Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()

[ Upstream commit 39c1eb6fcbae8ce9bb71b2ac5cb609355a2b181b ]

It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So replace kfree_skb()
with dev_kfree_skb_irq() under spin_lock_irqsave().

Fixes: 889233937ea3 ("Bluetooth: Add request cmd_complete and cmd_status functions")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 2ebb6480b6ecb0c368352e6d451841cbee9d8273..e5e1c139f2118ca985199a08fe350314875ff6de 100644 (file)
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4455,7 +4455,7 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
                        *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
                else
                        *req_complete = bt_cb(skb)->hci.req_complete;
-               kfree_skb(skb);
+               dev_kfree_skb_irq(skb);
        }
        spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
 }