diff options
author | Jia-Ju Bai <baijiaju1990@gmail.com> | 2017-12-13 10:28:04 +0100 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2017-12-13 14:38:59 +0100 |
commit | 479f335c1b24b98fd1daae024d2f5d7cc355f1fc (patch) | |
tree | 981933b5f8e6358676474d23eaf906339a81e60b /drivers/bluetooth | |
parent | Bluetooth: Add support to advertise when connected (diff) | |
download | linux-479f335c1b24b98fd1daae024d2f5d7cc355f1fc.tar.xz linux-479f335c1b24b98fd1daae024d2f5d7cc355f1fc.zip |
Bluetooth: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup
The driver may sleep in the interrupt handler.
The function call path is:
bluecard_interrupt (interrupt handler)
bluecard_write_wakeup
schedule_timeout --> may sleep
To fix it, schedule_timeout is replaced with mdelay.
This bug is found by my static analysis tool(DSAC) and checked by my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'drivers/bluetooth')
-rw-r--r-- | drivers/bluetooth/bluecard_cs.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c index d513ef4743dc..82437a69f99c 100644 --- a/drivers/bluetooth/bluecard_cs.c +++ b/drivers/bluetooth/bluecard_cs.c @@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info) } /* Wait until the command reaches the baseband */ - prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE); - schedule_timeout(HZ/10); - finish_wait(&wq, &wait); + mdelay(100); /* Set baud on baseband */ info->ctrl_reg &= ~0x03; @@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info) outb(info->ctrl_reg, iobase + REG_CONTROL); /* Wait before the next HCI packet can be send */ - prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE); - schedule_timeout(HZ); - finish_wait(&wq, &wait); + mdelay(1000); } if (len == skb->len) { |