Bluetooth: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup (479f335c) · Commits · e / devices / android_kernel_fairphone_FP4

The driver may sleep in the interrupt handler. The function call path is: bluecard_interrupt (interrupt handler) bluecard_write_wakeup schedule_timeout --> may sleep To fix it, schedule_timeout is replaced with mdelay. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by:

Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by:

Marcel Holtmann <marcel@holtmann.org>

drivers/bluetooth/bluecard_cs.c

+2 −6

Original line number	Diff line number	Diff line
		@@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
		}

		/* Wait until the command reaches the baseband */
		prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
		schedule_timeout(HZ/10);
		finish_wait(&wq, &wait);
		mdelay(100);

		/* Set baud on baseband */
		info->ctrl_reg &= ~0x03;
		@@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
		outb(info->ctrl_reg, iobase + REG_CONTROL);

		/* Wait before the next HCI packet can be send */
		prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
		schedule_timeout(HZ);
		finish_wait(&wq, &wait);
		mdelay(1000);
		}

		if (len == skb->len) {