[thirdparty/kernel/stable-queue.git] / queue-6.8 / bluetooth-qca-fix-null-deref-on-non-serdev-setup.patch

From 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan+linaro@kernel.org>
Date: Mon, 22 Apr 2024 15:57:48 +0200
Subject: Bluetooth: qca: fix NULL-deref on non-serdev setup

From: Johan Hovold <johan+linaro@kernel.org>

commit 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86 upstream.

Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when
setup() is called for a non-serdev controller.

Fixes: e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support")
Cc: stable@vger.kernel.org      # 6.2
Cc: Zhengping Jiang <jiangzp@google.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/bluetooth/hci_qca.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1960,8 +1960,10 @@ retry:
 		qca_debugfs_init(hdev);
 		hu->hdev->hw_error = qca_hw_error;
 		hu->hdev->cmd_timeout = qca_cmd_timeout;
-		if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
-			hu->hdev->wakeup = qca_wakeup;
+		if (hu->serdev) {
+			if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
+				hu->hdev->wakeup = qca_wakeup;
+		}
 	} else if (ret == -ENOENT) {
 		/* No patch/nvm-config found, run with original fw/config */
 		set_bit(QCA_ROM_FW, &qca->flags);
Commit	Line	Data
6ea0374e GKH	1	From 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86 Mon Sep 17 00:00:00 2001
	2	From: Johan Hovold <johan+linaro@kernel.org>
	3	Date: Mon, 22 Apr 2024 15:57:48 +0200
	4	Subject: Bluetooth: qca: fix NULL-deref on non-serdev setup
	5
	6	From: Johan Hovold <johan+linaro@kernel.org>
	7
	8	commit 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86 upstream.
	9
	10	Qualcomm ROME controllers can be registered from the Bluetooth line
	11	discipline and in this case the HCI UART serdev pointer is NULL.
	12
	13	Add the missing sanity check to prevent a NULL-pointer dereference when
	14	setup() is called for a non-serdev controller.
	15
	16	Fixes: e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support")
	17	Cc: stable@vger.kernel.org # 6.2
	18	Cc: Zhengping Jiang <jiangzp@google.com>
	19	Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
	20	Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	21	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	22	---
	23	drivers/bluetooth/hci_qca.c \| 6 ++++--
	24	1 file changed, 4 insertions(+), 2 deletions(-)
	25
	26	--- a/drivers/bluetooth/hci_qca.c
	27	+++ b/drivers/bluetooth/hci_qca.c
449d25ff	28	@@ -1960,8 +1960,10 @@ retry:
6ea0374e GKH	29	qca_debugfs_init(hdev);
	30	hu->hdev->hw_error = qca_hw_error;
	31	hu->hdev->cmd_timeout = qca_cmd_timeout;
	32	- if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
	33	- hu->hdev->wakeup = qca_wakeup;
	34	+ if (hu->serdev) {
	35	+ if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
	36	+ hu->hdev->wakeup = qca_wakeup;
	37	+ }
	38	} else if (ret == -ENOENT) {
	39	/* No patch/nvm-config found, run with original fw/config */
	40	set_bit(QCA_ROM_FW, &qca->flags);