Bluetooth: hci_ldisc: Add missing return in hci_uart_init_work()

If hci_register_dev() returns an error in hci_uart_init_work() then the HCI_UART_REGISTERED bit gets erroneously set due to a missing return statement. Therefore, add the missing return statement. The consequence of the missing return is that the HCI UART is not registered but HCI_UART_REGISTERED is set which allows the code to think that hu->hdev is safe to access but hu->hdev has been freed so could lead to a crash. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Bluetooth: hci_ldisc: Add missing return in hci_uart_init_work()
If hci_register_dev() returns an error in hci_uart_init_work() then the HCI_UART_REGISTERED bit gets erroneously set due to a missing return statement. Therefore, add the missing return statement. The consequence of the missing return is that the HCI UART is not registered but HCI_UART_REGISTERED is set which allows the code to think that hu->hdev is safe to access but hu->hdev has been freed so could lead to a crash. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
cb926520 · Dean Jenkins · Marcel Holtmann · eee6044f · cb926520
Commit cb926520 authored Apr 20, 2017 by Dean Jenkins Committed by Marcel Holtmann Apr 22, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/bluetooth/hci_ldisc.c drivers/bluetooth/hci_ldisc.c +1 -0

No files found.
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -187,6 +187,7 @@ static void hci_uart_init_work(struct work_struct *work)
 		hci_free_dev(hu->hdev);
 		hu->hdev = NULL;
 		hu->proto->close(hu);
+		return;
 	}

 	set_bit(HCI_UART_REGISTERED, &hu->flags);