summaryrefslogtreecommitdiffstats
path: root/drivers/bluetooth/hci_uart.h
diff options
context:
space:
mode:
authorLoic Poulain <loic.poulain@intel.com>2016-04-04 10:48:13 +0200
committerMarcel Holtmann <marcel@holtmann.org>2016-04-08 18:58:56 +0200
commit84cb3df02aea4b00405521e67c4c67c2d525c364 (patch)
tree4802172d6283adade1e8299ed851b4b2af8c14d2 /drivers/bluetooth/hci_uart.h
parentBluetooth: hci_bcm: Add BCM2E71 ACPI ID (diff)
downloadlinux-84cb3df02aea4b00405521e67c4c67c2d525c364.tar.xz
linux-84cb3df02aea4b00405521e67c4c67c2d525c364.zip
Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data
HCI_UART_PROTO_SET flag is set before hci_uart_set_proto call. If we receive data from tty layer during this procedure, proto pointer may not be assigned yet, leading to null pointer dereference in rx method hci_uart_tty_receive. This patch fixes this issue by introducing HCI_UART_PROTO_READY flag in order to avoid any proto operation before proto opening and assignment. Signed-off-by: Loic Poulain <loic.poulain@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'drivers/bluetooth/hci_uart.h')
-rw-r--r--drivers/bluetooth/hci_uart.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h
index 4814ff08f427..839bad1d8152 100644
--- a/drivers/bluetooth/hci_uart.h
+++ b/drivers/bluetooth/hci_uart.h
@@ -95,6 +95,7 @@ struct hci_uart {
/* HCI_UART proto flag bits */
#define HCI_UART_PROTO_SET 0
#define HCI_UART_REGISTERED 1
+#define HCI_UART_PROTO_READY 2
/* TX states */
#define HCI_UART_SENDING 1