hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IDCRDT -------------------------------- In the following scenarios: When the task executes mgmt_device_disconnected, it holds the mgmt_pending_lock; during the traversal of pending events for processing, disconnect_rsp is executed, which attempts to acquire the mgmt_pending_lock again, this results in a deadlock. mgmt_device_disconnected mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, true, disconnect_rsp, &sk) mutex_lock(&hdev->mgmt_pending_lock) list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) cb(cmd, data) // disconnect_rsp mutex_unlock(&hdev->mgmt_pending_lock) disconnect_rsp mgmt_pending_remove mutex_lock(&cmd->hdev->mgmt_pending_lock) In the mainline commit 6fe26f694c82 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock"), the same functionality as the mgmt_pending_remove function has already been added to the mgmt_pending_foreach function. Therefore, mgmt_pending_remove is removed from the disconnect_rsp function, thereby avoiding the deadlock issue. Fixes: 07e549359ef2 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock") Signed-off-by: Wang Tao <wangtao554@huawei.com> --- net/bluetooth/mgmt.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 1304d9c05b2a..ce055493aee6 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -8239,8 +8239,6 @@ static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) *sk = cmd->sk; sock_hold(*sk); - - mgmt_pending_remove(cmd); } static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) -- 2.34.1