Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp2566252pxy;
        Mon, 3 May 2021 03:09:54 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw1zA7Db2V0gWLTMEDUcRgbAPItO+jBqVxYjNtzoEiB1HxJh1Dc3ktRGQvkntlCmsNuazPD
X-Received: by 2002:a17:903:248e:b029:ec:9fd5:eef4 with SMTP id p14-20020a170903248eb02900ec9fd5eef4mr19550237plw.81.1620036593896;
        Mon, 03 May 2021 03:09:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620036593; cv=none;
        d=google.com; s=arc-20160816;
        b=EZ1zs1oKmvwiZwnIWVltxaHjD2mqi9ezBdPeH3N2jiMlHTGtUXv+hy5zFfaZlDWKff
         24UdrRw2WCOlOjiOMfr2+8HSbOPiZvrPf3KlQeCL1MRyMNazpi+iTl9NqJ7OHr0jMgpO
         0+HChHKLqLEbGWSQvlwBQpH/Yc7qbgeU1LdUCqgUHneEqHKQjg8GvaUEC+A3BLI+mRFo
         OtvfFs92x7ofpAdZ5Bxq5c0GCBV7VydkO7zY/qoMxlpVzV0C474BUMBbNKTA9KppCcEb
         FkYDuKSexOGichQROeYjF7u67prRMCNNvI/wkmCG+9XztBSz7NHFcq7nCW3yTG0Xq6X9
         jFuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=qtxDGmxBhsi2IP7332PQH7tVPfSgkZrPmGm6BEOBEO4=;
        b=GbDP/+Hp2/NzPjHQ+gz6MwZKPyE0tNu1VbfnNMdLcz2etywPkK7+YasAst2erov2Dt
         BwTmhbFi3cJWk6VsB+DyqcPz0x1gXjtB3yXuv3wK7GnWv1YPJq0hxKfD9OzCou0u1b84
         AnSGffPfslX1sDLPLDNOCmyUrY83IS/Pyg6z+0kapdb2MdNFd3x7u2FEW6EMxd9Nv+GD
         um0FDX4LKPBM+KdtLn4PYlAA5cTSC7MKKWeHOD0UV7QQcCAvNVTihov3qPbE59DFHFgF
         zDeV6dv/0rboT3bqZNqpifpiWO4rQQ/Vq5dC1+6QNOR9R/TP2ACAGe1QkNzH0iUj9CbY
         uPfQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=X0vzCHQd;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id 3si13924268pgk.246.2021.05.03.03.09.23;
        Mon, 03 May 2021 03:09:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=X0vzCHQd;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233260AbhECKJD (ORCPT <rfc822;maitysanchayan@gmail.com>
        + 99 others); Mon, 3 May 2021 06:09:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47952 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233062AbhECKJD (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Mon, 3 May 2021 06:09:03 -0400
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92269C06174A;
        Mon,  3 May 2021 03:08:10 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id n138so7274858lfa.3;
        Mon, 03 May 2021 03:08:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=qtxDGmxBhsi2IP7332PQH7tVPfSgkZrPmGm6BEOBEO4=;
        b=X0vzCHQdFjsA7MpwFIDNpKpUMkiFwnAowhcDUr3BjPO9cON/kGIIDy9AyQ7uxsP8u9
         8nHnowrVrsrOXXhyPqyhF0MW0n3dBQo2vUW29UCKJGzbRhylUgCdKBubqRQsZsR5nV4+
         /muAXGWreS5Q8/nefwhh4DsuhoB9jMUJJ+waBlix4kKARlZF5MkKKzeyvVWWTkCajTbx
         hJd65f/vWybEwPyozaLfKE0tNoNA23FtcYnT1zY5QZd7pkTjsgMZCSIRk38mDmuc9Iod
         g+hXCKRcLPuKUGIkzKG4h3CZpb94Mfz+LL/Umrhd/gjcguiLRuoTrx9HXfEYErIPUJtL
         YjTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=qtxDGmxBhsi2IP7332PQH7tVPfSgkZrPmGm6BEOBEO4=;
        b=aKg60S86MpRHu9L5+Rqosev0rcwkdkcHiy4LqSJ4GldU88jKxLNeQqnASka9cXGpFY
         VnSOjOxsZhkkhN1ZYVKvMVDnsFkESBrnxXFr0dcL7PYBdFyW+xagrhbJgbZ5rgrG37Bx
         RGjqhdDl8RNvDQfig5JZGagY5UGuIuVYd/c3iEGK5CLhkIhiwNZQ7usUAu1W8f2iFwf3
         9QoG6VRTJ71yj+o1nLRj9Sd4wmgs/A7/hStgHSS5iRWQEudUQeLeGhIwMcNRmhY+YwUH
         tMOZppwXp1gZ9z0y4RngeF9LscxALDryg0K6qeXfgBi7Zm/LmCZdDeN4zJqQBRXZ6R21
         TRIQ==
X-Gm-Message-State: AOAM531daV9U5elRleR/gS8eKjCrp/wBdxPVmwEN3klSPzu4HY3p+VSP
        EV0kxvabZcHnxPz7KyE9Vp4=
X-Received: by 2002:a05:6512:2021:: with SMTP id s1mr12596618lfs.211.1620036489056;
        Mon, 03 May 2021 03:08:09 -0700 (PDT)
Received: from localhost.localdomain ([94.103.226.84])
        by smtp.gmail.com with ESMTPSA id f18sm1092372lft.98.2021.05.03.03.08.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 03 May 2021 03:08:08 -0700 (PDT)
From:   Pavel Skripkin <paskripkin@gmail.com>
To:     marcel@holtmann.org, johan.hedberg@gmail.com
Cc:     linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
        Pavel Skripkin <paskripkin@gmail.com>, stable@vger.kernel.org,
        Rocky Liao <rjliao@codeaurora.org>
Subject: [PATCH v2] bluetooth: hci_qca: fix potential GPF
Date:   Mon,  3 May 2021 13:06:05 +0300
Message-Id: <20210503100605.5223-1-paskripkin@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <YI+s2Hms/56Pvatu@hovoldconsulting.com>
References: <YI+s2Hms/56Pvatu@hovoldconsulting.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

In qca_power_shutdown() qcadev local variable is
initialized by hu->serdev.dev private data, but
hu->serdev can be NULL and there is a check for it.

Since, qcadev is not used before

	if (!hu->serdev)
		return;

we can move its initialization after this "if" to
prevent GPF.

Fixes: 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()")
Cc: stable@vger.kernel.org # v5.6+
Cc: Rocky Liao <rjliao@codeaurora.org>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
---
 drivers/bluetooth/hci_qca.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index de36af63e182..9589ef6c0c26 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1820,8 +1820,6 @@ static void qca_power_shutdown(struct hci_uart *hu)
 	unsigned long flags;
 	enum qca_btsoc_type soc_type = qca_soc_type(hu);
 
-	qcadev = serdev_device_get_drvdata(hu->serdev);
-
 	/* From this point we go into power off state. But serial port is
 	 * still open, stop queueing the IBS data and flush all the buffered
 	 * data in skb's.
@@ -1837,6 +1835,8 @@ static void qca_power_shutdown(struct hci_uart *hu)
 	if (!hu->serdev)
 		return;
 
+	qcadev = serdev_device_get_drvdata(hu->serdev);
+
 	if (qca_is_wcn399x(soc_type)) {
 		host_set_baudrate(hu, 2400);
 		qca_send_power_pulse(hu, false);
-- 
2.31.1