Bluetooth: Validate hci conn validity before refering wakelock.
Found in a rare case there is possibility that remote device
sent disconnect on a connection and DUT is trying send data
on the same. In that case accessing some released wakelock
is causing issue. The current changes are to use locking
mechanism to validate the connection before acting on the
wake lock.
CRs-Fixed: 394651
Change-Id: I6a4188a7d0d05a8cfbe66d3680473d549157917a
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
(cherry picked from commit 6aadc41fcbd28dc3899a4b5d098e5f316588a029)
Signed-off-by: Sudhir Sharma <sudsha@codeaurora.org>
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2e47488..963ef48 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -393,9 +393,7 @@
BT_DBG("conn %p mode %d", conn, conn->mode);
- hci_dev_lock(conn->hdev);
hci_conn_enter_sniff_mode(conn);
- hci_dev_unlock(conn->hdev);
}
static void hci_conn_rssi_update(struct work_struct *work)
@@ -450,6 +448,8 @@
conn->power_save = 1;
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+ conn->conn_valid = true;
+ spin_lock_init(&conn->lock);
wake_lock_init(&conn->idle_lock, WAKE_LOCK_SUSPEND, "bt_idle");
switch (type) {
@@ -522,6 +522,10 @@
BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
+ spin_lock_bh(&conn->lock);
+ conn->conn_valid = false; /* conn data is being released */
+ spin_unlock_bh(&conn->lock);
+
/* Make sure no timers are running */
del_timer(&conn->idle_timer);
wake_lock_destroy(&conn->idle_lock);
@@ -981,9 +985,13 @@
timer:
if (hdev->idle_timeout > 0) {
- mod_timer(&conn->idle_timer,
- jiffies + msecs_to_jiffies(hdev->idle_timeout));
- wake_lock(&conn->idle_lock);
+ spin_lock_bh(&conn->lock);
+ if (conn->conn_valid) {
+ mod_timer(&conn->idle_timer,
+ jiffies + msecs_to_jiffies(hdev->idle_timeout));
+ wake_lock(&conn->idle_lock);
+ }
+ spin_unlock_bh(&conn->lock);
}
}