| Message ID | 20210501150445.4055-1-paskripkin@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | bluetooth: fix potential gfp | expand |
On Sat, May 01, 2021 at 06:04:45PM +0300, Pavel Skripkin wrote: > In qca_power_shutdown() qcadev local variable is > initialized by hu->serdev.dev private data, but > hu->serdev can be NULL and there is a check for it. > > Since, qcadev is not used before > > if (!hu->serdev) > return; > > we can move its initialization after this "if" to > prevent gfp. Good catch. The commit message needs to be improved however. First, what's a "gfp"? Did you mean GPF? Second, I'd expect you to try to point to the commit that introduced this issue (e.g. using a Fixes tag) and CC the person responsible. This appears to be commit 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") but you should verify that. Third, this looks like it could be triggered by user space so you should CC stable too so that the fix is backported. Fourth, your commit summary (Subject) is missing the driver component (i.e. "hci_qca"). > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > --- > drivers/bluetooth/hci_qca.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c > index de36af63e182..9589ef6c0c26 100644 > --- a/drivers/bluetooth/hci_qca.c > +++ b/drivers/bluetooth/hci_qca.c > @@ -1820,8 +1820,6 @@ static void qca_power_shutdown(struct hci_uart *hu) > unsigned long flags; > enum qca_btsoc_type soc_type = qca_soc_type(hu); > > - qcadev = serdev_device_get_drvdata(hu->serdev); > - > /* From this point we go into power off state. But serial port is > * still open, stop queueing the IBS data and flush all the buffered > * data in skb's. > @@ -1837,6 +1835,8 @@ static void qca_power_shutdown(struct hci_uart *hu) > if (!hu->serdev) > return; > > + qcadev = serdev_device_get_drvdata(hu->serdev); > + > if (qca_is_wcn399x(soc_type)) { > host_set_baudrate(hu, 2400); > qca_send_power_pulse(hu, false); Johan
Hi! On Mon, 3 May 2021 09:57:12 +0200 Johan Hovold <johan@kernel.org> wrote: > On Sat, May 01, 2021 at 06:04:45PM +0300, Pavel Skripkin wrote: > > In qca_power_shutdown() qcadev local variable is > > initialized by hu->serdev.dev private data, but > > hu->serdev can be NULL and there is a check for it. > > > > Since, qcadev is not used before > > > > if (!hu->serdev) > > return; > > > > we can move its initialization after this "if" to > > prevent gfp. > > Good catch. The commit message needs to be improved however. > > First, what's a "gfp"? Did you mean GPF? Yes, it's typo :( > > Second, I'd expect you to try to point to the commit that introduced > this issue (e.g. using a Fixes tag) and CC the person responsible. > This appears to be commit 5559904ccc08 ("Bluetooth: hci_qca: Add QCA > Rome power off support to the qca_power_shutdown()") but you should > verify that. > > Third, this looks like it could be triggered by user space so you > should CC stable too so that the fix is backported. > > Fourth, your commit summary (Subject) is missing the driver component > (i.e. "hci_qca"). > Ok, I'll fix it all and send v2 soon. Thanks for your feedback! > > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > > --- > > drivers/bluetooth/hci_qca.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/bluetooth/hci_qca.c > > b/drivers/bluetooth/hci_qca.c index de36af63e182..9589ef6c0c26 > > 100644 --- a/drivers/bluetooth/hci_qca.c > > +++ b/drivers/bluetooth/hci_qca.c > > @@ -1820,8 +1820,6 @@ static void qca_power_shutdown(struct > > hci_uart *hu) unsigned long flags; > > enum qca_btsoc_type soc_type = qca_soc_type(hu); > > > > - qcadev = serdev_device_get_drvdata(hu->serdev); > > - > > /* From this point we go into power off state. But serial > > port is > > * still open, stop queueing the IBS data and flush all > > the buffered > > * data in skb's. > > @@ -1837,6 +1835,8 @@ static void qca_power_shutdown(struct > > hci_uart *hu) if (!hu->serdev) > > return; > > > > + qcadev = serdev_device_get_drvdata(hu->serdev); > > + > > if (qca_is_wcn399x(soc_type)) { > > host_set_baudrate(hu, 2400); > > qca_send_power_pulse(hu, false); > > Johan With regards, Pavel Skripkin
On Mon, May 03, 2021 at 01:06:05PM +0300, Pavel Skripkin wrote: > In qca_power_shutdown() qcadev local variable is > initialized by hu->serdev.dev private data, but > hu->serdev can be NULL and there is a check for it. > > Since, qcadev is not used before > > if (!hu->serdev) > return; > > we can move its initialization after this "if" to > prevent GPF. > > Fixes: 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") > Cc: stable@vger.kernel.org # v5.6+ > Cc: Rocky Liao <rjliao@codeaurora.org> > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > --- Next time, put a changelog here so we know what changed since earlier version(s). Reviewed-by: Johan Hovold <johan@kernel.org> > drivers/bluetooth/hci_qca.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c > index de36af63e182..9589ef6c0c26 100644 > --- a/drivers/bluetooth/hci_qca.c > +++ b/drivers/bluetooth/hci_qca.c > @@ -1820,8 +1820,6 @@ static void qca_power_shutdown(struct hci_uart *hu) > unsigned long flags; > enum qca_btsoc_type soc_type = qca_soc_type(hu); > > - qcadev = serdev_device_get_drvdata(hu->serdev); > - > /* From this point we go into power off state. But serial port is > * still open, stop queueing the IBS data and flush all the buffered > * data in skb's. > @@ -1837,6 +1835,8 @@ static void qca_power_shutdown(struct hci_uart *hu) > if (!hu->serdev) > return; > > + qcadev = serdev_device_get_drvdata(hu->serdev); > + > if (qca_is_wcn399x(soc_type)) { > host_set_baudrate(hu, 2400); > qca_send_power_pulse(hu, false);
Hi Pavel, > In qca_power_shutdown() qcadev local variable is > initialized by hu->serdev.dev private data, but > hu->serdev can be NULL and there is a check for it. > > Since, qcadev is not used before > > if (!hu->serdev) > return; > > we can move its initialization after this "if" to > prevent gfp. > > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > --- > drivers/bluetooth/hci_qca.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel
On Fri, May 07, 2021 at 10:27:39AM +0200, Marcel Holtmann wrote: > Hi Pavel, > > > In qca_power_shutdown() qcadev local variable is > > initialized by hu->serdev.dev private data, but > > hu->serdev can be NULL and there is a check for it. > > > > Since, qcadev is not used before > > > > if (!hu->serdev) > > return; > > > > we can move its initialization after this "if" to > > prevent gfp. > > > > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > > --- > > drivers/bluetooth/hci_qca.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > patch has been applied to bluetooth-next tree. Why did you pick the v1 when it is clear from thread that a v2 has been posted? Johan
Hi Johan, >>> In qca_power_shutdown() qcadev local variable is >>> initialized by hu->serdev.dev private data, but >>> hu->serdev can be NULL and there is a check for it. >>> >>> Since, qcadev is not used before >>> >>> if (!hu->serdev) >>> return; >>> >>> we can move its initialization after this "if" to >>> prevent gfp. >>> >>> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> >>> --- >>> drivers/bluetooth/hci_qca.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> patch has been applied to bluetooth-next tree. > > Why did you pick the v1 when it is clear from thread that a v2 has been > posted? because I only saw that email after I applied the patch and the v2 is nowhere in sight as it seems. If it shows up, I replace this one then. Regards Marcel
On Fri, May 07, 2021 at 05:20:11PM +0200, Marcel Holtmann wrote: > Hi Johan, > > >>> In qca_power_shutdown() qcadev local variable is > >>> initialized by hu->serdev.dev private data, but > >>> hu->serdev can be NULL and there is a check for it. > >>> > >>> Since, qcadev is not used before > >>> > >>> if (!hu->serdev) > >>> return; > >>> > >>> we can move its initialization after this "if" to > >>> prevent gfp. > >>> > >>> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > >>> --- > >>> drivers/bluetooth/hci_qca.c | 4 ++-- > >>> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> patch has been applied to bluetooth-next tree. > > > > Why did you pick the v1 when it is clear from thread that a v2 has been > > posted? > > because I only saw that email after I applied the patch and the v2 is > nowhere in sight as it seems. If it shows up, I replace this one then. Here it is https://lore.kernel.org/lkml/20210503100605.5223-1-paskripkin@gmail.com/ Johan
Hi Johan, >>>>> In qca_power_shutdown() qcadev local variable is >>>>> initialized by hu->serdev.dev private data, but >>>>> hu->serdev can be NULL and there is a check for it. >>>>> >>>>> Since, qcadev is not used before >>>>> >>>>> if (!hu->serdev) >>>>> return; >>>>> >>>>> we can move its initialization after this "if" to >>>>> prevent gfp. >>>>> >>>>> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> >>>>> --- >>>>> drivers/bluetooth/hci_qca.c | 4 ++-- >>>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> patch has been applied to bluetooth-next tree. >>> >>> Why did you pick the v1 when it is clear from thread that a v2 has been >>> posted? >> >> because I only saw that email after I applied the patch and the v2 is >> nowhere in sight as it seems. If it shows up, I replace this one then. > > Here it is > > https://lore.kernel.org/lkml/20210503100605.5223-1-paskripkin@gmail.com/ seems to have missed my inbox. Fixed now. Regards Marcel
On Fri, May 07, 2021 at 06:07:50PM +0200, Marcel Holtmann wrote: > Hi Johan, > > >>>>> In qca_power_shutdown() qcadev local variable is > >>>>> initialized by hu->serdev.dev private data, but > >>>>> hu->serdev can be NULL and there is a check for it. > >>>>> > >>>>> Since, qcadev is not used before > >>>>> > >>>>> if (!hu->serdev) > >>>>> return; > >>>>> > >>>>> we can move its initialization after this "if" to > >>>>> prevent gfp. > >>>>> > >>>>> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > >>>>> --- > >>>>> drivers/bluetooth/hci_qca.c | 4 ++-- > >>>>> 1 file changed, 2 insertions(+), 2 deletions(-) > >>>> > >>>> patch has been applied to bluetooth-next tree. > >>> > >>> Why did you pick the v1 when it is clear from thread that a v2 has been > >>> posted? > >> > >> because I only saw that email after I applied the patch and the v2 is > >> nowhere in sight as it seems. If it shows up, I replace this one then. > > > > Here it is > > > > https://lore.kernel.org/lkml/20210503100605.5223-1-paskripkin@gmail.com/ > > seems to have missed my inbox. Fixed now. Would you mind adding my Reviewed-by tag from the reply to that patch as well? I don't know if you're using b4 yet but it can be used to fetch it all from lore. Johan
Hi Johan, >>>>>>> In qca_power_shutdown() qcadev local variable is >>>>>>> initialized by hu->serdev.dev private data, but >>>>>>> hu->serdev can be NULL and there is a check for it. >>>>>>> >>>>>>> Since, qcadev is not used before >>>>>>> >>>>>>> if (!hu->serdev) >>>>>>> return; >>>>>>> >>>>>>> we can move its initialization after this "if" to >>>>>>> prevent gfp. >>>>>>> >>>>>>> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> >>>>>>> --- >>>>>>> drivers/bluetooth/hci_qca.c | 4 ++-- >>>>>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>>>> >>>>>> patch has been applied to bluetooth-next tree. >>>>> >>>>> Why did you pick the v1 when it is clear from thread that a v2 has been >>>>> posted? >>>> >>>> because I only saw that email after I applied the patch and the v2 is >>>> nowhere in sight as it seems. If it shows up, I replace this one then. >>> >>> Here it is >>> >>> https://lore.kernel.org/lkml/20210503100605.5223-1-paskripkin@gmail.com/ >> >> seems to have missed my inbox. Fixed now. > > Would you mind adding my Reviewed-by tag from the reply to that patch as > well? sure thing. Regards Marcel
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index de36af63e182..9589ef6c0c26 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1820,8 +1820,6 @@ static void qca_power_shutdown(struct hci_uart *hu) unsigned long flags; enum qca_btsoc_type soc_type = qca_soc_type(hu); - qcadev = serdev_device_get_drvdata(hu->serdev); - /* From this point we go into power off state. But serial port is * still open, stop queueing the IBS data and flush all the buffered * data in skb's. @@ -1837,6 +1835,8 @@ static void qca_power_shutdown(struct hci_uart *hu) if (!hu->serdev) return; + qcadev = serdev_device_get_drvdata(hu->serdev); + if (qca_is_wcn399x(soc_type)) { host_set_baudrate(hu, 2400); qca_send_power_pulse(hu, false);
In qca_power_shutdown() qcadev local variable is initialized by hu->serdev.dev private data, but hu->serdev can be NULL and there is a check for it. Since, qcadev is not used before if (!hu->serdev) return; we can move its initialization after this "if" to prevent gfp. Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- drivers/bluetooth/hci_qca.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)