All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Bluetooth: hci_intel: Fix null gpio desc pointer dereference
@ 2016-04-28 16:48 Loic Poulain
  2016-04-29 13:51 ` Heikki Krogerus
  2016-05-02 17:30 ` Marcel Holtmann
  0 siblings, 2 replies; 3+ messages in thread
From: Loic Poulain @ 2016-04-28 16:48 UTC (permalink / raw)
  To: marcel, johan.hedberg; +Cc: heikki.krogerus, linux-bluetooth, Loic Poulain

gpiod_get_optional can return either ERR_PTR or NULL pointer.
NULL case is not tested and then dereferenced later in desc_to_gpio.
Fix this by using non optional version which returns ERR_PTR in any
error case (this is not an optional gpio).
Use the same non optional version for the host-wake gpio.

Signed-off-by: Loic Poulain <loic.poulain@intel.com>
---
 drivers/bluetooth/hci_intel.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c
index 91d6051..f6f2b01 100644
--- a/drivers/bluetooth/hci_intel.c
+++ b/drivers/bluetooth/hci_intel.c
@@ -1210,8 +1210,7 @@ static int intel_probe(struct platform_device *pdev)
 
 	idev->pdev = pdev;
 
-	idev->reset = devm_gpiod_get_optional(&pdev->dev, "reset",
-					      GPIOD_OUT_LOW);
+	idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW);
 	if (IS_ERR(idev->reset)) {
 		dev_err(&pdev->dev, "Unable to retrieve gpio\n");
 		return PTR_ERR(idev->reset);
@@ -1223,8 +1222,7 @@ static int intel_probe(struct platform_device *pdev)
 
 		dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
 
-		host_wake = devm_gpiod_get_optional(&pdev->dev, "host-wake",
-						    GPIOD_IN);
+		host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN);
 		if (IS_ERR(host_wake)) {
 			dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
 			goto no_irq;
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] Bluetooth: hci_intel: Fix null gpio desc pointer dereference
  2016-04-28 16:48 [PATCH] Bluetooth: hci_intel: Fix null gpio desc pointer dereference Loic Poulain
@ 2016-04-29 13:51 ` Heikki Krogerus
  2016-05-02 17:30 ` Marcel Holtmann
  1 sibling, 0 replies; 3+ messages in thread
From: Heikki Krogerus @ 2016-04-29 13:51 UTC (permalink / raw)
  To: Loic Poulain; +Cc: marcel, johan.hedberg, linux-bluetooth

Hi,

On Thu, Apr 28, 2016 at 06:48:25PM +0200, Loic Poulain wrote:
> gpiod_get_optional can return either ERR_PTR or NULL pointer.
> NULL case is not tested and then dereferenced later in desc_to_gpio.
> Fix this by using non optional version which returns ERR_PTR in any
> error case (this is not an optional gpio).
> Use the same non optional version for the host-wake gpio.

So shouldn't there be:

Fixes: 765ea3abd116 ("Bluetooth: hci_intel: Retrieve host-wake IRQ")

> Signed-off-by: Loic Poulain <loic.poulain@intel.com>
> ---
>  drivers/bluetooth/hci_intel.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c
> index 91d6051..f6f2b01 100644
> --- a/drivers/bluetooth/hci_intel.c
> +++ b/drivers/bluetooth/hci_intel.c
> @@ -1210,8 +1210,7 @@ static int intel_probe(struct platform_device *pdev)
>  
>  	idev->pdev = pdev;
>  
> -	idev->reset = devm_gpiod_get_optional(&pdev->dev, "reset",
> -					      GPIOD_OUT_LOW);
> +	idev->reset = devm_gpiod_get(&pdev->dev, "reset", GPIOD_OUT_LOW);
>  	if (IS_ERR(idev->reset)) {
>  		dev_err(&pdev->dev, "Unable to retrieve gpio\n");
>  		return PTR_ERR(idev->reset);
> @@ -1223,8 +1222,7 @@ static int intel_probe(struct platform_device *pdev)
>  
>  		dev_err(&pdev->dev, "No IRQ, falling back to gpio-irq\n");
>  
> -		host_wake = devm_gpiod_get_optional(&pdev->dev, "host-wake",
> -						    GPIOD_IN);
> +		host_wake = devm_gpiod_get(&pdev->dev, "host-wake", GPIOD_IN);
>  		if (IS_ERR(host_wake)) {
>  			dev_err(&pdev->dev, "Unable to retrieve IRQ\n");
>  			goto no_irq;
> -- 
> 1.9.1

Thanks,

-- 
heikki

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Bluetooth: hci_intel: Fix null gpio desc pointer dereference
  2016-04-28 16:48 [PATCH] Bluetooth: hci_intel: Fix null gpio desc pointer dereference Loic Poulain
  2016-04-29 13:51 ` Heikki Krogerus
@ 2016-05-02 17:30 ` Marcel Holtmann
  1 sibling, 0 replies; 3+ messages in thread
From: Marcel Holtmann @ 2016-05-02 17:30 UTC (permalink / raw)
  To: Loic Poulain; +Cc: Johan Hedberg, heikki.krogerus, linux-bluetooth

Hi Loic,

> gpiod_get_optional can return either ERR_PTR or NULL pointer.
> NULL case is not tested and then dereferenced later in desc_to_gpio.
> Fix this by using non optional version which returns ERR_PTR in any
> error case (this is not an optional gpio).
> Use the same non optional version for the host-wake gpio.
> 
> Signed-off-by: Loic Poulain <loic.poulain@intel.com>
> ---
> drivers/bluetooth/hci_intel.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-05-02 17:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-28 16:48 [PATCH] Bluetooth: hci_intel: Fix null gpio desc pointer dereference Loic Poulain
2016-04-29 13:51 ` Heikki Krogerus
2016-05-02 17:30 ` Marcel Holtmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.