• J
    Bluetooth: Fix calling request callback more than once · 53e21fbc
    Johan Hedberg 提交于
    In certain circumstances, such as an HCI driver using __hci_cmd_sync_ev
    with HCI_EV_CMD_COMPLETE as the expected completion event there is the
    chance that hci_event_packet will call hci_req_cmd_complete twice (once
    for the explicitly looked after event and another time in the actual
    handler of cmd_complete).
    
    In the case of __hci_cmd_sync_ev this introduces a race where the first
    call wakes up the blocking __hci_cmd_sync_ev and lets it complete.
    However, by the time that a second __hci_cmd_sync_ev call is already in
    progress the second hci_req_cmd_complete call (from the previous
    operation) will wake up the blocking function prematurely and cause it
    to fail, as witnessed by the following log:
    
    [  639.232195] hci_rx_work: hci0 Event packet
    [  639.232201] hci_req_cmd_complete: opcode 0xfc8e status 0x00
    [  639.232205] hci_sent_cmd_data: hci0 opcode 0xfc8e
    [  639.232210] hci_req_sync_complete: hci0 result 0x00
    [  639.232220] hci_cmd_complete_evt: hci0 opcode 0xfc8e
    [  639.232225] hci_req_cmd_complete: opcode 0xfc8e status 0x00
    [  639.232228] __hci_cmd_sync_ev: hci0 end: err 0
    [  639.232234] __hci_cmd_sync_ev: hci0
    [  639.232238] hci_req_add_ev: hci0 opcode 0xfc8e plen 250
    [  639.232242] hci_prepare_cmd: skb len 253
    [  639.232246] hci_req_run: length 1
    [  639.232250] hci_sent_cmd_data: hci0 opcode 0xfc8e
    [  639.232255] hci_req_sync_complete: hci0 result 0x00
    [  639.232266] hci_cmd_work: hci0 cmd_cnt 1 cmd queued 1
    [  639.232271] __hci_cmd_sync_ev: hci0 end: err 0
    [  639.232276] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-61)
    Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
    Acked-by: NMarcel Holtmann <marcel@holtmann.org>
    Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
    53e21fbc
hci_core.c 76.5 KB