leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bluetooth: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup

Browse Source 
The driver may sleep in the interrupt handler.
The function call path is:
bluecard_interrupt (interrupt handler)
  bluecard_write_wakeup
    schedule_timeout --> may sleep

To fix it, schedule_timeout is replaced with mdelay.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Jia-Ju Bai 2017-12-13 17:28:04 +08:00 committed by Marcel Holtmann
parent 9e1e9f20ca
commit 479f335c1b
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/bluetooth/bluecard_cs.c
View File

@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
}
/* Wait until the command reaches the baseband */
prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
schedule_timeout(HZ/10);
finish_wait(&wq, &wait);
mdelay(100);
/* Set baud on baseband */
info->ctrl_reg &= ~0x03;
@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
outb(info->ctrl_reg, iobase + REG_CONTROL);
/* Wait before the next HCI packet can be send */
prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
schedule_timeout(HZ);
finish_wait(&wq, &wait);
mdelay(1000);
}
if (len == skb->len) {