From eb3f05179a27b98f99e590bf2164582113f23f7e Mon Sep 17 00:00:00 2001
From: Yake Yang <yake.yang@mediatek.com>
Date: Wed, 23 Feb 2022 07:56:00 +0800
Subject: [PATCH] Bluetooth: btmtksdio: Fix kernel oops when sdio suspend.

Do not kfree the skb when the skb failed to send with __hci_cmd_sync

2435.241210] Call trace:
[ 2435.241224]  kfree_skb+0x20/0x140
[ 2435.241240]  btmtksdio_sdio_wakeup+0x8c/0xcc
[ 2435.241360]  hci_suspend_notifier+0x108/0x184
[ 2435.241377]  notifier_call_chain_robust+0x58/0xd8
[ 2435.241390]  blocking_notifier_call_chain_robust+0x54/0x84
[ 2435.241402]  pm_notifier_call_chain_robust+0x2c/0x4c
[ 2435.241414]  suspend_prepare+0x40/0x238
[ 2435.241425]  enter_state+0xec/0x3a8
[ 2435.241436]  pm_suspend+0x60/0xcc
[ 2435.241446]  state_store+0xb8/0x114
[ 2435.241460]  kobj_attr_store+0x18/0x2c
[ 2435.241473]  sysfs_kf_write+0x44/0x58
[ 2435.241486]  kernfs_fop_write_iter+0xf4/0x190
[ 2435.241500]  vfs_write+0x2b0/0x2e4
[ 2435.241511]  ksys_write+0x80/0xec
[ 2435.241523]  __arm64_sys_write+0x24/0x30
[ 2435.241538]  el0_svc_common+0xf0/0x1d8
[ 2435.241550]  do_el0_svc_compat+0x28/0x54
[ 2435.241564]  el0_svc_compat+0x10/0x1c
[ 2435.241574]  el0_sync_compat_handler+0xa8/0xcc
[ 2435.241586]  el0_sync_compat+0x188/0x1c0
[ 2435.241606] Code: a9014ff4 910003fd b40002c0 aa0003f3 (b84d4c08)
[ 2435.241619] ---[ end trace d496539b850baf14 ]---

Fixes: ce64b3e94919  ("Bluetooth: mt7921s: Support wake on bluetooth")
Co-developed-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Yake Yang <yake.yang@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
 drivers/bluetooth/btmtksdio.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/bluetooth/btmtksdio.c b/drivers/bluetooth/btmtksdio.c
index cbb09e1b823d..df3f9d090529 100644
--- a/drivers/bluetooth/btmtksdio.c
+++ b/drivers/bluetooth/btmtksdio.c
@@ -1226,8 +1226,8 @@ static bool btmtksdio_sdio_wakeup(struct hci_dev *hdev)
 				      &bt_awake, HCI_CMD_TIMEOUT);
 		if (IS_ERR(skb))
 			may_wakeup = false;
-
-		kfree_skb(skb);
+		else
+			kfree_skb(skb);
 	}
 
 	return may_wakeup;
-- 
2.11.0