2008 - 06:43:33 EST

Next message: Anton Salikhmetov: "Re: [PATCH -v5 1/2] Massive code cleanup of sys_msync()"
Previous message: CaT: "Re: 2.6.24-rc7: memory leak?"
In reply to: Dave Young: "Re: [Bluez-devel] Oops involving RFCOMM and sysfs"
Next in thread: Dave Young: "Re: [Bluez-devel] Oops involving RFCOMM and sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Jan 2008 16:15:04 +0800,
Dave Young <hidave.darkstar@xxxxxxxxx> wrote:

> On Thu, Jan 17, 2008 at 03:24:50PM +0800, Dave Young wrote:
> > On Jan 17, 2008 7:06 AM, Gabor Gombas <gombasg@xxxxxxxxx> wrote:
> > > Hi,
> > >
> > > On Wed, Jan 16, 2008 at 09:02:05AM +0800, Dave Young wrote:
> > >
> > > > The rfcomm tty device will possibly retain even when conn is down,
> > > > and sysfs doesn't support zombie device moving, so this patch
> > > > move the tty device before conn device is destroyed.
> > > >
> > > > Signed-off-by: Dave Young <hidave.darkstar@xxxxxxxxx>
> > >
> > > This seems to work, both the oops and the hang are gone. I get these
> > > messages in syslog when the Bluetooth link hangs and I want to kill pppd
> > > with "poff":
> > >
> > > Jan 16 23:55:59 twister kernel: unregister_netdevice: waiting for ppp0 to become free. Usage count = 1
> > > Jan 16 23:56:09 twister kernel: unregister_netdevice: waiting for ppp0 to become free. Usage count = 1

Might be helpful to try with CONFIG_DEBUG_DRIVER=y and
CONFIG_KOBJECT_DEBUG=y to spot where a reference is not dropped.

> > >
> > > But a "killall -9 pppd" seems to help and then the re-connect (after the
> > > phone got power-cycled) works.
> >
> > Weird, I guess "device_move(dev, NULL) two times" cause the problem.
> >
> > Anyway, device_move should check the old_parent and new_parent , if
> > they equal to each other then just return.

sysfs_move_dir() does this (to avoid a loop later in the function).
Don't know if that's a good thing to check at a higher level as well,
because the calling code should really know where their devices are.

Anyway, if this "move in place" exposes a refcounting bug, we must fix
it.

> >
> > Am I right?
>
> Could you apply this patch as well to test? Thanks.
>
> diff -upr linux/net/bluetooth/rfcomm/tty.c linux.new/net/bluetooth/rfcomm/tty.c
> --- linux/net/bluetooth/rfcomm/tty.c 2008-01-17 16:09:34.000000000 +0800
> +++ linux.new/net/bluetooth/rfcomm/tty.c 2008-01-17 16:10:22.000000000 +0800
> @@ -692,7 +692,8 @@ static void rfcomm_tty_close(struct tty_
> BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
>
> if (--dev->opened == 0) {
> - device_move(dev->tty_dev, NULL);
> + if (dev->tty_dev->parent)
> + device_move(dev->tty_dev, NULL);
>
> /* Close DLC and dettach TTY */
> rfcomm_dlc_close(dev->dlc, 0);
>

Avoiding to move devices when there is nothing to be moved nevertheless
sounds like a good idea :)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Anton Salikhmetov: "Re: [PATCH -v5 1/2] Massive code cleanup of sys_msync()"
Previous message: CaT: "Re: 2.6.24-rc7: memory leak?"
In reply to: Dave Young: "Re: [Bluez-devel] Oops involving RFCOMM and sysfs"
Next in thread: Dave Young: "Re: [Bluez-devel] Oops involving RFCOMM and sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]