[PATCH v4a 10/38] timers: Bluetooth: Use timer_shutdown_sync() before freeing timer

From: Steven Rostedt
Date: Sat Nov 05 2022 - 02:02:15 EST

Next message: Steven Rostedt: "[PATCH v4a 18/38] timers: usb: Use timer_shutdown_sync() before freeing timer"
Previous message: Steven Rostedt: "[PATCH v4a 29/38] random: use timer_shutdown_sync() for on stack timers"
In reply to: Steven Rostedt: "[PATCH v4a 29/38] random: use timer_shutdown_sync() for on stack timers"
Next in thread: Steven Rostedt: "[PATCH v4a 18/38] timers: usb: Use timer_shutdown_sync() before freeing timer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>

Before a timer is freed, timer_shutdown_sync() must be called.

In h5_close(), the timer is removed with del_timer_sync(), but it is only
freed if hu->serdev is NULL. I added timer_shutdown_sync() just before it
is freed. timer_shutdown() may also be used, but just in case it gets
re-armed somehow, I figured another sync will keep that from being an
issue.

Link: https://lore.kernel.org/all/20221104054053.431922658@xxxxxxxxxxx/

Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Cc: Johan Hedberg <johan.hedberg@xxxxxxxxx>
Cc: Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx>
Cc: linux-bluetooth@xxxxxxxxxxxxxxx
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
---
drivers/bluetooth/hci_bcsp.c | 2 +-
drivers/bluetooth/hci_h5.c | 4 +++-
drivers/bluetooth/hci_qca.c | 4 ++--
3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
index cf4a56095817..834b2efaa9bf 100644
--- a/drivers/bluetooth/hci_bcsp.c
+++ b/drivers/bluetooth/hci_bcsp.c
@@ -737,7 +737,7 @@ static int bcsp_close(struct hci_uart *hu)
{
struct bcsp_struct *bcsp = hu->priv;

- del_timer_sync(&bcsp->tbcsp);
+ timer_shutdown_sync(&bcsp->tbcsp);

hu->priv = NULL;

diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index c5a0409ef84f..633f3027abd2 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -265,8 +265,10 @@ static int h5_close(struct hci_uart *hu)
if (h5->vnd && h5->vnd->close)
h5->vnd->close(h5);

- if (!hu->serdev)
+ if (!hu->serdev) {
+ timer_shutdown_sync(&h5->timer);
kfree(h5);
+ }

return 0;
}
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 8df11016fd51..eb81296b284c 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -697,8 +697,8 @@ static int qca_close(struct hci_uart *hu)
skb_queue_purge(&qca->txq);
skb_queue_purge(&qca->rx_memdump_q);
destroy_workqueue(qca->workqueue);
- del_timer_sync(&qca->tx_idle_timer);
- del_timer_sync(&qca->wake_retrans_timer);
+ timer_shutdown_sync(&qca->tx_idle_timer);
+ timer_shutdown_sync(&qca->wake_retrans_timer);
qca->hu = NULL;

kfree_skb(qca->rx_skb);
--
2.35.1

Next message: Steven Rostedt: "[PATCH v4a 18/38] timers: usb: Use timer_shutdown_sync() before freeing timer"
Previous message: Steven Rostedt: "[PATCH v4a 29/38] random: use timer_shutdown_sync() for on stack timers"
In reply to: Steven Rostedt: "[PATCH v4a 29/38] random: use timer_shutdown_sync() for on stack timers"
Next in thread: Steven Rostedt: "[PATCH v4a 18/38] timers: usb: Use timer_shutdown_sync() before freeing timer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]