Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3379066imc; Wed, 13 Mar 2019 16:54:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqwPV6czvPYSquuPDT5mubSu/fv45ZRaIlkkpbeeh8Q3r4kl8dh0KHt0DzoJ10CFLzls+XZG X-Received: by 2002:a65:4581:: with SMTP id o1mr42805535pgq.159.1552521283837; Wed, 13 Mar 2019 16:54:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552521283; cv=none; d=google.com; s=arc-20160816; b=I2VY+ZSMyi5Z+fyER5RlXtsRbVbv4HskmFvyKBwSCT0EojEgKkb7HYTpdx/V7409el PsrK5z2yJ+ujxSov9x4yhp9bQCCdsDX0ToGaNmw1RNwWfYOTkcNY5dyVqQ8OudMCSC3A 8De/AOWbxh2xrZrQ40bCnRJsCvihd6BfOSBu5RqxHmyUO5MCX/QQU2K5L38KCx4l2m/s HE7YcEhfFMGBx6xifyU5M6r8U3ofsmZ7SNCLD7FEfZiEpnY6qExnckTCy0Ismdn2FUGW 7PLTuAmXFmBbzPQwRr6NTDStyu3NO9s+Hz1vXRIGtis0FfPvyunviWD4rRNVTfrM0R3a guRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date :mime-version:from:dkim-signature; bh=f+t4V07aCemw8cZpkvomwq06lLcOjBQtHDVqyar9YBA=; b=deCydhF1S94jv6i+jTSArl3jdTOzUC0nLr0ne9v/3pH+bZerEVco5f3NTEKV/kljx9 zOOPjW3cUrghBJfM4QQk1NNdijDvTaMnqIZjMsb3fPsqNuGVBoXh8BnrxIF7zfYxlGWH 4lvmxZFrlx3dUTOSBlsx3pO/yZcncTxNqzJnxd3KxXBUGaZKZkpDUUR7FMojgzqYwbEL cUBFQ4RxljLAYMt+llsb2S9hpDMs1/6OIaROfMUNGoTUJUY063qWuyk7qGrN5P7bP/Se NpvLwrN+GdIq1WmZYOzvwtVrbAP53KzvYW5ALWVBPrf5bv2JLPIMCbv6GuKLHhuycAYJ hsCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=hT0cTPjX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g188si10760056pgc.88.2019.03.13.16.54.27; Wed, 13 Mar 2019 16:54:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=hT0cTPjX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727279AbfCMXw0 (ORCPT + 99 others); Wed, 13 Mar 2019 19:52:26 -0400 Received: from mail-yw1-f67.google.com ([209.85.161.67]:34822 "EHLO mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726435AbfCMXwW (ORCPT ); Wed, 13 Mar 2019 19:52:22 -0400 Received: by mail-yw1-f67.google.com with SMTP id s204so2991113ywg.2 for ; Wed, 13 Mar 2019 16:52:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:mime-version:date:message-id:subject:to:cc; bh=f+t4V07aCemw8cZpkvomwq06lLcOjBQtHDVqyar9YBA=; b=hT0cTPjXYGOkK0QYxz1vIbcPOencR1uY+jwZquNNLCpAS0wnZauC8/nIJDkVWriCU8 epif7zG1eX9SlCt6Z0Rsi55TK+GCQVV15X3qjJvRN9E/GE93nca2ZLtn0nqg/Ocwc3ZD in9yC6edNVQ3ZeARWnwtLoUB9PtSIO1JwnQM8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:date:message-id:subject:to:cc; bh=f+t4V07aCemw8cZpkvomwq06lLcOjBQtHDVqyar9YBA=; b=BD/uJzwE4k1SvJfxa2RRlbfTH1G8lDHWZblPMItvkOfcLfgN/Pq3z7OGQkSWNhMkXX A+ZjCx0CtmVCWBcrDdxswWKSptrB4cJG7Mqn0DpBWDbCarIn8MYtpgEpvesuP6Ukplpe VzCB2GyhI1GbiQR3xzQD7lofSj/8PSpN3oKkivAbRnVYUwTd0YRIIpt2DiTZOgz6Fhf0 tKEi6JjU9FfG00kQapPnAOd+FD6YWQyT6ThP/yphtIUatO4oy4rR7mUeAJqXsdUpJ94/ YoNOm5WwHu37CLVCHUkIzyryiRoPgs2u7KITTVqYazBEBYQYQGo5u82IGJYROND6J2hk 9mGQ== X-Gm-Message-State: APjAAAW/+fNHAvrJjkpdYxE9106SboQ7qM5f0yjpzYzazqxifQUkYnwn V6AqQH73+irC1sI8l6HgGbyVnsuYQWEVCAT+PpiJZA== X-Received: by 2002:a81:7a94:: with SMTP id v142mr16143111ywc.221.1552521140654; Wed, 13 Mar 2019 16:52:20 -0700 (PDT) Received: from 764776645087 named unknown by gmailapi.google.com with HTTPREST; Wed, 13 Mar 2019 16:52:19 -0700 From: Matthias Kaehlcke X-Mailer: git-send-email 2.21.0.360.g471c308f928-goog MIME-Version: 1.0 Date: Wed, 13 Mar 2019 16:52:19 -0700 Message-ID: Subject: [PATCH] Bluetooth: hci_qca: Fix crash with non-serdev devices To: Marcel Holtmann , Johan Hedberg Cc: linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, Balakrishna Godavarthi , Hemantg , Rocky Liao , Matthias Kaehlcke Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org qca_set_baudrate() calls serdev_device_wait_until_sent() assuming that the HCI is always associated with a serdev device. This isn't true for ROME controllers instantiated through ldisc, where the call causes a crash due to a NULL pointer dereferentiation. Only call the function when we have a serdev device. The timeout for ROME devices at the end of qca_set_baudrate() is long enough to be reasonably sure that the command was sent. Fixes: fa9ad876b8e0 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth chip wcn3990") Reported-by: Balakrishna Godavarthi Reported-by: Rocky Liao Signed-off-by: Matthias Kaehlcke --- drivers/bluetooth/hci_qca.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4ea995d610d2..714a6a16f9d5 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1004,7 +1004,8 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate) while (!skb_queue_empty(&qca->txq)) usleep_range(100, 200); - serdev_device_wait_until_sent(hu->serdev, + if (hu->serdev) + serdev_device_wait_until_sent(hu->serdev, msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS)); /* Give the controller time to process the request */ -- 2.21.0.360.g471c308f928-goog