UBUNTU: SAUCE: Bluetooth USB: fix kernel panic during suspend while streaming audio to bluetooth headset Bug: #322082
Kernel panic when hci_usb_tx_complete() calls _urb_unlink()
on an _urb which has been previously been removed from a list.
This occurs during suspend while audio is being streamed to
a bluetooth headset.
The bug occurs because hci_usb_suspend() dequeues the _urb
and then calls usb_kill_urb() - it should put the _urb on
the killed list first before killing the urb.
Also added a spin_lock around the list_add operation to
make sure it is atomic.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/bluetooth/hci_usb.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/bluetooth/hci_usb.c b/drivers/bluetooth/hci_usb.c
index cf734ca..22fd5b5 100644
--- a/drivers/bluetooth/hci_usb.c
+++ b/drivers/bluetooth/hci_usb.c
@@ -1029,8 +1029,10 @@ static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message)
while ((_urb = _urb_dequeue(q))) {
/* reset queue since _urb_dequeue sets it to NULL */
_urb->queue = q;
- usb_kill_urb(&_urb->urb);
+ spin_lock_irqsave(&q->lock, flags);
list_add(&_urb->list, &killed);
+ spin_unlock_irqrestore(&q->lock, flags);
+ usb_kill_urb(&_urb->urb);
}
UBUNTU: SAUCE: Bluetooth USB: fix kernel panic during suspend while streaming audio to bluetooth headset Bug: #322082
