From patchwork Mon Dec 9 09:42:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Iulia Tanasescu X-Patchwork-Id: 848935 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2088.outbound.protection.outlook.com [40.107.22.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57CDD215F5C for ; Mon, 9 Dec 2024 09:42:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.22.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733737358; cv=fail; b=LMCvZKxbtH/00irxvDplt4hFAKwgieru/Y3VoTWo/oKTrwe5Jfb2SJpanBYAcLxpjKam0Mh39SMPOAyNo34XTh/UR3iUDYwcZDrqwdpiYrwo32psb3PHfmGo3odcon2ojwTnLTSTHm2tGg9nzVGnISPL8HR3mmRB2Q9RgMNP+tQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733737358; c=relaxed/simple; bh=wKdSmyXwfJuAkVjbaYUOd8VDB5n54KHV8G+/V0MKWds=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: Content-Type:MIME-Version; b=oLZJQehfKy3La62+3mkijlUBEOGJOLRco54nSijguiNCe7vASQNzy2cWphAaJBwSAQty7Rcnd4iVrhhEdK4g0BWkt1TqfIs+bGmVHsH7wKZVTIfs15uFwwz8fsT7XHANUhTg3XuixcFoXh1PZlRbpnfP9KVvp7BQcVz7ObZyJUQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b=CSkTjHfS; arc=fail smtp.client-ip=40.107.22.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b="CSkTjHfS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LvHVSqvsq+dRwPBe/m7atC1C4nfPr4k4Q2zvG3PDlpGqI5GcRKDOeZBbq5gUFZXW3D4pIxqSFUHwPpNED7pdToVGOKEoQLTTc4kvpFPRjQafdAsvG6Co0tLxjWlyfy4ZXo3lgOx+JTrM6byZYnInL4RTWvjROa9NGyQAkA8dAbLvCqMm5nm7jz+2ghJDNJ01MPT+4qCXzVBuSGSyabxeqRGX/lmNiotToHnJMjt5JTxa8ssE2iGWfbx9FpAVjMM0Gb11hm12rDcbggkR3jyMUVr3h6sQDUvAc0QQtWC0WbzYJo2mEGtoFdlAg4opemQVI6zoKiQzDnknElT+PUQATw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KUQkiFm2SbWHpoV4/1tqfSg1ec+GTBm5MgP84GSp9aQ=; b=W8goWq0QsR4isOLf+z3oMgYHiLDQFnYn4hyhJn34EChMs9Xkkdur7auGXAWzLbkiCAD/YuCyWBTm2Acw2TSNCUW0JnTyIsMhlDYkVyBTvZyhd61rxUyE/LzfqjV93M4PnfqDBcEa+XqPKt0SUo6kcNlzyS7DKkQRUqvcpAJeiX1S0ami40ccka84BkN6UPZi5Nsa21q0fdFgS0P6PFvnLSscsmB45pVHXD9Qc9FVvsjMpJrf4HQgzV+JaNh5KnCQBV5pyz/cmUPDVL62KW6QXujMnG2bsJxi4efLxms5xBWzOCCfb958GNtctrL0HDsfq7ysT/zujgX9+dkP7cEvpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KUQkiFm2SbWHpoV4/1tqfSg1ec+GTBm5MgP84GSp9aQ=; b=CSkTjHfSYK/vK/dYPbJ/HNfYgtvu3aEryLoO0b7ijOQL5ttMO8RzbZkyNeRg0elhyDNpqno2gZdFQ92zexfo3Y3hGAg1cbIX4RpvkSFWGJS6Si02qlYiZtHn/wPmkqnlPwvE2weFst+lNTx3D5D+jLd3lU6/Yx7abE5NF5p4C78kfL8TLTNCH38jxDllfSm0NKs4xOIz4lJ9ExDTOi4oW3/ieMv5ZO8f6tMaJdqy5KFnbhrIfamNLJ+a/VaST6rxoYCdA9WVWWmJt7bMV/w73soLfGIVaZsrn7Amk01FGutcSrXTu/FvGAcPpQTUZxkxnyKFN6ICZvorQZ1YTMXHoQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AS8PR04MB8898.eurprd04.prod.outlook.com (2603:10a6:20b:42d::15) by VI1PR04MB7086.eurprd04.prod.outlook.com (2603:10a6:800:121::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8230.18; Mon, 9 Dec 2024 09:42:32 +0000 Received: from AS8PR04MB8898.eurprd04.prod.outlook.com ([fe80::5e22:869c:33c:9654]) by AS8PR04MB8898.eurprd04.prod.outlook.com ([fe80::5e22:869c:33c:9654%4]) with mapi id 15.20.8230.010; Mon, 9 Dec 2024 09:42:32 +0000 From: Iulia Tanasescu To: linux-bluetooth@vger.kernel.org Cc: claudia.rosu@nxp.com, mihai-octavian.urzica@nxp.com, andrei.istodorescu@nxp.com, luiz.dentz@gmail.com, Iulia Tanasescu Subject: [PATCH v2 1/2] Bluetooth: iso: Fix circular lock in iso_listen_bis Date: Mon, 9 Dec 2024 11:42:17 +0200 Message-ID: <20241209094218.4939-2-iulia.tanasescu@nxp.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241209094218.4939-1-iulia.tanasescu@nxp.com> References: <20241209094218.4939-1-iulia.tanasescu@nxp.com> X-ClientProxiedBy: AM9P250CA0024.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:21c::29) To AS8PR04MB8898.eurprd04.prod.outlook.com (2603:10a6:20b:42d::15) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB8898:EE_|VI1PR04MB7086:EE_ X-MS-Office365-Filtering-Correlation-Id: 6025693e-00ad-43a5-fbe7-08dd1835ce10 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: bq7jr/u/fkx0U5ClUxYWTfOpaIRgUgJJkPA0iMCZ9glXVa869vH95ogZ2/8PYi1UVc8pdx9t921CPTqtpfXarQLaw3YFidVdQkDX0Bp0xY5gzZtp36ZCNZZ28r6I/AMpalQMfzRmqDd0qecp1DHLWwnknJA0zeWW0DpHFGxwWO6XhiNhHTVvrSGUNSVK3Py0jAIiUCfW7Rw60eQFV8DfUTOznAHAuEKxm+HgtIwCvQVL3W46Bw60X9Q401+UrERl5J/uOWmZTfBN5kvSBfmafE8UR5P1Fp1gBMMpeA8yN5IfrKgEiE6wZ5s0whNxCQWP6hzSoCXUhUB5JozQGM8G2X8MOKyr7grnd1WsGUmYhuDHBLtlH5hpTAJZLg6aUo6kOURDBfdLcopvVGABux0lenb9iBYqiC60ipSjxyTBbrUzjxBrfa1rIc4GVtQJoHncfRuwKU/IbnGoZjKQTdKWoEUQOgZfJYQj3HftSSBFSYqw2+DTTlB4Igm9OQl4GA3XxoXcUgODBpxLrmEZhvteWUDJ581sNi1PO8mO9MdrlBQdlgiNAKTedlm60jcP/4QaZJBDQBIgzK71GLDjMFEpRtWkBRgpGceqhjgfwkEj+gkerdJOQ3gA97jn+NeX+OkBqWA/mY4VqlalHHA+KGr6uOAadpiklN4J4AtLU5ewT/6IVI99X+CB2KTTGqofZ4hGgiDWKmH6nl6EUG6raOqZs+rzR1+TflpxCUhSdEz1wUGWRlJrpTzHD38HzQ572ZHcM8gHOdu6SfLLsDzY18sauWifuNloEi6D9xQLaRpFUZZ/XnrTyaKsRv7fL0MJRLdqolTLUK88Npgbbo/qWhzZ26BJBcMSUeGCnXiskuX3B4azZg1wqenWe/+ZK4p5huyivR0+CdVXqSUgWv2ef4+E9DmhQCnOLTGxQ3PSFk/ZdJdfwX303TcroIUWq82PeTJkqn8opwhE/T7BlHfIMj2yIdnRkevKJe9C8v03wm+73ZJreLGWSUGa0wvmVvDqxTPaHud18dhLvswbNwFB9ZxcKU1/gAT/JecuRgSMxWLDO5KWUZGzA+xD7QvKG26zfa9iWpyogIt/sROP7QCJEc9wd/yyBOpqdJn6u+aVHrjZhuEW/Vv4UCqiOpZwHKJ3JNlyL5YEI8RTEb10zn9E/vbTN+Mk81jL85e5yOom2dLOOI3GI1Q8t4hrdZJ9oEsrnF9Bu7EHBYobDQfTcYLrzS8/oX10n4NqGkI99KINcpoJxgKcepmy/d8xNdtjCXWIaWnXYY6irlO8UGq923oAvd356fGgS157zYHSoovi8rQQr0vSH/zwhbXeMY0L0huAsWNePXjwW+WlLMd/LixzbjrsqA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR04MB8898.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(376014)(1800799024)(366016); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: x0OHRPbn5cKh3f/1WwcrKPhYY4N9OZn1H0CYGygMV/93jQ03zgzjZx+OoLQKwagtuau3kaTgfi3w/J4EOyAHmJGIpZAgkuArPx+9G+6g8/4BPluPCcu+mxKB7a/BZ/LiPe2e4v52XhG3MdtuW/1vAfvtHDKD8QW3z59B89qpSb4k/rEKpclTnl0Vsdst6yCUTynu6SJgEvkjHDUWt1xcuA3QqdIz+27byjNgy2TicB4gregyn/3NwdBhZ/mLK3fB3wWfNQn9brwUIPGaoFP1PtApjIqgSex8tBvTP4++YBR6ha91MT1oylbhK7+zF5DdNOHnwOy+2XdKwhOh+wWJ4lhEb+r2eMw9gHYxDO641ZzY341vDOdnuWTNWhXBHlYBpLMdHtSQZg2PWUK50Bzt8qufz3tuMjutc1ctZ5kuoJmR/mP6aza1S6onkGVkoF9AAWEDUU7jeNxn4yKij6Zpg3y/r6ZAV7ZWFs3r4wsPUZa9Gkl9F16HMwv/DyOI+bsFnAY7a2mAJ9k8lcHhL8irk9wH0cM33hQ3aQdkvAO+6Z1EDVVD0VblsQn3IWnzESDVONYKSenkNvFys4MKIgScRAotNVdwqxMHzZnwtcdv4+hZgosZ7f5tYcS6fhqNFGKnZHRH74l+w1waJ7zP6R0wSGjyfXZhZMHhm3E6dkrVDkwcnwQdJq6dSJ1x3QvlB054NIb/s7vDZDr+MWqIBxmhg5maqoHST42i2qanw56knzdxqsaeV/QikQNRV4HscIrQuRXK4ly4lFmkww2Y+bnyGmODDfJJpBNEkw+9TB+j8jmwug1YkZ78X8SBeRLgiWPJqSd0PreF0UdEs6+saybCMDKQAFVacQ/kzRHswn7tQ40Ll9E8V+S8rE5iZwt9t/sbG7ZuKkOSFTwVkYZpXx3c91E9VgGKfSUp/7cLlDKT4BL1tqDW10atfcyFP48ymbFHRR/affPJNAsZNuycgrdxkDGwjheAUL1DmG75cnp47ltrGuAB1mgCvOAKhpSqVwi18hvhItNXe0nnD7YZHsHF628Uu7BiZ3D40ReqewkRFKOyYoPE87uZ2vgPP02YQZmHnAnqd8MsGNHDEiDi4Wo9qJ8mj53OpRDQLzDAWI2kQR/FyA6Ck/QroDXBoWNTHmgXcYE++Vbk2GztWrp/a1fS+drKFe3KTvXR78aqkYyr5O/8XooC2zHCxBi2ugeVwWUULhm9SI+yuSZD/Zuo1i1m5hYZvrJvxhaJgs1y4d+up7Qiy0ZCEt9cMnxSC2IFzkJ9RuwBYjHkc8ODZn/Kb7BQxBq1V+QV2rSzdANHmi61NUPpB2+dsZPHevDICVNfket4bo2GoPVmu1oLXXxc1mv6FLBSgtBtiti+WtJETdQHv0+qfuYG1e6dKSjgaYMRHmlCrpjtGY0vQyfp2erGVBaWmhNuRwt7h8Po5eXyMAkYFKStkrK9iSQaUUKlq7/pMC4SmllPB+4nj7LJ23vmfKTBXVLEV7t+Bfmw1F2Xjs+UbJFCuRq4Zo8tTUFMPrBXUT3DxZ6VWOOgC5+LP4VnxO//xNzouIstaGs/6iK3nlKvqtnbF2gZrmmyxun2x1/Sj7pLINORM5QBGaE30Ujq33VDFA== X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6025693e-00ad-43a5-fbe7-08dd1835ce10 X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB8898.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2024 09:42:32.7810 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AVeUAk/+XzULMiCWc40Oa7halRBmVJ2mPfXcDNIq+F8oAk05lYrauWZYSSKCK5PN01mqfUUg+h4ShINLwK0CAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7086 This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] ------------------------------------------------------ [ 75.307987] kworker/u81:2/2623 is trying to acquire lock: [ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO) at: iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308021] but task is already holding lock: [ 75.308022] ffff8fdd61a10078 (&hdev->lock) at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308053] which lock already depends on the new lock. [ 75.308054] the existing dependency chain (in reverse order) is: [ 75.308055] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 75.308057] __mutex_lock+0xad/0xc50 [ 75.308061] mutex_lock_nested+0x1b/0x30 [ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth] [ 75.308085] __sys_listen_socket+0x49/0x60 [ 75.308088] __x64_sys_listen+0x4c/0x90 [ 75.308090] x64_sys_call+0x2517/0x25f0 [ 75.308092] do_syscall_64+0x87/0x150 [ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 75.308098] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 75.308100] __lock_acquire+0x155e/0x25f0 [ 75.308103] lock_acquire+0xc9/0x300 [ 75.308105] lock_sock_nested+0x32/0x90 [ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth] [ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth] [ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth] [ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth] [ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth] [ 75.308254] process_one_work+0x212/0x740 [ 75.308256] worker_thread+0x1bd/0x3a0 [ 75.308258] kthread+0xe4/0x120 [ 75.308259] ret_from_fork+0x44/0x70 [ 75.308261] ret_from_fork_asm+0x1a/0x30 [ 75.308263] other info that might help us debug this: [ 75.308264] Possible unsafe locking scenario: [ 75.308264] CPU0 CPU1 [ 75.308265] ---- ---- [ 75.308265] lock(&hdev->lock); [ 75.308267] lock(sk_lock- AF_BLUETOOTH-BTPROTO_ISO); [ 75.308268] lock(&hdev->lock); [ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO); [ 75.308270] *** DEADLOCK *** [ 75.308271] 4 locks held by kworker/u81:2/2623: [ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x443/0x740 [ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)), at: process_one_work+0x1ce/0x740 [ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3} at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2}, at: hci_connect_cfm+0x29/0x190 [bluetooth] Fixes: 02171da6e86a ("Bluetooth: ISO: Add hcon for listening bis sk") Signed-off-by: Iulia Tanasescu --- net/bluetooth/iso.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index 5ca381a3b04b..ed559c82d353 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1129,6 +1129,7 @@ static int iso_listen_bis(struct sock *sk) return -EHOSTUNREACH; hci_dev_lock(hdev); + lock_sock(sk); /* Fail if user set invalid QoS */ if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { @@ -1159,6 +1160,7 @@ static int iso_listen_bis(struct sock *sk) } unlock: + release_sock(sk); hci_dev_unlock(hdev); hci_dev_put(hdev); return err; @@ -1187,6 +1189,7 @@ static int iso_sock_listen(struct socket *sock, int backlog) BT_DBG("sk %p backlog %d", sk, backlog); + sock_hold(sk); lock_sock(sk); if (sk->sk_state != BT_BOUND) { @@ -1199,10 +1202,16 @@ static int iso_sock_listen(struct socket *sock, int backlog) goto done; } - if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) + if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) { err = iso_listen_cis(sk); - else + } else { + /* Drop sock lock to avoid potential + * deadlock with the hdev lock. + */ + release_sock(sk); err = iso_listen_bis(sk); + lock_sock(sk); + } if (err) goto done; @@ -1214,6 +1223,7 @@ static int iso_sock_listen(struct socket *sock, int backlog) done: release_sock(sk); + sock_put(sk); return err; } From patchwork Mon Dec 9 09:42:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Iulia Tanasescu X-Patchwork-Id: 848477 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2088.outbound.protection.outlook.com [40.107.22.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2ACFA215F6B for ; Mon, 9 Dec 2024 09:42:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.22.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733737361; cv=fail; b=mUesnIjeb60F4jxm7+RWGzvDdtbgvuC2BEExfGjEo+yR23I+Xl8h1ne6lqlErm2vYp3ADaF532LzzAG+ImvsWWoSore9pmYdoElJNkgP0oQ0QdXRhK5HdT/10VtQDalKd6MuiewRfU9/5FKfRGaHIHyGYdJNcx1W73ZdD26Orl0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733737361; c=relaxed/simple; bh=6rok1+LITzsK1QlXNaQNtr8TmrIeaeWvqKCEAYIOY4c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: Content-Type:MIME-Version; b=qPPermh0Ypb8Cgmgx2ubgHe5rITuvQXs77zVVeWtc8GqMECM5jCfRy78V9kWW7F7E8aU+VrkEqHrZah0hQX/zA71MghP79I7/Fp6OZFdSiu7E5bWRYvi+qlKlhcmuvr1XJs95p04BKHhrJpygJnz8kOusp4H+hv8lMLAoVM0/UY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b=SNlPrlCi; arc=fail smtp.client-ip=40.107.22.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b="SNlPrlCi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QftO4Kw0peLd2J2MlD0sQP2N+A581i2UsRgFINOQAqjM37KtdPOhZe3CSw9EQW/VqnRJwoyj9ggWC4jJ/Gv6DJloCXccvmbd+a5h4YohndRA1Y1lFe9+mzBLgpLypRNjlhZqdzcOHg6sHjEFmqe49FVmotxt8vMoAgCtHkCh9PW3DsTSZ9WdjfzZoZkHapUd1w06wIF1cxb+9WbnWqewSkrJb0Wssez3snQ/CSG9fXC01vzf+9g88+RvaYCEvSk67EKjGa28i9pWrKYo5N6wrnNmbUyP/EjRo/Bhgfwz+U7CfOcr5OVZmH53oI1ucv5w9IzTEu3Gsc87AG05aAdFQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C6TflCws7Iy4FhYl+oCkcXU8vpMeJUjULiOFi3nJYYg=; b=UzzpMP+AFo27UjWavoYGsZktEyDx/W3OTjpA1gVDj/CQ+oXlaWKdfkXmzQc+T2Nd/SuMHwNqqTlpU4mdNXsHh5dLWSU+mvP72a55DBp4/suyc2jqG2Jvn1QCDv2v1S+vfVigRHxsBJwVztvvl6TLAptyf8BUFho0mvtDrHs/gAonuJV0wmr/5cZv+DRKxf3QNe2iqJxzCQgDB++b7vUH7OE9PK7n9oWUPA9Zd0YwwuI/6bnzsGHCMHlYxIh99k31bpldVKbi+omC1SstyQKf9qgUGFHkSicHPnNfdOm2yc+tFJ06izngQIkUNuopVje2ZPxMU93/88EP9KK1ie2GHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C6TflCws7Iy4FhYl+oCkcXU8vpMeJUjULiOFi3nJYYg=; b=SNlPrlCiZ5CnKjTJIgMII2bM9xiKRcZFlTGi0rQuv8PuoZMynGZdlZ2Su1wh949KiEV6IoICkU/zxgpjga20cefjtjpmYFEk7Q0e48nsiwZBxqSBzbEj03MVX1uZP0ANcqvwdzHv0Ggu8hR6cOu/4V9IWXavG4qFKRrdOQ5POuOqKzDkyWCX8YoHrooFol/oCdfl+e36a6D6NE04zJU6TjBMVcgbbJ31gU47WkyOb0nudRMjS9LuG6WwXue8N4Ajdp63pF6lj6ZOpV9xyFFGJRve9Cs2m4kOK7KQwd9uwNqOjlZpT7Cys72sbSs5DDN9xhbcsn9i2ri6MjBEBaDCVw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AS8PR04MB8898.eurprd04.prod.outlook.com (2603:10a6:20b:42d::15) by VI1PR04MB7086.eurprd04.prod.outlook.com (2603:10a6:800:121::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8230.18; Mon, 9 Dec 2024 09:42:35 +0000 Received: from AS8PR04MB8898.eurprd04.prod.outlook.com ([fe80::5e22:869c:33c:9654]) by AS8PR04MB8898.eurprd04.prod.outlook.com ([fe80::5e22:869c:33c:9654%4]) with mapi id 15.20.8230.010; Mon, 9 Dec 2024 09:42:35 +0000 From: Iulia Tanasescu To: linux-bluetooth@vger.kernel.org Cc: claudia.rosu@nxp.com, mihai-octavian.urzica@nxp.com, andrei.istodorescu@nxp.com, luiz.dentz@gmail.com, Iulia Tanasescu Subject: [PATCH v2 2/2] Bluetooth: iso: Fix circular lock in iso_conn_big_sync Date: Mon, 9 Dec 2024 11:42:18 +0200 Message-ID: <20241209094218.4939-3-iulia.tanasescu@nxp.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241209094218.4939-1-iulia.tanasescu@nxp.com> References: <20241209094218.4939-1-iulia.tanasescu@nxp.com> X-ClientProxiedBy: AM9P250CA0016.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:21c::21) To AS8PR04MB8898.eurprd04.prod.outlook.com (2603:10a6:20b:42d::15) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB8898:EE_|VI1PR04MB7086:EE_ X-MS-Office365-Filtering-Correlation-Id: fed948f3-b33c-48f0-3b9e-08dd1835cfd5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: W9qmoysk7s7yTVVa8RRLZMTUaBOBSlFa11c/OsAJW4tbOIBeh8pkD83FzBnw3c22rMCIKI8GHUm5DnT/h3yjbxJOz52KUkxYqbLxoQ07+2zWLX/R73L+m/IzCZEnuoIgBZKsSyTwD5jNjRTje0mclDwUuz2H9dXnuYsTXjHyyWJFkMn8tbCFGsuSG3Dc/8L9Cqtwb+UM7At90rJGAYIA4yuOy2wOZf0KIkC9DL6JKUKXTkyL3NYSDzej9q3AVMM40ftJAGvLw4suyqZv/U7B8A83mO2vG/MiqbtDNMLGSTZGfHgSBcTccogx0ZzTSIvoynkBCc0WuU+ugdYSXOycuey16d5n3SR9ZhjUGZAb8ewrYPM5nX7T+ReGEirdzLqeKAqZKTyx9dJwBXomhJxqSxzCvnE7k+U/HSX+rb96aCSDM9o3RWAmXNG2a8q88i3gKmag5hHv9ya274Eryb9GTPrMvoObgREEbzgNTyDl3SeyG5QRtvAOobdT69u3sh19QjU6MxWIICzWIwvFediqVpK+MFrS0mJmdEz3z9BafWRgqGW3+zycSmX6VcV+IUAgvxbwZq7BOYVQswrquMxswQ6jCbpv/k4Hy8Ct2EoLAQTXV5kxT2Rbcve6JruxY3MWFolmZH8NMzYjKMG5og8OlZj2cR1mtPDKbVYkVEAQvnze40gXp1/HuaeWSXFQT4oC4hYz7IfAztcCmPSQ65/tkZ8qVso+lcKTdo9kbDaBdXDROjIB9h8ejtr1eIb7wLnP6nzjD81BzzE1PkT2X01kuupJ1N7wUmI0RxdczYDBSdJ0iv7eltHnOf4KfDnnN0tz+95aU8M8MDscCB3TbZ4tzrvRLlSJ1FWbmBuPRunFvtC29/Jrh/50g0rwXajcMyl4/3Do2WLKuHPareXGXH9W33oBWWpgjhfAOTk5nHQNQ7qV6Vmrm0PKLJJSXGt4DomX+/U2BRJI54bd20O78PlAk35a4fcQQdVJNungBytfHWp/ULs7+h6GqzKK+Azvroqp3Fhss8fazKYLyceh6/djQG2EtyZICBL+lpjKUjFMvw3GpIvCWRMXTRj2n7t8J7/oLwkPXHe8YugfYgNTsP0OeVH8V2ak5xM+LYGOyt+IWuKrf2erPZPrbxsewUISmga9u+UL3VjMVwUDXsAuAHc8siczS8sr7jZefbiMN+9krkFyH5HoaoFpApjjCCd1sr8VNOcYBdyUOBMTgOocSE6yAW05gD060SiBmxfoD/AHRtz+hsx31vyue/VbaXlq2hLbushXG1A55UBMxWjfyLKjoSpERS/x43Sk25+m7tcf3LiyzoS2xPwaLy+DpK2ex3ENnDpO6SmefCUbhfGcrhZq7g== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR04MB8898.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(376014)(1800799024)(366016); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 7R/K8KaK1aRvA4usrvkhaqR+yWaK3Biqb50wrQlOp+eCLKmZV34nfw2A7pIqfM2Oz0yAQKITT89WbmR4CL6I1sI/sZ2kdlYx0UUD+K/tMKDE7IhE9jEVCFUGJo5/cq/zoEtb5G5xwTkZz83ot4g7xdmYgfcoxrugbDq/iCx23I4v3YvjYBTMI0CygU0bO92A94yclmORNTtkpl9hNBdZWcjocj9ljLYva/LLoxPEGmCycr9cl2MepZvvmt89pK5XXgFN4set+TcgTnvO2YuE91YzhTOfVhMB5N8a+zKnd2d4R3d62KRvBncdi/vN6oB8mZSZ9rFnr/L7ez//ZvBk6Acjb6StygfNZVPFQQi75Ny+JhO8zk+GVN8GpG3RlFG9kb5qnK4Uxmn7Flx5vk2EFhS6Vh2eGSE4DSkwlsIqKIbxYFptR3pJw9EP+AKBNoZdmeGI2hK3KuZtj5wOhgqUtZermHQWq2TTSK/vHvT11D5FO6bgdGEgNfWBTQBh7Z3uUr1FGGRmarp9dMwbO3HkCuDLead7lJzRcEzB1ZqgFqw1yZ6pMJ+qH0l+w2j2IzZewxT4/Bc85K+/hUFsVKJjxVkBgDsDyduiFMbSoJIxxG2zz4jG7VEtll7A4Q3HaG4Byr+2GaGi1NO6KPRbjbEGy3NB5l4QulFlwvHZLvkckCep8CoKVA2H0GR4GYxGM6TOpIoS9ddxZzminFpfTg3w/qjQBYSyF1I+mXlFqMRKjALVYF04mx8wsxpuQcA8us6njQDGQBMdw9ppWcqbqMSNKvUxVzqy+BK/HnjF8AxzogYt5hEazhbBYe1OCxoVIFLMoYTLSL3vGIzIskw49yDRwHJgjcfriJ+TelrFKzlBEsGSyrRdkZJvWtkEx5rHo9dlfaRq2Lp6bQ5quNsdTyv4k4Y+coA2sr3o+xkZO2tce3MjdXWKU8qwETKokhnUm41+Z+BI2eARqK65mEa7n66ZeC2VicrSa0ak6ePw31aYFyzf7dm3P/7UTfN9n/jZgShbxriH98MKxu7wxgUSBYu5HLKytHbdN7C/RNiUg0AP1/fs9zSKRLs5ey/p5eg0k/6HRXmERXTo0HLtZCkFswU8Ek3jc3X09MwefTvrFBh0/oBelVIZ+6ANTmLe5d2dsf5ZxXh8gcPazv+SK7bZWf6RlVkICuQNHFEuaH4zBZeN1na46M8yOyJ6uHFTiC5c4wR/tRxwQN6yrYm9LCzu0vfmXnoRi5Tl1myO26h8YBTSJjBXuA2LuzZ298bC69bJQNNezE7g7nUN76Sgw1+8GJYXr0n+Tuc2Pi6D6QC05JA/8lwSEolVddPrhyxAo179+R4rVtVxBBOpMYUquoSdx6aOV3XeX3pjp/rlzkmKznTqZQVfmDnhoTf5oFsrKdJwMni/M1ykOgINEYeSLbiVlZ3LO8rvuKKPh1mgQjOlfcqpgB4CSAfLFnTDMCEl8ugdyvBWKNUr86fBQmXAFRHm6px5FhQqlCJ862gVx94WnSOuI0yF8GvlGu31BxJr3whuZayxybNuyabx3aM52mfwku2gEV0TshLnaogV3Ff786TNU82/hLFu9EHMntYQCZCacrVah8+ikvPcN7slljvDfY7n3Q== X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: fed948f3-b33c-48f0-3b9e-08dd1835cfd5 X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB8898.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2024 09:42:35.6871 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lInazsmEP+xwRkiUVpkGwcmpb05MbRRNn3w/q5Cm54dplg9mj5S0jYx+2n+vrxWFFwzUx1k1+5RpB6A2sMPCTQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7086 This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] ------------------------------------------------------ [ 561.670353] iso-tester/3289 is trying to acquire lock: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, at: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] but task is already holding lock: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] which lock already depends on the new lock. [ 561.670452] the existing dependency chain (in reverse order) is: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] do_syscall_64+0x87/0x150 [ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] lock_acquire+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] do_syscall_64+0x87/0x150 [ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [ 561.670722] sock_recvmsg+0x1d5/0x240 [ 561.670725] sock_read_iter+0x27d/0x470 [ 561.670727] vfs_read+0x9a0/0xd30 [ 561.670731] ksys_read+0x1a8/0x250 [ 561.670733] __x64_sys_read+0x72/0xc0 [ 561.670736] x64_sys_call+0x1b12/0x25f0 [ 561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] other info that might help us debug this: [ 561.670745] Chain exists of: &hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH [ 561.670751] Possible unsafe locking scenario: [ 561.670753] CPU0 CPU1 [ 561.670754] ---- ---- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] lock(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] lock(sk_lock-AF_BLUETOOTH); [ 561.670764] lock(&hdev->lock); [ 561.670767] *** DEADLOCK *** Fixes: 07a9342b94a9 ("Bluetooth: ISO: Send BIG Create Sync via hci_sync") Signed-off-by: Iulia Tanasescu --- net/bluetooth/iso.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index ed559c82d353..44acddf58a0c 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1447,6 +1447,7 @@ static void iso_conn_big_sync(struct sock *sk) * change. */ hci_dev_lock(hdev); + lock_sock(sk); if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon, @@ -1459,6 +1460,7 @@ static void iso_conn_big_sync(struct sock *sk) err); } + release_sock(sk); hci_dev_unlock(hdev); } @@ -1467,39 +1469,57 @@ static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, { struct sock *sk = sock->sk; struct iso_pinfo *pi = iso_pi(sk); + bool early_ret = false; + int err = 0; BT_DBG("sk %p", sk); if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { + sock_hold(sk); lock_sock(sk); + switch (sk->sk_state) { case BT_CONNECT2: if (test_bit(BT_SK_PA_SYNC, &pi->flags)) { + release_sock(sk); iso_conn_big_sync(sk); + lock_sock(sk); + sk->sk_state = BT_LISTEN; } else { iso_conn_defer_accept(pi->conn->hcon); sk->sk_state = BT_CONFIG; } - release_sock(sk); - return 0; + + early_ret = true; + break; case BT_CONNECTED: if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { + release_sock(sk); iso_conn_big_sync(sk); + lock_sock(sk); + sk->sk_state = BT_LISTEN; - release_sock(sk); - return 0; + early_ret = true; } - release_sock(sk); break; case BT_CONNECT: release_sock(sk); - return iso_connect_cis(sk); + err = iso_connect_cis(sk); + lock_sock(sk); + + early_ret = true; + break; default: - release_sock(sk); break; } + + release_sock(sk); + sock_put(sk); + + if (early_ret) + return err; } return bt_sock_recvmsg(sock, msg, len, flags);