diff options
author | Pavel Skripkin <paskripkin@gmail.com> | 2021-05-03 12:06:05 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2021-06-26 07:12:26 +0200 |
commit | 59f90f1351282ea2dbd0c59098fd9bb2634e920e (patch) | |
tree | 60a694b5235507cb44d5e63c77bc4adeae068040 /drivers/bluetooth/hci_qca.c | |
parent | Bluetooth: Fix the HCI to MGMT status conversion table (diff) | |
download | linux-59f90f1351282ea2dbd0c59098fd9bb2634e920e.tar.xz linux-59f90f1351282ea2dbd0c59098fd9bb2634e920e.zip |
Bluetooth: hci_qca: fix potential GPF
In qca_power_shutdown() qcadev local variable is
initialized by hu->serdev.dev private data, but
hu->serdev can be NULL and there is a check for it.
Since, qcadev is not used before
if (!hu->serdev)
return;
we can move its initialization after this "if" to
prevent GPF.
Fixes: 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()")
Cc: stable@vger.kernel.org # v5.6+
Cc: Rocky Liao <rjliao@codeaurora.org>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'drivers/bluetooth/hci_qca.c')
-rw-r--r-- | drivers/bluetooth/hci_qca.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 0a0056912d51..dc6551d65912 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1835,8 +1835,6 @@ static void qca_power_shutdown(struct hci_uart *hu) unsigned long flags; enum qca_btsoc_type soc_type = qca_soc_type(hu); - qcadev = serdev_device_get_drvdata(hu->serdev); - /* From this point we go into power off state. But serial port is * still open, stop queueing the IBS data and flush all the buffered * data in skb's. @@ -1852,6 +1850,8 @@ static void qca_power_shutdown(struct hci_uart *hu) if (!hu->serdev) return; + qcadev = serdev_device_get_drvdata(hu->serdev); + if (qca_is_wcn399x(soc_type)) { host_set_baudrate(hu, 2400); qca_send_power_pulse(hu, false); |