Bluetooth: hci_sync: Push sync command cancellation to workqueue

syzbot reported that hci_cmd_sync_cancel may sleep from the wrong context. To avoid this, create a new work item that pushes the relevant parts into a different context. Note that we keep the old implementation with the name __hci_cmd_sync_cancel as the sleeping behaviour is desired in some cases. Reported-and-tested-by: syzbot+485cc00ea7cf41dfdbf1@syzkaller.appspotmail.com Fixes: c97a747efc93 ("Bluetooth: btusb: Cancel sync commands for certain URB errors") Signed-off-by: Benjamin Berg <bberg@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Benjamin Berg <bberg@redhat.com> 2021-12-17 16:28:09 +0100
committer: Marcel Holtmann <marcel@holtmann.org> 2021-12-22 23:01:27 +0100
commit: 744451c162a514044a912cbbd64b7a386035cc5b (patch)
tree: 3b98ed43f097ae8e357b895c93078b1932207e6b /net/bluetooth/hci_request.c
parent: df1e5c51492fd93ffc293acdcc6f00698d19fedc (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index 329c66456cf1..ef5ced467f75 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -2692,7 +2692,7 @@ void hci_request_setup(struct hci_dev *hdev)
 
 void hci_request_cancel_all(struct hci_dev *hdev)
 {
-	hci_cmd_sync_cancel(hdev, ENODEV);
+	__hci_cmd_sync_cancel(hdev, ENODEV);
 
 	cancel_work_sync(&hdev->discov_update);
 	cancel_work_sync(&hdev->scan_update);
author	Benjamin Berg <bberg@redhat.com>	2021-12-17 16:28:09 +0100
committer	Marcel Holtmann <marcel@holtmann.org>	2021-12-22 23:01:27 +0100
commit	744451c162a514044a912cbbd64b7a386035cc5b (patch)
tree	3b98ed43f097ae8e357b895c93078b1932207e6b /net/bluetooth/hci_request.c
parent	df1e5c51492fd93ffc293acdcc6f00698d19fedc (diff)