Bluetooth: hci_bcm: Fix race on close

Upon ->close, the driver powers the Bluetooth controller down, deasserts
the device wake pin, updates the runtime PM status to "suspended" and
finally frees the IRQ.

Because the IRQ is freed last, a runtime resume can take place after
the controller was powered down.  The impact is not grave, the worst
thing that can happen is that the device wake pin is reasserted (should
have no effect while the regulator is off) and that setting the runtime
PM status to "suspended" does not reflect reality.

Still, it's wrong, so free the IRQ first.

Cc: Frédéric Danis <frederic.danis.oss@gmail.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
index c551ef4..6144a3f 100644 (file)
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -372,14 +372,14 @@ static int bcm_close(struct hci_uart *hu)
        }
 
        if (bdev) {
-               bcm_gpio_set_power(bdev, false);
-               pm_runtime_disable(bdev->dev);
-               pm_runtime_set_suspended(bdev->dev);
-
                if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) {
                        devm_free_irq(bdev->dev, bdev->irq, bdev);
                        device_init_wakeup(bdev->dev, false);
                }
+
+               bcm_gpio_set_power(bdev, false);
+               pm_runtime_disable(bdev->dev);
+               pm_runtime_set_suspended(bdev->dev);
        }
        mutex_unlock(&bcm_device_lock);