From 21bb0a0ddd825e24d1f81d4304f1a3f61910e042 Mon Sep 17 00:00:00 2001 From: Ankit Verma Date: Wed, 11 May 2011 18:33:49 +0530 Subject: [PATCH] Bluetooth: Fix NULL pointer dereference with hu->proto Set the bit HCI_UART_PROTO_SET after successful completion of hci_ uart_set_proto. In case of incoming packet before HCIUARTSETPROTO is completed, hci_uart_tty_receive returns after testing bit HCI_UART_PROTO_SET avoiding NULL pointer dereference. Change-Id: If6b4545148282f8bf03ec22b0e700ef307b51ca8 CRs-Fixed: 286489 Signed-off-by: Ankit Verma --- drivers/bluetooth/hci_ldisc.c | 13 ++++++++++--- drivers/bluetooth/hci_uart.h | 3 ++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index c77b9f974905..6728b3df3af4 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -2,9 +2,9 @@ * * Bluetooth HCI UART driver * - * Copyright (C) 2000-2001 Qualcomm Incorporated * Copyright (C) 2002-2003 Maxim Krasnyansky * Copyright (C) 2004-2005 Marcel Holtmann + * Copyright (c) 2000-2001, 2010-2011, Code Aurora Forum. All rights reserved. * * * This program is free software; you can redistribute it and/or modify @@ -470,11 +470,18 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, struct file * file, switch (cmd) { case HCIUARTSETPROTO: - if (!test_and_set_bit(HCI_UART_PROTO_SET, &hu->flags)) { + if (!test_and_set_bit(HCI_UART_PROTO_SET_IN_PROGRESS, + &hu->flags) && !test_bit(HCI_UART_PROTO_SET, + &hu->flags)) { err = hci_uart_set_proto(hu, arg); if (err) { - clear_bit(HCI_UART_PROTO_SET, &hu->flags); + clear_bit(HCI_UART_PROTO_SET_IN_PROGRESS, + &hu->flags); return err; + } else { + set_bit(HCI_UART_PROTO_SET, &hu->flags); + clear_bit(HCI_UART_PROTO_SET_IN_PROGRESS, + &hu->flags); } } else return -EBUSY; diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h index 99fb35239d1f..051e8deff060 100644 --- a/drivers/bluetooth/hci_uart.h +++ b/drivers/bluetooth/hci_uart.h @@ -73,7 +73,8 @@ struct hci_uart { }; /* HCI_UART proto flag bits */ -#define HCI_UART_PROTO_SET 0 +#define HCI_UART_PROTO_SET 0 +#define HCI_UART_PROTO_SET_IN_PROGRESS 1 /* TX states */ #define HCI_UART_SENDING 1