From: Yang Yingliang <yangyingliang@huawei.com>
Date: Wed, 7 Dec 2022 02:18:34 +0000 (+0800)
Subject: Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
X-Git-Tag: v4.9.337~139
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54c7317bde3dfea7ec6d08e7e441a3f9c9051b41;p=thirdparty%2Fkernel%2Fstable.git

Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()

[ Upstream commit 39c1eb6fcbae8ce9bb71b2ac5cb609355a2b181b ]

It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().

Fixes: 9238f36a5a50 ("Bluetooth: Add request cmd_complete and cmd_status functions")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 6f99da11d2073..61ffa0f12925a 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4181,7 +4181,7 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
 			*req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
 		else
 			*req_complete = bt_cb(skb)->hci.req_complete;
-		kfree_skb(skb);
+		dev_kfree_skb_irq(skb);
 	}
 	spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
 }