* [PATCH] Bluetooth: hci_h5: reset hci_uart::priv in the close() method
@ 2026-06-01 20:21 Sergey Shtylyov
2026-06-01 23:46 ` bluez.test.bot
0 siblings, 1 reply; 2+ messages in thread
From: Sergey Shtylyov @ 2026-06-01 20:21 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, linux-bluetooth
Unlike the other HCI UART drivers, the 3-wire UART driver doesn't reset
hci_uart::priv in its close() method -- this shouldn't pose a problem as
all the methods in *struct* hci_uart_proto should only be called after the
open() method that sets up hci_uart::priv properly. However, it seems wise
to be more consistent and provide for the *struct* hci_uart_proto methods
the same state that exists before the first open() method call (so that
they rather crash than dereference a stale hci_uart::priv pointer)...
Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.
Signed-off-by: Sergey Shtylyov <s.shtylyov@auroraos.dev>
---
The patch is against the master branch of the bluetooth-next.git repo.
drivers/bluetooth/hci_h5.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index d35383718212..c6d9f70ad3bb 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -273,6 +273,7 @@ static int h5_close(struct hci_uart *hu)
if (!hu->serdev)
kfree(h5);
+ hu->priv = NULL;
return 0;
}
--
2.54.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-01 23:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-01 20:21 [PATCH] Bluetooth: hci_h5: reset hci_uart::priv in the close() method Sergey Shtylyov
2026-06-01 23:46 ` bluez.test.bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox