 
            6.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Iulia Tanasescu iulia.tanasescu@nxp.com
[ Upstream commit 25ab2db3e60e0e84d7cdc740ea6ae3c10fe61eaa ]
This removes the kzalloc memory allocation inside critical section in create_pa_sync, fixing the following message that appears when the kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:321
Signed-off-by: Iulia Tanasescu iulia.tanasescu@nxp.com Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Stable-dep-of: 6d0417e4e1cf ("Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver") Signed-off-by: Sasha Levin sashal@kernel.org --- net/bluetooth/hci_conn.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index e6591f487a511..d097e308a7554 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -2079,7 +2079,7 @@ static bool hci_conn_check_create_pa_sync(struct hci_conn *conn)
static int create_pa_sync(struct hci_dev *hdev, void *data) { - struct hci_cp_le_pa_create_sync *cp = NULL; + struct hci_cp_le_pa_create_sync cp = {0}; struct hci_conn *conn; int err = 0;
@@ -2108,19 +2108,13 @@ static int create_pa_sync(struct hci_dev *hdev, void *data) if (hci_conn_check_create_pa_sync(conn)) { struct bt_iso_qos *qos = &conn->iso_qos;
- cp = kzalloc(sizeof(*cp), GFP_KERNEL); - if (!cp) { - err = -ENOMEM; - goto unlock; - } - - cp->options = qos->bcast.options; - cp->sid = conn->sid; - cp->addr_type = conn->dst_type; - bacpy(&cp->addr, &conn->dst); - cp->skip = cpu_to_le16(qos->bcast.skip); - cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); - cp->sync_cte_type = qos->bcast.sync_cte_type; + cp.options = qos->bcast.options; + cp.sid = conn->sid; + cp.addr_type = conn->dst_type; + bacpy(&cp.addr, &conn->dst); + cp.skip = cpu_to_le16(qos->bcast.skip); + cp.sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); + cp.sync_cte_type = qos->bcast.sync_cte_type;
break; } @@ -2131,17 +2125,15 @@ static int create_pa_sync(struct hci_dev *hdev, void *data)
hci_dev_unlock(hdev);
- if (cp) { + if (bacmp(&cp.addr, BDADDR_ANY)) { hci_dev_set_flag(hdev, HCI_PA_SYNC); set_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags);
err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC, - sizeof(*cp), cp, HCI_CMD_TIMEOUT); + sizeof(cp), &cp, HCI_CMD_TIMEOUT); if (!err) err = hci_update_passive_scan_sync(hdev);
- kfree(cp); - if (err) { hci_dev_clear_flag(hdev, HCI_PA_SYNC); clear_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags);