diff options
author | Benjamin Berg <bberg@redhat.com> | 2021-12-17 16:28:09 +0100 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2021-12-22 23:01:27 +0100 |
commit | 744451c162a514044a912cbbd64b7a386035cc5b (patch) | |
tree | 3b98ed43f097ae8e357b895c93078b1932207e6b /include/net/bluetooth/hci_core.h | |
parent | Bluetooth: hci_qca: Stop IBS timer during BT OFF (diff) | |
download | linux-dev-744451c162a514044a912cbbd64b7a386035cc5b.tar.xz linux-dev-744451c162a514044a912cbbd64b7a386035cc5b.zip |
Bluetooth: hci_sync: Push sync command cancellation to workqueue
syzbot reported that hci_cmd_sync_cancel may sleep from the wrong
context. To avoid this, create a new work item that pushes the relevant
parts into a different context.
Note that we keep the old implementation with the name
__hci_cmd_sync_cancel as the sleeping behaviour is desired in some
cases.
Reported-and-tested-by: syzbot+485cc00ea7cf41dfdbf1@syzkaller.appspotmail.com
Fixes: c97a747efc93 ("Bluetooth: btusb: Cancel sync commands for certain URB errors")
Signed-off-by: Benjamin Berg <bberg@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'include/net/bluetooth/hci_core.h')
-rw-r--r-- | include/net/bluetooth/hci_core.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 4d69dcfebd63..6509109c2413 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -480,6 +480,7 @@ struct hci_dev { struct work_struct cmd_sync_work; struct list_head cmd_sync_work_list; struct mutex cmd_sync_work_lock; + struct work_struct cmd_sync_cancel_work; __u16 discov_timeout; struct delayed_work discov_off; |