Bluetooth: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup

The driver may sleep in the interrupt handler. The function call path is: bluecard_interrupt (interrupt handler) bluecard_write_wakeup schedule_timeout --> may sleep To fix it, schedule_timeout is replaced with mdelay. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
mariux64 · Dec 13, 2017 · 479f335 · 479f335
1 parent 9e1e9f2
commit 479f335
Showing 1 changed file with 2 additions and 6 deletions.
diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c
@@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
 			}
 
 			/* Wait until the command reaches the baseband */
-			prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
-			schedule_timeout(HZ/10);
-			finish_wait(&wq, &wait);
+			mdelay(100);
 
 			/* Set baud on baseband */
 			info->ctrl_reg &= ~0x03;
@@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
 			outb(info->ctrl_reg, iobase + REG_CONTROL);
 
 			/* Wait before the next HCI packet can be send */
-			prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
-			schedule_timeout(HZ);
-			finish_wait(&wq, &wait);
+			mdelay(1000);
 		}
 
 		if (len == skb->len) {