Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Marcel,
Marcel Holtmann wrote:
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
>>> I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
>>> be registered. So no need to protect it twice.
>> Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if
>> hci_uart_tty_ioctl()
>> is called with HCIUARTSETPROTO. Is it possible for the HCI device to be
>> registered
>> and then unregistered without setting the HCI_UART_PROTO_SET bit in
>> hdev->flags?
>
> look at the code. The hci_uart_tty_ioctl() is the only function that can
> register the HCI device. So besides opening the TTY and set the line
> discipline, you also have to the set the UART protocol running on top. I
> don't see any way you can achieve to register a HCI device without
> setting the HCI_UART_PROTO_SET bit in hu->flags.
Ok. Thanks for the explanation.
Eugene
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Eugene,
> >> Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
> >> the possible NULL dereferences. Besides hci_uart_close(), we also need to
> >> make sure that hdev is valid before calling hci_{unregister,free}_dev().
> >
> > I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
> > be registered. So no need to protect it twice.
>
> Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if
> hci_uart_tty_ioctl()
> is called with HCIUARTSETPROTO. Is it possible for the HCI device to be
> registered
> and then unregistered without setting the HCI_UART_PROTO_SET bit in
> hdev->flags?
look at the code. The hci_uart_tty_ioctl() is the only function that can
register the HCI device. So besides opening the TTY and set the line
discipline, you also have to the set the UART protocol running on top. I
don't see any way you can achieve to register a HCI device without
setting the HCI_UART_PROTO_SET bit in hu->flags.
Regards
Marcel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Eugene,
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
be registered. So no need to protect it twice.
Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if
hci_uart_tty_ioctl()
is called with HCIUARTSETPROTO. Is it possible for the HCI device to be
registered
and then unregistered without setting the HCI_UART_PROTO_SET bit in
hdev-flags?
look at the code. The hci_uart_tty_ioctl() is the only function that can
register the HCI device. So besides opening the TTY and set the line
discipline, you also have to the set the UART protocol running on top. I
don't see any way you can achieve to register a HCI device without
setting the HCI_UART_PROTO_SET bit in hu-flags.
Regards
Marcel
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Marcel,
Marcel Holtmann wrote:
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
be registered. So no need to protect it twice.
Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if
hci_uart_tty_ioctl()
is called with HCIUARTSETPROTO. Is it possible for the HCI device to be
registered
and then unregistered without setting the HCI_UART_PROTO_SET bit in
hdev-flags?
look at the code. The hci_uart_tty_ioctl() is the only function that can
register the HCI device. So besides opening the TTY and set the line
discipline, you also have to the set the UART protocol running on top. I
don't see any way you can achieve to register a HCI device without
setting the HCI_UART_PROTO_SET bit in hu-flags.
Ok. Thanks for the explanation.
Eugene
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Marcel,
Marcel Holtmann wrote:
>> Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
>> the possible NULL dereferences. Besides hci_uart_close(), we also need to
>> make sure that hdev is valid before calling hci_{unregister,free}_dev().
>
> I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
> be registered. So no need to protect it twice.
Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if
hci_uart_tty_ioctl()
is called with HCIUARTSETPROTO. Is it possible for the HCI device to be
registered
and then unregistered without setting the HCI_UART_PROTO_SET bit in hdev->flags?
Thanks,
Eugene
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Eugene,
> Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
> the possible NULL dereferences. Besides hci_uart_close(), we also need to
> make sure that hdev is valid before calling hci_{unregister,free}_dev().
I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
be registered. So no need to protect it twice.
Regards
Marcel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
Signed-off-by: Eugene Teo <[EMAIL PROTECTED]>
---
drivers/bluetooth/hci_ldisc.c |7 +++
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index 6055b9c..4813f7c 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -308,11 +308,10 @@ static void hci_uart_tty_close(struct tty_struct *tty)
if (hu) {
struct hci_dev *hdev = hu->hdev;
- if (hdev)
+ if (hdev) {
hci_uart_close(hdev);
-
- if (test_and_clear_bit(HCI_UART_PROTO_SET, >flags)) {
- hu->proto->close(hu);
+ if (test_and_clear_bit(HCI_UART_PROTO_SET, >flags))
+ hu->proto->close(hu);
hci_unregister_dev(hdev);
hci_free_dev(hdev);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
Signed-off-by: Eugene Teo [EMAIL PROTECTED]
---
drivers/bluetooth/hci_ldisc.c |7 +++
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index 6055b9c..4813f7c 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -308,11 +308,10 @@ static void hci_uart_tty_close(struct tty_struct *tty)
if (hu) {
struct hci_dev *hdev = hu-hdev;
- if (hdev)
+ if (hdev) {
hci_uart_close(hdev);
-
- if (test_and_clear_bit(HCI_UART_PROTO_SET, hu-flags)) {
- hu-proto-close(hu);
+ if (test_and_clear_bit(HCI_UART_PROTO_SET, hu-flags))
+ hu-proto-close(hu);
hci_unregister_dev(hdev);
hci_free_dev(hdev);
}
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Eugene,
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
be registered. So no need to protect it twice.
Regards
Marcel
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Hi Marcel,
Marcel Holtmann wrote:
Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
the possible NULL dereferences. Besides hci_uart_close(), we also need to
make sure that hdev is valid before calling hci_{unregister,free}_dev().
I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
be registered. So no need to protect it twice.
Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if
hci_uart_tty_ioctl()
is called with HCIUARTSETPROTO. Is it possible for the HCI device to be
registered
and then unregistered without setting the HCI_UART_PROTO_SET bit in hdev-flags?
Thanks,
Eugene
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
