CHROMIUM: Bluetooth: Use addr instead of hci_conn in LE Connection complete
Connections may be cleanup while waiting for the commands to complete.
If this happens, it might be the reason we see crashes below which
indicates that the |conn->hdev| is NULL, which can be caused by freeing
the memory of the |hci_conn| earliar.
This fixes the issue by passing the address data instead of the hci_conn
to the HCI command sync work so that we can check if such hci_conn
exists before accessing it.
Call Trace:
? __die_body+0x1f/0x63
? no_context+0x32f/0x506
? exc_page_fault+0x2d8/0x400
? __hci_cmd_sync_sk+0x464/0x4b7 [bluetooth (HASH:202e 2)]
? asm_exc_page_fault+0x1e/0x30
? hci_connect_le_sync+0x49/0x49 [bluetooth (HASH:202e 2)]
? hci_pend_le_action_lookup+0x12/0x68 [bluetooth (HASH:202e 2)]
hci_connect_le_scan_cleanup+0x82/0x252 [bluetooth (HASH:202e 2)]
create_le_conn_complete+0xc9/0xdb [bluetooth (HASH:202e 2)]
hci_cmd_sync_work+0x11a/0x15b [bluetooth (HASH:202e 2)]
process_one_work+0x18d/0x416
worker_thread+0x11a/0x289
kthread+0x13e/0x14f
? process_one_work+0x416/0x416
? kthread_blkcg+0x31/0x31
ret_from_fork+0x1f/0x30
UPSTREAM-TASK=b:303584676
BUG=b:204408624
TEST=run CUJ on hatch v5.15 with MX keys.
TEST=run bluetooth_AdapterLEHealth on hatch v5.15.
Change-Id: Ieb313a0aa7140a8478b3e1e5c0d8c6ccc89d1b6e
Signed-off-by: Yun-Hao Chung <howardchung@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4914806
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Tested-by: Yun-Hao Chung <howardchung@chromium.org>
Commit-Queue: Yun-Hao Chung <howardchung@chromium.org>
(cherry picked from commit f2bff6a8b2f0080467acf8bc87d5b80fc058a424)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4957717
1 file changed
