Bluetooth: hci_bcm: Fix race on close

Upon ->close, the driver powers the Bluetooth controller down, deasserts
the device wake pin, updates the runtime PM status to "suspended" and
finally frees the IRQ.

Because the IRQ is freed last, a runtime resume can take place after
the controller was powered down.  The impact is not grave, the worst
thing that can happen is that the device wake pin is reasserted (should
have no effect while the regulator is off) and that setting the runtime
PM status to "suspended" does not reflect reality.

Still, it's wrong, so free the IRQ first.

Cc: Frédéric Danis <frederic.danis.oss@gmail.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
index ad4127fdad399c021b0734ea72fefbd3c751b0f6..13ea5b719e64d0fbbea5f2881e7b40dd4695bc7b 100644 (file)
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -370,14 +370,14 @@ static int bcm_close(struct hci_uart *hu)
        }
 
        if (bdev) {
-               bcm_gpio_set_power(bdev, false);
-               pm_runtime_disable(bdev->dev);
-               pm_runtime_set_suspended(bdev->dev);
-
                if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) {
                        devm_free_irq(bdev->dev, bdev->irq, bdev);
                        device_init_wakeup(bdev->dev, false);
                }
+
+               bcm_gpio_set_power(bdev, false);
+               pm_runtime_disable(bdev->dev);
+               pm_runtime_set_suspended(bdev->dev);
        }
        mutex_unlock(&bcm_device_lock);