From: Marcel Holtmann <marcel@holtmann.org>
To: Eugene Teo <eteo@redhat.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences
Date: Mon, 30 Jul 2007 08:42:15 +0200 [thread overview]
Message-ID: <1185777735.5868.86.camel@violet> (raw)
In-Reply-To: <46AD1A87.8050901@redhat.com>
Hi Eugene,
> >> Commit 22ad42033b7d2b3d7928fba9f89d1c7f8a3c9581 did not completely fix all
> >> the possible NULL dereferences. Besides hci_uart_close(), we also need to
> >> make sure that hdev is valid before calling hci_{unregister,free}_dev().
> >
> > I don't see any issue. Without HCI_UART_PROTO_SET, the hdev will never
> > be registered. So no need to protect it twice.
>
> Correct me if I am wrong. HCI_UART_PROTO_SET bit is only set if hci_uart_tty_ioctl()
> is called with HCIUARTSETPROTO. Is it possible for the HCI device to be registered
> and then unregistered without setting the HCI_UART_PROTO_SET bit in hdev->flags?
look at the code. The hci_uart_tty_ioctl() is the only function that can
register the HCI device. So besides opening the TTY and set the line
discipline, you also have to the set the UART protocol running on top. I
don't see any way you can achieve to register a HCI device without
setting the HCI_UART_PROTO_SET bit in hu->flags.
Regards
Marcel
next prev parent reply other threads:[~2007-07-30 6:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-29 14:47 [PATCH] drivers/bluetooth/hci_ldisc.c: fix possible NULL dereferences Eugene Teo
2007-07-29 16:49 ` Marcel Holtmann
2007-07-29 22:53 ` Eugene Teo
2007-07-30 6:42 ` Marcel Holtmann [this message]
2007-07-30 6:48 ` Eugene Teo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1185777735.5868.86.camel@violet \
--to=marcel@holtmann.org \
--cc=eteo@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox