| Message ID | 1710912504-25416-1-git-send-email-quic_zijuhu@quicinc.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v3] Bluetooth: qca: Fix crash when use tool btattach for QCA_ROME | expand |
This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=836616 ---Test result--- Test Summary: CheckPatch PASS 0.49 seconds GitLint PASS 0.20 seconds SubjectPrefix PASS 0.06 seconds BuildKernel PASS 28.36 seconds CheckAllWarning PASS 31.58 seconds CheckSparse PASS 36.95 seconds CheckSmatch PASS 100.70 seconds BuildKernel32 PASS 28.57 seconds TestRunnerSetup PASS 527.24 seconds TestRunner_l2cap-tester PASS 20.46 seconds TestRunner_iso-tester PASS 32.89 seconds TestRunner_bnep-tester PASS 4.78 seconds TestRunner_mgmt-tester PASS 117.13 seconds TestRunner_rfcomm-tester PASS 7.24 seconds TestRunner_sco-tester PASS 15.00 seconds TestRunner_ioctl-tester PASS 7.67 seconds TestRunner_mesh-tester PASS 5.86 seconds TestRunner_smp-tester PASS 6.77 seconds TestRunner_userchan-tester PASS 4.92 seconds IncrementalBuild PASS 27.03 seconds --- Regards, Linux Bluetooth
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 8a60ad7acd70..24d45c5c47ad 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1961,7 +1961,7 @@ static int qca_setup(struct hci_uart *hu) qca_debugfs_init(hdev); hu->hdev->hw_error = qca_hw_error; hu->hdev->cmd_timeout = qca_cmd_timeout; - if (device_can_wakeup(hu->serdev->ctrl->dev.parent)) + if (hu->serdev && device_can_wakeup(hu->serdev->ctrl->dev.parent)) hu->hdev->wakeup = qca_wakeup; } else if (ret == -ENOENT) { /* No patch/nvm-config found, run with original fw/config */
A crash will happen when use tool btattach for a BT controller with soc_type QCA_ROME, and it is caused by dereferencing nullptr hu->serdev, fixed by null check before access. sudo btattach -B /dev/ttyUSB0 -P qca Bluetooth: hci1: QCA setup on UART is completed BUG: kernel NULL pointer dereference, address: 00000000000002f0 ...... Workqueue: hci1 hci_power_on [bluetooth] RIP: 0010:qca_setup+0x7c1/0xe30 [hci_uart] ...... Call Trace: <TASK> ? show_regs+0x72/0x90 ? __die+0x25/0x80 ? page_fault_oops+0x154/0x4c0 ? srso_alias_return_thunk+0x5/0xfbef5 ? kmem_cache_alloc+0x16b/0x310 ? do_user_addr_fault+0x330/0x6e0 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x84/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? qca_setup+0x7c1/0xe30 [hci_uart] hci_uart_setup+0x5c/0x1a0 [hci_uart] hci_dev_open_sync+0xee/0xca0 [bluetooth] hci_dev_do_open+0x2a/0x70 [bluetooth] hci_power_on+0x46/0x210 [bluetooth] process_one_work+0x17b/0x360 worker_thread+0x307/0x430 ? __pfx_worker_thread+0x10/0x10 kthread+0xf7/0x130 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x46/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Fixes: 03b0093f7b31 ("Bluetooth: hci_qca: get wakeup status from serdev device handle") Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com> Tested-by: Zijun Hu <quic_zijuhu@quicinc.com> --- Changes since v2: - Correct tile and commit message Changes since v1: - Correct tile and commit message based on Paul's suggestions drivers/bluetooth/hci_qca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)