Bluetooth: hci_bcm: Fix race on close

Upon ->close, the driver powers the Bluetooth controller down, deasserts
the device wake pin, updates the runtime PM status to "suspended" and
finally frees the IRQ.

Because the IRQ is freed last, a runtime resume can take place after
the controller was powered down.  The impact is not grave, the worst
thing that can happen is that the device wake pin is reasserted (should
have no effect while the regulator is off) and that setting the runtime
PM status to "suspended" does not reflect reality.

Still, it's wrong, so free the IRQ first.

Cc: Frédéric Danis <frederic.danis.oss@gmail.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
index c551ef4c350f71b4eb692ce16f35509e528809f2..6144a3f9c37a6e18862c35ab19cec7a28c1f01f3 100644 (file)
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -372,14 +372,14 @@ static int bcm_close(struct hci_uart *hu)
        }
 
        if (bdev) {
-               bcm_gpio_set_power(bdev, false);
-               pm_runtime_disable(bdev->dev);
-               pm_runtime_set_suspended(bdev->dev);
-
                if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) {
                        devm_free_irq(bdev->dev, bdev->irq, bdev);
                        device_init_wakeup(bdev->dev, false);
                }
+
+               bcm_gpio_set_power(bdev, false);
+               pm_runtime_disable(bdev->dev);
+               pm_runtime_set_suspended(bdev->dev);
        }
        mutex_unlock(&bcm_device_lock);