[PATCH v1 1/2] Bluetooth: btnxpuart: Fix btnxpuart_close
From: Marcel Ziswiler
Date: Wed Oct 18 2023 - 10:56:04 EST
From: Marcel Ziswiler <marcel.ziswiler@xxxxxxxxxxx>
Unfortunately, btnxpuart_close() may trigger a BUG: scheduling while
atomic. Fix this by properly purging the transmit queue and freeing the
receive skb.
Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets")
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@xxxxxxxxxxx>
---
This is the kernel trace this commit fixes:
[ 29.270685] BUG: scheduling while atomic: kworker/u3:0/55/0x00000002
[ 29.277062] Modules linked in: snd_soc_simple_card snd_soc_simple_card_utils crct10dif_ce btnxpuart usb_f_ncm u_ether rtc_ti_k3 k3_j72xx_bandgap mwifiex_sdio mwifiex snd_soc_davinci_mcasp snd_soc_ti_udma sa2ul snd_soc_ti_edma snd_soc_ti_sdma authenc ina2xx snd_soc_nau8822 tps65219_pwrbutton at24 ti_ads1015 industrialio_triggered_buffer kfifo_buf lm75 rtc_ds1307 spi_omap2_mcspi 8021q garp mrp stp llc cfg80211 bluetooth ecdh_generic ecc rfkill libcomposite fuse drm backlight ipv6
[ 29.319532] CPU: 0 PID: 55 Comm: kworker/u3:0 Not tainted 6.6.0-rc5-next-20231010-dirty #35
[ 29.327883] Hardware name: Toradex Verdin AM62 WB on Verdin Development Board (DT)
[ 29.335450] Workqueue: hci0 hci_power_off [bluetooth]
[ 29.340775] Call trace:
[ 29.343220] dump_backtrace+0x98/0x118
[ 29.346984] show_stack+0x18/0x24
[ 29.350303] dump_stack_lvl+0x48/0x60
[ 29.353971] dump_stack+0x18/0x24
[ 29.357287] __schedule_bug+0x50/0x68
[ 29.360953] __schedule+0x7f0/0xa94
[ 29.364446] schedule+0x34/0xc8
[ 29.367588] rpm_resume+0x170/0x6c8
[ 29.371083] __pm_runtime_resume+0x4c/0x90
[ 29.375182] omap8250_set_mctrl+0x2c/0xbc
[ 29.379198] serial8250_set_mctrl+0x20/0x40
[ 29.383387] uart_update_mctrl+0x58/0x78
[ 29.387311] uart_dtr_rts+0x104/0x114
[ 29.390975] tty_port_shutdown+0xd4/0xdc
[ 29.394903] tty_port_close+0x40/0xbc
[ 29.398567] uart_close+0x34/0x9c
[ 29.401882] ttyport_close+0x50/0x94
[ 29.405460] serdev_device_close+0x40/0x50
[ 29.409557] btnxpuart_close+0x48/0xbc [btnxpuart]
[ 29.414364] hci_dev_close_sync+0x2ec/0x754 [bluetooth]
[ 29.419747] hci_dev_do_close+0x2c/0x70 [bluetooth]
[ 29.424772] hci_power_off+0x20/0x64 [bluetooth]
[ 29.429536] process_one_work+0x138/0x244
[ 29.433551] worker_thread+0x320/0x438
[ 29.437302] kthread+0x114/0x118
[ 29.440533] ret_from_fork+0x10/0x20
[ 29.445838] BUG: scheduling while atomic: kworker/u3:0/55/0x00000000
[ 29.453556] Modules linked in: snd_soc_simple_card snd_soc_simple_card_utils crct10dif_ce btnxpuart usb_f_ncm u_ether rtc_ti_k3 k3_j72xx_bandgap mwifiex_sdio mwifiex snd_soc_davinci_mcasp snd_soc_ti_udma sa2ul snd_soc_ti_edma snd_soc_ti_sdma authenc ina2xx snd_soc_nau8822 tps65219_pwrbutton at24 ti_ads1015 industrialio_triggered_buffer kfifo_buf lm75 rtc_ds1307 spi_omap2_mcspi 8021q garp mrp stp llc cfg80211 bluetooth ecdh_generic ecc rfkill libcomposite fuse drm backlight ipv6
[ 29.496085] CPU: 0 PID: 55 Comm: kworker/u3:0 Tainted: G W 6.6.0-rc5-next-20231010-dirty #35
[ 29.505912] Hardware name: Toradex Verdin AM62 WB on Verdin Development Board (DT)
[ 29.513478] Workqueue: hci0 hci_power_off [bluetooth]
[ 29.518787] Call trace:
[ 29.521232] dump_backtrace+0x98/0x118
[ 29.524993] show_stack+0x18/0x24
[ 29.528312] dump_stack_lvl+0x48/0x60
[ 29.531980] dump_stack+0x18/0x24
[ 29.535296] __schedule_bug+0x50/0x68
[ 29.538961] __schedule+0x7f0/0xa94
[ 29.542452] schedule+0x34/0xc8
[ 29.545593] rpm_resume+0x170/0x6c8
[ 29.549087] __pm_runtime_resume+0x4c/0x90
[ 29.553186] omap_8250_pm+0x28/0x110
[ 29.556766] serial8250_pm+0x18/0x3c
[ 29.560347] uart_tty_port_shutdown+0xa4/0x114
[ 29.564792] tty_port_shutdown+0x84/0xdc
[ 29.568718] tty_port_close+0x40/0xbc
[ 29.572382] uart_close+0x34/0x9c
[ 29.575697] ttyport_close+0x50/0x94
[ 29.579275] serdev_device_close+0x40/0x50
[ 29.583373] btnxpuart_close+0x48/0xbc [btnxpuart]
[ 29.588179] hci_dev_close_sync+0x2ec/0x754 [bluetooth]
[ 29.593562] hci_dev_do_close+0x2c/0x70 [bluetooth]
[ 29.598587] hci_power_off+0x20/0x64 [bluetooth]
[ 29.603353] process_one_work+0x138/0x244
[ 29.607369] worker_thread+0x320/0x438
[ 29.611119] kthread+0x114/0x118
[ 29.614352] ret_from_fork+0x10/0x20
drivers/bluetooth/btnxpuart.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c
index b7e66b7ac570..9cb7529eef09 100644
--- a/drivers/bluetooth/btnxpuart.c
+++ b/drivers/bluetooth/btnxpuart.c
@@ -1234,6 +1234,9 @@ static int btnxpuart_close(struct hci_dev *hdev)
ps_wakeup(nxpdev);
serdev_device_close(nxpdev->serdev);
+ skb_queue_purge(&nxpdev->txq);
+ kfree_skb(nxpdev->rx_skb);
+ nxpdev->rx_skb = NULL;
clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
return 0;
}
--
2.36.1