Commit 479f335c authored by Jia-Ju Bai's avatar Jia-Ju Bai Committed by Marcel Holtmann

Bluetooth: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup

The driver may sleep in the interrupt handler.
The function call path is:
bluecard_interrupt (interrupt handler)
  bluecard_write_wakeup
    schedule_timeout --> may sleep

To fix it, schedule_timeout is replaced with mdelay.

This bug is found by my static analysis tool(DSAC) and checked by my code review.
Signed-off-by: default avatarJia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 9e1e9f20
...@@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info) ...@@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
} }
/* Wait until the command reaches the baseband */ /* Wait until the command reaches the baseband */
prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE); mdelay(100);
schedule_timeout(HZ/10);
finish_wait(&wq, &wait);
/* Set baud on baseband */ /* Set baud on baseband */
info->ctrl_reg &= ~0x03; info->ctrl_reg &= ~0x03;
...@@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info) ...@@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
outb(info->ctrl_reg, iobase + REG_CONTROL); outb(info->ctrl_reg, iobase + REG_CONTROL);
/* Wait before the next HCI packet can be send */ /* Wait before the next HCI packet can be send */
prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE); mdelay(1000);
schedule_timeout(HZ);
finish_wait(&wq, &wait);
} }
if (len == skb->len) { if (len == skb->len) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment