[2/2] Bluetooth: qca: fix NULL-deref on non-serdev setup

Message ID	20240319154611.2492-3-johan+linaro@kernel.org (mailing list archive)
State	New, archived
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AE30657AD; Tue, 19 Mar 2024 15:46:13 +0000 (UTC) From: Johan Hovold <johan+linaro@kernel.org> To: Marcel Holtmann <marcel@holtmann.org>, Luiz Augusto von Dentz <luiz.dentz@gmail.com> Cc: Zhengping Jiang <jiangzp@google.com>, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, Johan Hovold <johan+linaro@kernel.org>, stable@vger.kernel.org Subject: [PATCH 2/2] Bluetooth: qca: fix NULL-deref on non-serdev setup Date: Tue, 19 Mar 2024 16:46:11 +0100 Message-ID: <20240319154611.2492-3-johan+linaro@kernel.org> In-Reply-To: <20240319154611.2492-1-johan+linaro@kernel.org> References: <20240319154611.2492-1-johan+linaro@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Bluetooth: qca: fix NULL-deref on non-serdev setup \| expand [0/2] Bluetooth: qca: fix NULL-deref on non-serdev setup [1/2] Bluetooth: qca: fix NULL-deref on non-serdev suspend [2/2] Bluetooth: qca: fix NULL-deref on non-serdev setup

Message ID

20240319154611.2492-3-johan+linaro@kernel.org (mailing list archive)

State

New, archived

Headers

From: Johan Hovold <johan+linaro@kernel.org>
To: Marcel Holtmann <marcel@holtmann.org>,
	Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc: Zhengping Jiang <jiangzp@google.com>,
	linux-bluetooth@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Johan Hovold <johan+linaro@kernel.org>,
	stable@vger.kernel.org
Subject: [PATCH 2/2] Bluetooth: qca: fix NULL-deref on non-serdev setup
Date: Tue, 19 Mar 2024 16:46:11 +0100
Message-ID: <20240319154611.2492-3-johan+linaro@kernel.org>
In-Reply-To: <20240319154611.2492-1-johan+linaro@kernel.org>
References: <20240319154611.2492-1-johan+linaro@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Bluetooth: qca: fix NULL-deref on non-serdev setup | expand

Checks

Context	Check	Description
tedd_an/pre-ci_am	success	Success
tedd_an/CheckPatch	success	CheckPatch PASS
tedd_an/GitLint	success	Gitlint PASS
tedd_an/SubjectPrefix	success	Gitlint PASS
tedd_an/IncrementalBuild	success	Incremental Build PASS

Context

Check

Description

tedd_an/pre-ci_am

success

Success

tedd_an/CheckPatch

success

CheckPatch PASS

tedd_an/GitLint

success

Gitlint PASS

tedd_an/SubjectPrefix

success

Gitlint PASS

tedd_an/IncrementalBuild

success

Incremental Build PASS

Commit Message

Johan Hovold March 19, 2024, 3:46 p.m. UTC

Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when
setup() is called for a non-serdev controller.

Fixes: e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support")
Cc: stable@vger.kernel.org      # 6.2
Cc: Zhengping Jiang <jiangzp@google.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
 drivers/bluetooth/hci_qca.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 84f728943962..6a69a7f9ef64 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1960,8 +1960,10 @@  static int qca_setup(struct hci_uart *hu)
 		qca_debugfs_init(hdev);
 		hu->hdev->hw_error = qca_hw_error;
 		hu->hdev->cmd_timeout = qca_cmd_timeout;
-		if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
-			hu->hdev->wakeup = qca_wakeup;
+		if (hu->serdev) {
+			if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
+				hu->hdev->wakeup = qca_wakeup;
+		}
 	} else if (ret == -ENOENT) {
 		/* No patch/nvm-config found, run with original fw/config */
 		set_bit(QCA_ROM_FW, &qca->flags);