From: Lukas Wunner Date: Wed, 10 Jan 2018 15:32:10 +0000 (+0100) Subject: Bluetooth: hci_bcm: Fix race on close X-Git-Tag: v4.19~1702^2~177^2~9 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=54ba69f9e7304e15e07713b4bb0eb1a405d271f0;p=platform%2Fkernel%2Flinux-rpi.git Bluetooth: hci_bcm: Fix race on close Upon ->close, the driver powers the Bluetooth controller down, deasserts the device wake pin, updates the runtime PM status to "suspended" and finally frees the IRQ. Because the IRQ is freed last, a runtime resume can take place after the controller was powered down. The impact is not grave, the worst thing that can happen is that the device wake pin is reasserted (should have no effect while the regulator is off) and that setting the runtime PM status to "suspended" does not reflect reality. Still, it's wrong, so free the IRQ first. Cc: Frédéric Danis Reviewed-by: Andy Shevchenko Signed-off-by: Lukas Wunner Signed-off-by: Marcel Holtmann --- diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index c551ef4..6144a3f 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -372,14 +372,14 @@ static int bcm_close(struct hci_uart *hu) } if (bdev) { - bcm_gpio_set_power(bdev, false); - pm_runtime_disable(bdev->dev); - pm_runtime_set_suspended(bdev->dev); - if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) { devm_free_irq(bdev->dev, bdev->irq, bdev); device_init_wakeup(bdev->dev, false); } + + bcm_gpio_set_power(bdev, false); + pm_runtime_disable(bdev->dev); + pm_runtime_set_suspended(bdev->dev); } mutex_unlock(&bcm_device_lock);