Revert "Bluetooth: Fix possible deadlock in SCO code"

This reverts commit 269c4845d5b3627b95b1934107251bacbe99bb68. The commit was causing dead locks and NULL dereferences in the sco code: [28084.104013] BUG: soft lockup - CPU#0 stuck for 22s! [kworker/u:0H:7] [28084.104021] Modules linked in: btusb bluetooth <snip [last unloaded: bluetooth] ... [28084.104021] [<c160246d>] _raw_spin_lock+0xd/0x10 [28084.104021] [<f920e708>] sco_conn_del+0x58/0x1b0 [bluetooth] [28084.104021] [<f920f1a9>] sco_connect_cfm+0xb9/0x2b0 [bluetooth] [28084.104021] [<f91ef289>] hci_sync_conn_complete_evt.isra.94+0x1c9/0x260 [bluetooth] [28084.104021] [<f91f1a8d>] hci_event_packet+0x74d/0x2b40 [bluetooth] [28084.104021] [<c1501abd>] ? __kfree_skb+0x3d/0x90 [28084.104021] [<c1501b46>] ? kfree_skb+0x36/0x90 [28084.104021] [<f91fcb4e>] ? hci_send_to_monitor+0x10e/0x190 [bluetooth] [28084.104021] [<f91fcb4e>] ? hci_send_to_monitor+0x10e/0x190 [bluetooth] Cc: stable@vger.kernel.org Reported-by: Chan-yeol Park <chanyeol.park@gmail.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>

Revert "Bluetooth: Fix possible deadlock in SCO code"
This reverts commit 269c4845d5b3627b95b1934107251bacbe99bb68. The commit was causing dead locks and NULL dereferences in the sco code: [28084.104013] BUG: soft lockup - CPU#0 stuck for 22s! [kworker/u:0H:7] [28084.104021] Modules linked in: btusb bluetooth <snip [last unloaded: bluetooth] ... [28084.104021] [<c160246d>] _raw_spin_lock+0xd/0x10 [28084.104021] [<f920e708>] sco_conn_del+0x58/0x1b0 [bluetooth] [28084.104021] [<f920f1a9>] sco_connect_cfm+0xb9/0x2b0 [bluetooth] [28084.104021] [<f91ef289>] hci_sync_conn_complete_evt.isra.94+0x1c9/0x260 [bluetooth] [28084.104021] [<f91f1a8d>] hci_event_packet+0x74d/0x2b40 [bluetooth] [28084.104021] [<c1501abd>] ? __kfree_skb+0x3d/0x90 [28084.104021] [<c1501b46>] ? kfree_skb+0x36/0x90 [28084.104021] [<f91fcb4e>] ? hci_send_to_monitor+0x10e/0x190 [bluetooth] [28084.104021] [<f91fcb4e>] ? hci_send_to_monitor+0x10e/0x190 [bluetooth] Cc: stable@vger.kernel.org Reported-by: Chan-yeol Park <chanyeol.park@gmail.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Gustavo Padovan
1 parent f2592d3ee3
Showing 1 changed file with 10 additions and 9 deletions Side-by-side Diff
net/bluetooth/sco.c
@@ -131,15 +131,6 @@
 		sco_sock_clear_timer(sk);
 		sco_chan_del(sk, err);
 		bh_unlock_sock(sk);
-
-		sco_conn_lock(conn);
-		conn->sk = NULL;
-		sco_pi(sk)->conn = NULL;
-		sco_conn_unlock(conn);
-
-		if (conn->hcon)
-			hci_conn_put(conn->hcon);
-
 		sco_sock_kill(sk);
 	}
  
@@ -884,6 +875,16 @@
 	conn = sco_pi(sk)->conn;
  
 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
+
+	if (conn) {
+		sco_conn_lock(conn);
+		conn->sk = NULL;
+		sco_pi(sk)->conn = NULL;
+		sco_conn_unlock(conn);
+
+		if (conn->hcon)
+			hci_conn_put(conn->hcon);
+	}
  
 	sk->sk_state = BT_CLOSED;
 	sk->sk_err   = err;
...	...	@@ -131,15 +131,6 @@
131	131	sco_sock_clear_timer(sk);
132	132	sco_chan_del(sk, err);
133	133	bh_unlock_sock(sk);
134		-
135		- sco_conn_lock(conn);
136		- conn->sk = NULL;
137		- sco_pi(sk)->conn = NULL;
138		- sco_conn_unlock(conn);
139		-
140		- if (conn->hcon)
141		- hci_conn_put(conn->hcon);
142		-
143	134	sco_sock_kill(sk);
144	135	}
145	136
...	...	@@ -884,6 +875,16 @@
884	875	conn = sco_pi(sk)->conn;
885	876
886	877	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
	878	+
	879	+ if (conn) {
	880	+ sco_conn_lock(conn);
	881	+ conn->sk = NULL;
	882	+ sco_pi(sk)->conn = NULL;
	883	+ sco_conn_unlock(conn);
	884	+
	885	+ if (conn->hcon)
	886	+ hci_conn_put(conn->hcon);
	887	+ }
887	888
888	889	sk->sk_state = BT_CLOSED;
889	890	sk->sk_err = err;