Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work

stable inclusion
from stable-v5.10.177
commit da3d3fdfb4d523c5da30e35a8dd90e04f0fd8962
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I88YNP

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=da3d3fdfb4d523c5da30e35a8dd90e04f0fd8962



--------------------------------

[ Upstream commit 1e9ac114 ]

In btsdio_probe, &data->work was bound with btsdio_work.In
btsdio_send_frame, it was started by schedule_work.

If we call btsdio_remove with an unfinished job, there may
be a race condition and cause UAF bug on hdev.

Fixes: ddbaf13e ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: sanglipeng <sanglipeng1@jd.com>