diff mbox series

[v3,2/4] Bluetooth: qca: Fix nullptr dereference for non-serdev devices

Message ID 1713409913-13042-3-git-send-email-quic_zijuhu@quicinc.com
State Superseded
Headers show
Series Fix 2 tool btattach issues for QCA controllers | expand

Commit Message

quic_zijuhu April 18, 2024, 3:11 a.m. UTC
hu->serdev is nullptr and will cause nullptr dereference if qca_setup()
is called by non-serdev device, fixed by nullptr checking before access.

Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
---
 drivers/bluetooth/hci_qca.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Comments

Johan Hovold April 18, 2024, 4:08 p.m. UTC | #1
On Thu, Apr 18, 2024 at 11:11:51AM +0800, Zijun Hu wrote:
> hu->serdev is nullptr and will cause nullptr dereference if qca_setup()
> is called by non-serdev device, fixed by nullptr checking before access.

As I explained elsewhere, this is not a fix. It is only something you
need *after* you added the later patches in this series. This needs to
be reflected in the commit summary and commit message as I already told
you:

	https://lore.kernel.org/all/Zh91zq13nZvH3-Yj@hovoldconsulting.com/

Johan
quic_zijuhu April 18, 2024, 10:15 p.m. UTC | #2
On 4/19/2024 12:08 AM, Johan Hovold wrote:
> On Thu, Apr 18, 2024 at 11:11:51AM +0800, Zijun Hu wrote:
>> hu->serdev is nullptr and will cause nullptr dereference if qca_setup()
>> is called by non-serdev device, fixed by nullptr checking before access.
> 
> As I explained elsewhere, this is not a fix. It is only something you
> need *after* you added the later patches in this series. This needs to
> be reflected in the commit summary and commit message as I already told
> you:
> 
> 	https://lore.kernel.org/all/Zh91zq13nZvH3-Yj@hovoldconsulting.com/
> 
i have removed below fix commit sentence from commit message.
Fixes: 77f45cca8bc5 ("Bluetooth: qca: fix device-address endianness")

let me also remove work Fix|fix.
> Johan
diff mbox series

Patch

diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index fdaf83d817af..c04b97332bca 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1905,10 +1905,11 @@  static int qca_setup(struct hci_uart *hu)
 	case QCA_WCN6750:
 	case QCA_WCN6855:
 	case QCA_WCN7850:
-		qcadev = serdev_device_get_drvdata(hu->serdev);
-		if (qcadev->bdaddr_property_broken)
-			set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks);
-
+		if (hu->serdev) {
+			qcadev = serdev_device_get_drvdata(hu->serdev);
+			if (qcadev->bdaddr_property_broken)
+				set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks);
+		}
 		hci_set_aosp_capable(hdev);
 
 		ret = qca_read_soc_version(hdev, &ver, soc_type);