diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2023-01-17 19:19:00 -0800 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2023-01-17 19:19:00 -0800 |
| commit | 010a74f52203eae037dd6aa111ba371f6a2dedc5 (patch) | |
| tree | 0781d702421c0832a7086bafb78aa42d01704cf2 /drivers | |
| parent | 423c1d363c4659fcaca321bcb5217c8f1e7efeba (diff) | |
| parent | 1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 (diff) | |
Merge tag 'for-net-2023-01-17' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Luiz Augusto von Dentz says:
====================
bluetooth pull request for net:
- Fix a buffer overflow in mgmt_mesh_add
- Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2
- Fix hci_qca shutdown on closed serdev
- Fix possible circular locking dependencies on ISO code
- Fix possible deadlock in rfcomm_sk_state_change
* tag 'for-net-2023-01-17' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
Bluetooth: ISO: Fix possible circular locking dependency
Bluetooth: hci_event: Fix Invalid wait context
Bluetooth: ISO: Fix possible circular locking dependency
Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()
Bluetooth: hci_qca: Fix driver shutdown on closed serdev
Bluetooth: hci_conn: Fix memory leaks
Bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2
Bluetooth: Fix a buffer overflow in mgmt_mesh_add()
====================
Link: https://lore.kernel.org/r/20230118002944.1679845-1-luiz.dentz@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/bluetooth/hci_qca.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 6eddc23e49d9..bbe9cf1cae27 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -2164,10 +2164,17 @@ static void qca_serdev_shutdown(struct device *dev) int timeout = msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS); struct serdev_device *serdev = to_serdev_device(dev); struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev); + struct hci_uart *hu = &qcadev->serdev_hu; + struct hci_dev *hdev = hu->hdev; + struct qca_data *qca = hu->priv; const u8 ibs_wake_cmd[] = { 0xFD }; const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 }; if (qcadev->btsoc_type == QCA_QCA6390) { + if (test_bit(QCA_BT_OFF, &qca->flags) || + !test_bit(HCI_RUNNING, &hdev->flags)) + return; + serdev_device_write_flush(serdev); ret = serdev_device_write_buf(serdev, ibs_wake_cmd, sizeof(ibs_wake_cmd)); |