bluetooth: module_refcount is not decreased when connection times out

All of lore.kernel.org
 help / color / mirror / Atom feed

* bluetooth: module_refcount is not decreased when connection times out
@ 2009-05-08 22:59 Bing Zhao
  2009-05-08 23:20 ` Marcel Holtmann
  2009-05-08 23:27 ` Marcel Holtmann
  0 siblings, 2 replies; 6+ messages in thread
From: Bing Zhao @ 2009-05-08 22:59 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Marcel Holtmann



Hi,

The module refcount is increased by hci_dev_hold() call in hci_conn_add() i=
n hci_conn.c, and it is decreased by hci_dev_put() call in "del_conn" (hci_=
sysfs.c).

In case connection timeout happens, hci_dev_put() is never called.

Procedure to reproduce the issue:

# hciconfig hci0 up
# lsmod | grep btusb				-> "used by" refcount =3D 1

# hcitool cc <non-exisiting bdaddr>		-> will get timeout

# lsmod | grep btusb				-> "used by" refcount =3D 2
# hciconfig hci0 down
# lsmod | grep btusb				-> "used by" refcount =3D 1
# rmmod btusb					-> ERROR: Module btusb is in use


Regards,

Bing

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: bluetooth: module_refcount is not decreased when connection times out
  2009-05-08 22:59 bluetooth: module_refcount is not decreased when connection times out Bing Zhao
@ 2009-05-08 23:20 ` Marcel Holtmann
  2009-05-08 23:27 ` Marcel Holtmann
  1 sibling, 0 replies; 6+ messages in thread
From: Marcel Holtmann @ 2009-05-08 23:20 UTC (permalink / raw)
  To: Bing Zhao; +Cc: linux-bluetooth

Hi Bing,

> The module refcount is increased by hci_dev_hold() call in hci_conn_add() in hci_conn.c, and it is decreased by hci_dev_put() call in "del_conn" (hci_sysfs.c).
> 
> In case connection timeout happens, hci_dev_put() is never called.
> 
> Procedure to reproduce the issue:
> 
> # hciconfig hci0 up
> # lsmod | grep btusb				-> "used by" refcount = 1
> 
> # hcitool cc <non-exisiting bdaddr>		-> will get timeout
> 
> # lsmod | grep btusb				-> "used by" refcount = 2
> # hciconfig hci0 down
> # lsmod | grep btusb				-> "used by" refcount = 1
> # rmmod btusb					-> ERROR: Module btusb is in use

I have seen that happen before, but never had the time to check up on
them. Your analysis seems correct. Would have to check on how to fix
this. Proposals are welcome.

Regards

Marcel



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: bluetooth: module_refcount is not decreased when connection times out
  2009-05-08 22:59 bluetooth: module_refcount is not decreased when connection times out Bing Zhao
  2009-05-08 23:20 ` Marcel Holtmann
@ 2009-05-08 23:27 ` Marcel Holtmann
  2009-05-09  0:01   ` Bing Zhao
  1 sibling, 1 reply; 6+ messages in thread
From: Marcel Holtmann @ 2009-05-08 23:27 UTC (permalink / raw)
  To: Bing Zhao; +Cc: linux-bluetooth

[-- Attachment #1: Type: text/plain, Size: 326 bytes --]

Hi Bing,

> The module refcount is increased by hci_dev_hold() call in hci_conn_add() in hci_conn.c, and it is decreased by hci_dev_put() call in "del_conn" (hci_sysfs.c).
> 
> In case connection timeout happens, hci_dev_put() is never called.

can you test the attached patch for quickly. It should fix it.

Regards

Marcel


[-- Attachment #2: patch-fix-hci-dev-refcount --]
[-- Type: text/x-patch, Size: 975 bytes --]

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 61309b2..85a1c6b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -292,6 +292,8 @@ int hci_conn_del(struct hci_conn *conn)
 
 	hci_conn_del_sysfs(conn);
 
+	hci_dev_put(hdev);
+
 	return 0;
 }
 
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index a05d45e..cd84cd4 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -99,6 +99,8 @@ static void add_conn(struct work_struct *work)
 		BT_ERR("Failed to register connection device");
 		return;
 	}
+
+	hci_dev_hold(hdev);
 }
 
 /*
@@ -120,7 +122,7 @@ static void del_conn(struct work_struct *work)
 	flush_work(&conn->work_add);
 
 	if (!device_is_registered(&conn->dev))
-		return;
+		goto done;
 
 	while (1) {
 		struct device *dev;
@@ -134,6 +136,8 @@ static void del_conn(struct work_struct *work)
 
 	device_del(&conn->dev);
 	put_device(&conn->dev);
+
+done:
 	hci_dev_put(hdev);
 }
 

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* RE: bluetooth: module_refcount is not decreased when connection times out
  2009-05-08 23:27 ` Marcel Holtmann
@ 2009-05-09  0:01   ` Bing Zhao
  2009-05-09  0:03     ` Marcel Holtmann
  0 siblings, 1 reply; 6+ messages in thread
From: Bing Zhao @ 2009-05-09  0:01 UTC (permalink / raw)
  To: Marcel Holtmann; +Cc: linux-bluetooth

> Hi Bing,
>=20
> > The module refcount is increased by hci_dev_hold() call in hci_conn_add=
() in hci_conn.c, and it is
> decreased by hci_dev_put() call in "del_conn" (hci_sysfs.c).
> >
> > In case connection timeout happens, hci_dev_put() is never called.
>=20
> can you test the attached patch for quickly. It should fix it.
>=20
> Regards
>=20
> Marcel


Hi Marcel,

It seems that hdev is "put" twice with the patch, if the connection fails.

# hciconfig hci0 up
# lsmod | grep btusb				-> "used by" refcount =3D 1

# hcitool cc <non-exisiting bdaddr>		-> will get timeout
# lsmod | grep btusb				-> "used by" refcount =3D 0 (??)

# hcitool cc <non-exisiting bdaddr>		-> time out again
# lsmod | grep btusb				-> "used by" refcount =3D 4294967295 (??)


Thanks,

Bing

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: bluetooth: module_refcount is not decreased when connection times out
  2009-05-09  0:01   ` Bing Zhao
@ 2009-05-09  0:03     ` Marcel Holtmann
  2009-05-09  1:08       ` Bing Zhao
  0 siblings, 1 reply; 6+ messages in thread
From: Marcel Holtmann @ 2009-05-09  0:03 UTC (permalink / raw)
  To: Bing Zhao; +Cc: linux-bluetooth

[-- Attachment #1: Type: text/plain, Size: 808 bytes --]

Hi Bing,

> > > The module refcount is increased by hci_dev_hold() call in hci_conn_add() in hci_conn.c, and it is
> > decreased by hci_dev_put() call in "del_conn" (hci_sysfs.c).
> > >
> > > In case connection timeout happens, hci_dev_put() is never called.
> > 
> > can you test the attached patch for quickly. It should fix it.
>
> It seems that hdev is "put" twice with the patch, if the connection fails.
> 
> # hciconfig hci0 up
> # lsmod | grep btusb				-> "used by" refcount = 1
> 
> # hcitool cc <non-exisiting bdaddr>		-> will get timeout
> # lsmod | grep btusb				-> "used by" refcount = 0 (??)
> 
> # hcitool cc <non-exisiting bdaddr>		-> time out again
> # lsmod | grep btusb				-> "used by" refcount = 4294967295 (??)

the previous patch has one tiny bug. Is this one better?

Regards

Marcel


[-- Attachment #2: patch-fix-hci-dev-refcount-v2 --]
[-- Type: text/x-patch, Size: 763 bytes --]

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 61309b2..85a1c6b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -292,6 +292,8 @@ int hci_conn_del(struct hci_conn *conn)
 
 	hci_conn_del_sysfs(conn);
 
+	hci_dev_put(hdev);
+
 	return 0;
 }
 
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index a05d45e..4cc3624 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -99,6 +99,8 @@ static void add_conn(struct work_struct *work)
 		BT_ERR("Failed to register connection device");
 		return;
 	}
+
+	hci_dev_hold(hdev);
 }
 
 /*
@@ -134,6 +136,7 @@ static void del_conn(struct work_struct *work)
 
 	device_del(&conn->dev);
 	put_device(&conn->dev);
+
 	hci_dev_put(hdev);
 }
 

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* RE: bluetooth: module_refcount is not decreased when connection times out
  2009-05-09  0:03     ` Marcel Holtmann
@ 2009-05-09  1:08       ` Bing Zhao
  0 siblings, 0 replies; 6+ messages in thread
From: Bing Zhao @ 2009-05-09  1:08 UTC (permalink / raw)
  To: Marcel Holtmann; +Cc: linux-bluetooth

> Hi Bing,
>=20
> > > > The module refcount is increased by hci_dev_hold() call in hci_conn=
_add() in hci_conn.c, and it
> is
> > > decreased by hci_dev_put() call in "del_conn" (hci_sysfs.c).
> > > >
> > > > In case connection timeout happens, hci_dev_put() is never called.
> > >
> > > can you test the attached patch for quickly. It should fix it.
> >
> > It seems that hdev is "put" twice with the patch, if the connection fai=
ls.
> >
> > # hciconfig hci0 up
> > # lsmod | grep btusb				-> "used by" refcount =3D 1
> >
> > # hcitool cc <non-exisiting bdaddr>		-> will get timeout
> > # lsmod | grep btusb				-> "used by" refcount =3D 0 (??)
> >
> > # hcitool cc <non-exisiting bdaddr>		-> time out again
> > # lsmod | grep btusb				-> "used by" refcount =3D 4294967295 (??)
>=20
> the previous patch has one tiny bug. Is this one better?
>=20
> Regards
>=20
> Marcel


Hi Marcel,

Thanks for the patch. It works perfectly.

Best regards,

Bing

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2009-05-09  1:08 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-05-08 22:59 bluetooth: module_refcount is not decreased when connection times out Bing Zhao
2009-05-08 23:20 ` Marcel Holtmann
2009-05-08 23:27 ` Marcel Holtmann
2009-05-09  0:01   ` Bing Zhao
2009-05-09  0:03     ` Marcel Holtmann
2009-05-09  1:08       ` Bing Zhao

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.