Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp681207yba; Mon, 1 Apr 2019 14:37:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYay7QQ7pvCly5JsEukVwgV+SQ+Guu/zVebRe1t6j17iZ231KsDrdrDaLVCv9UbeqwJPnA X-Received: by 2002:a17:902:d70f:: with SMTP id w15mr17598183ply.134.1554154657460; Mon, 01 Apr 2019 14:37:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554154657; cv=none; d=google.com; s=arc-20160816; b=dAsVIIxzcHHz4TseephrGWf+CyKGdAMZ31jaHrtkcCIV0NZNji22x2J3MGj+SGFSM+ 4nHEER28+CD9JRKrYiB8iCTrYGch1SVH1vPPvrkriKCKt2vUaLupGmySg+y8QyD//W89 Hi9FTWSd01mrVgv1xPwp86QGRLfhH0I1CMp9KMvF6ljDMjL9jTy1871oDSkmzPJ0Vz7N 3pnjzx0C0J4B4E+69HelQ8WcZdo1gENOu1iIZKkcFTXi73lSBS67XHKZBfuev1WpaM8y Pxnd7NJc3l1jsi6wIc1YUjjoFo136RLN62AY8XPUH7BzMSFOtMZlotVnomiX0p8hm+xb svdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=H2BWpsf3eguvBn3XgFLe8zv3fkMLRcZ0jw/2QokUZA4=; b=KY/XQtZwq72VIQ5+UwFjDb0ZIUdG9jPp3z2Ff/hChNVDjSlA8CqPeAfNHulnEXcwaA 6FLQwfVz9oIBjlBTCL9fK85ydbhNiYqTLp5dWBnnvg7hU6OYg212qnUHj+a7h7jaZmQb aEOZTk587C8vO/8sDpTuH/LwzeeXk6J8eGGo9pKuN4ygB/O19Tyy8Sui+ginBg8hlcqu HZzr9sZvjLchxAxnyOaL2eRtPexVf4TVjpZDxYkv3I3zXrtsHi5OjY5xZIV26vj2RdKL FWtxhPbOIQXMOBcxv+lhYNxSo1TToYYD/sXMBg2nm8QaXdMAHD3eLEBgx5JmGvBIEjgo tHBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Z6mprssQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u3si9673231pfn.281.2019.04.01.14.37.22; Mon, 01 Apr 2019 14:37:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Z6mprssQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728681AbfDAVfm (ORCPT + 99 others); Mon, 1 Apr 2019 17:35:42 -0400 Received: from mail-pl1-f196.google.com ([209.85.214.196]:33784 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725869AbfDAVfm (ORCPT ); Mon, 1 Apr 2019 17:35:42 -0400 Received: by mail-pl1-f196.google.com with SMTP id t16so3245339plo.0 for ; Mon, 01 Apr 2019 14:35:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=H2BWpsf3eguvBn3XgFLe8zv3fkMLRcZ0jw/2QokUZA4=; b=Z6mprssQVG5eQFdr5Y5zngC4TRp+VUYA8LiKYING+NTddEKOlPbm/DBw9UBdvW781g MFgO6ykBbPXfBOs+vcbxqix00VZAjDCbHluDWSJYiBxqrN17+dbTSiCpKJKspQ9pqBgf U41BWOyBXIuhVkGO70iyrTPAxoqJbLf/gKK0s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=H2BWpsf3eguvBn3XgFLe8zv3fkMLRcZ0jw/2QokUZA4=; b=ntWZAFTmmPgG/82nxkUE6kuuszZHLl41Q0WuGec74KKtuId9cTx5boXjVGxz70/wez ysf6k4Kc+68nnhNAo0dVr8hOaaO8SKt2l7ipXZWpF1jVdDXC0wvsebM8/1boaJWmg/kf oGlpuYLeW3wnAwhWsu0UhOu9Wy+Mtlo8SJDLDNwmMGtXMH3/02NAK/YtNa0TUphb2Nmv bdktr6aBgXKVVPxSWEy6z7SCLGVf4azNb2bnAVYFMHkHELVFPDb4cb4hR/qTngacQVsg H0naJLOepboDfUGWTBaIpFm2LgWcqm5HzjKFzr+fegJbLpFhrl2xbtztDsUX3rbYt6Be TOMg== X-Gm-Message-State: APjAAAX+MUgfTDXDl8JSHn+3COL8HKFvvikW3WgE7WQscH/vODv7n8dr O2wib15vPl93SKByIUjuGO6AUQ== X-Received: by 2002:a17:902:241:: with SMTP id 59mr31361252plc.79.1554154541312; Mon, 01 Apr 2019 14:35:41 -0700 (PDT) Received: from localhost ([2620:15c:202:1:75a:3f6e:21d:9374]) by smtp.gmail.com with ESMTPSA id f65sm16923236pff.21.2019.04.01.14.35.40 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 01 Apr 2019 14:35:40 -0700 (PDT) Date: Mon, 1 Apr 2019 14:35:40 -0700 From: Matthias Kaehlcke To: Marcel Holtmann , Johan Hedberg Cc: linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, Balakrishna Godavarthi , Hemantg , Rocky Liao Subject: Re: [PATCH] Bluetooth: hci_qca: Fix crash with non-serdev devices Message-ID: <20190401213540.GJ112750@google.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Marcel, do you have any comments or can this fix be landed? Thanks Matthias On Wed, Mar 13, 2019 at 04:52:19PM -0700, Matthias Kaehlcke wrote: > qca_set_baudrate() calls serdev_device_wait_until_sent() assuming that > the HCI is always associated with a serdev device. This isn't true for > ROME controllers instantiated through ldisc, where the call causes a > crash due to a NULL pointer dereferentiation. Only call the function > when we have a serdev device. The timeout for ROME devices at the end > of qca_set_baudrate() is long enough to be reasonably sure that the > command was sent. > > Fixes: fa9ad876b8e0 ("Bluetooth: hci_qca: Add support for Qualcomm > Bluetooth chip wcn3990") > Reported-by: Balakrishna Godavarthi > Reported-by: Rocky Liao > Signed-off-by: Matthias Kaehlcke > --- > drivers/bluetooth/hci_qca.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c > index 4ea995d610d2..714a6a16f9d5 100644 > --- a/drivers/bluetooth/hci_qca.c > +++ b/drivers/bluetooth/hci_qca.c > @@ -1004,7 +1004,8 @@ static int qca_set_baudrate(struct hci_dev > *hdev, uint8_t baudrate) > while (!skb_queue_empty(&qca->txq)) > usleep_range(100, 200); > > - serdev_device_wait_until_sent(hu->serdev, > + if (hu->serdev) > + serdev_device_wait_until_sent(hu->serdev, > msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS)); > > /* Give the controller time to process the request */