kern/56988: Bluetooth stack initializes bt_lock too late

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/56988: Bluetooth stack initializes bt_lock too late
From: campbell+netbsd%mumble.net@localhost
Date: Tue, 30 Aug 2022 11:00:00 +0000 (UTC)

>Number:         56988
>Category:       kern
>Synopsis:       Bluetooth stack initializes bt_lock too late
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 30 11:00:00 +0000 2022
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The WetBSD Fountation
>Environment:
>Description:
The Bluetooth stack initializes bt_lock as part of the Bluetooth socket domain initialization routine.

However, the Bluetooth stack also uses bt_lock when attaching Bluetooth HCI devices, which can be detected by autoconf before domaininint.  This leads to a null pointer dereference.
>How-To-Repeat:
Boot a machine with ubt(4) and enough of a delay in lwp0 during autoconf that ubt(4) attaches before domaininit in init_main.c.
>Fix:
The following patch creates a driver-class module `netbt' whose initialization routine initializes bt_lock.  This happens before configure().

Maybe kinda grody for netbt to be a driver-class module; maybe this should live somewhere in sys/dev/bluetooth.

From 23dfe7b917889c5421f39e4651e1018c8f073d89 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Mon, 29 Aug 2022 17:46:49 +0000
Subject: [PATCH] WIP: netbt(4): Initialize bt_lock earlier.

Use a driver-class module modcmd init function, instead of a socket
domain init function; the socket-domain ones don't run until after
configure, but we need this to be initialized before configure so
that Bluetooth HCI drivers like ubt(4) can use it.
---
 sys/netbt/bt_proto.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/sys/netbt/bt_proto.c b/sys/netbt/bt_proto.c
index 15e2c99d7411..d2ab7ee45161 100644
--- a/sys/netbt/bt_proto.c
+++ b/sys/netbt/bt_proto.c
@@ -36,6 +36,7 @@ __KERNEL_RCSID(0, "$NetBSD: bt_proto.c,v 1.16 2016/01/21 15:41:30 riastradh Exp
 #include <sys/param.h>
 #include <sys/domain.h>
 #include <sys/kernel.h>
+#include <sys/module.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/systm.h>
@@ -112,7 +113,22 @@ kmutex_t *bt_lock;
 
 static void
 bt_init(void)
+{
+}
+
+MODULE(MODULE_CLASS_DRIVER, netbt, NULL);
+
+static int
+netbt_modcmd(modcmd_t cmd, void *aux)
 {
 
-	bt_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
+	switch (cmd) {
+	case MODULE_CMD_INIT:
+		bt_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
+		return 0;
+	case MODULE_CMD_FINI:
+		return EBUSY;	/* XXX */
+	default:
+		return ENOTTY;
+	}
 }

Prev by Date: Re: port-arm/50635 (arm11_setup() cpuctrlmask value causes CPU_CONTROL_VECRELOC bit to toggle)
Next by Date: Re: port-arm/54490 (abort trap in sysinst for aarch64 netbsd-current 2019-08-23)
Previous by Thread: Re: port-arm/50635 (arm11_setup() cpuctrlmask value causes CPU_CONTROL_VECRELOC bit to toggle)
Next by Thread: Re: port-arm/55317 (RPi3 network interface fails to initialize correctly)
Indexes:

Home | Main Index | Thread Index | Old Index