From nobody Mon Jun 8 06:38:02 2026 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34FF52E7394 for ; Mon, 1 Jun 2026 11:32:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780313557; cv=none; b=m1Db7W7UdkkYIcCzTkAQn6ej0pO9aUFpJadtzM9wvFrPhkKhaExBZH0iF+RxQrY7b3A8WLthznZcgpZDSEgLfLHerRxs0mVPU7uuiWWGdXuKquHMQ1iWrdt/xBF0cu89dFZxmGQ7zzUAX/p6uztW/2PUHTrWe14C/ovvac55wSI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780313557; c=relaxed/simple; bh=6o30cdAL6da64erM2KNEFfKyQAxJbYvFAnMJ4X/B2To=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=acV5tWl/via2x6ll1yrzeCCnZWs9nRXqqT8eznBl/yRAorHMnpNpMjptSdTHhb10kkUZf+XRbFr/aViKqoAtVKWWaVK7W9Gqnraxt6mNqUQeRl97jOsW3QaYryPo8azjWLvB5B06/If3vkoacWRiFxsWRcFUGV2HR/9Lwusw+Qk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=bLjOvhE5; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=e9ef0M37; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="bLjOvhE5"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="e9ef0M37" Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6518fOM0145081 for ; Mon, 1 Jun 2026 11:32:34 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= B3ZGJB1FTG/N9elrkQB7UE0RwCW9ibLrwGuzABoGwo0=; b=bLjOvhE52cfjaa85 hCMdcW0Ev2l1F6LvnoKeUbdS/Lvf/pPS/Me76/3swnW4fXqxxZTdqVRP5RdeJsnm 1r0h801tWFMf/lZ+Siu53UgS0fPQN+oUEx7pfAk6mjNeEfOOE0vAQw0tALmSFzGn +Wm9HzpJkyUUMGi0D9OcfvbW1QId7+e9APOMYVGCu7aJ5VpM8nAVfTrsjyu1dqy9 hTJh7IiTpXg9g6JSVLlYhtfUrDf6Za+mhbwpBYNFXm2cJYAPiLHdQZmrjNgjJafa T4XxlOjAhm2F8jpV78JCZs3mpbK2iGzMkLPk7E9aa9jf5sK6ZhliiZ+KMG3PwW4b id7tAw== Received: from mail-dl1-f71.google.com (mail-dl1-f71.google.com [74.125.82.71]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4eh6strmy3-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Mon, 01 Jun 2026 11:32:34 +0000 (GMT) Received: by mail-dl1-f71.google.com with SMTP id a92af1059eb24-137dd52487cso102483c88.2 for ; Mon, 01 Jun 2026 04:32:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1780313554; x=1780918354; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=B3ZGJB1FTG/N9elrkQB7UE0RwCW9ibLrwGuzABoGwo0=; b=e9ef0M37BfUBVLZi9M809iRI/7aWKeabQi/AT6WBXQruYUU3Wrw7FS7D2Hom/nvX3B 5Pbj6Az7AGoeH5AE8x+KndiJWxYSseh1hHRIlmvLo6bQwTRkuE75bCAWiN8ftrAeqa2T LXfRWzaUaB23DbACZGALHPDirVy2oFkJUq7z9k162CVBopfHMvmebnl0WOOceCPL8BSL /nGmfO0E48ag5FkzPQHBjhGKY6NSnZqhX7T5cp2Cj7mAF99ni5dIDfPYc176d4Xx2rms fkQj/pFxcD3kiVI6A+cdNdDFb7/QLtzf9s1jV98CC30yIWvYdajvefwSfYPGFbqSLmF1 h2gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313554; x=1780918354; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B3ZGJB1FTG/N9elrkQB7UE0RwCW9ibLrwGuzABoGwo0=; b=VGoa6V8QMDvzgfS618v0r+nhMtT5u5G3eEZoL61MUn0FeDNneNoIVzg8q/ds4qO2Fd NiaoAypEgqRFUpHraHk4DsKVpOdy4mxZrn5N4A3skPlRvZXMHXWmv20dUK8unVZqq/8X Q29LQiraSp957+vidV/zNogoAJD0jQuRh7491aPJiqp2Nbr8dhRFxOGOzt52ZxXQNhFb gHzgVcPVT+/UxDYNljUynmcegQMlw5yZ7h6yoRvs3GdPdJiLjdRqjkl28kYZRPNLsjv6 gQ5PymvI7DtLeidGSqF+BaF+TJUNivNVUTm6H3aSvs9G/6NkatJ+1o1KYj5WJD7C/1kg KfWA== X-Forwarded-Encrypted: i=1; AFNElJ9Yfg0BApRvOd8XQ/ZAYwEu4E1rAeT91oTWfpdSxOR9kJ1+CS69LPajV5R6ymF4znN5F/QryGENcOFA4ak=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+6orpZ2bC3xGlK/8kz26ZS9eCCNS9GK0V8JyZ1n6JsZTOg0O4 9lP1Rn5QzQhpE9V8oUMYdSsrgCkVmnF4eTSeanouVW3jym3RdamboUPWUNYo7bGgHQEcWj4cpCZ FgDpSJJgs0Oq4SoApYogAJ09zUUrwYmQTm+4cU1+D7VHjwkGhOGhEE94OHUOX0I/N1iR3gAMiLY 4= X-Gm-Gg: Acq92OFmNy/243++rzKOMYcP+/KPENJxHaYp54lhuNgI6bjjxZlnwHMr+BiIMQxRrtx 4619yTVnvSjhsT6q6SsNGLOFmONIqWYMr/zUjzh7iwfGl8J054fD3BmaSTsFscLzaDrdWCX34hB qeCXdm3gra7+PvY3XOvdZa1kfdecMqM3gDRICVNHTN0bFAdjdvLNhSPaAAvp9r3QvXWv51YJBOm pMyFWorFSU50Ks1r/wm4WNl9JmNBbLh3YG2RhP8F8J4i3KGMayNRtWnVecP/j724aStJCwRBER8 5g4i/p47ZNZjwrBx7kC1l2uOP7s711AGfViPmyAw2F6V1MXUbFk9UTX65yYOIGddz7x+oyRS/EA CSNYtGbBEcGdM2RmU0b8IsvFoIQ1p9pJm6vTMpm8ePDQP4v7LU7BOZ2TX5fWQDlL03A8mkmkiGB hgUJM= X-Received: by 2002:a05:7300:cb13:b0:2d5:9438:2a02 with SMTP id 5a478bee46e88-304fa4a48acmr2304741eec.1.1780313553903; Mon, 01 Jun 2026 04:32:33 -0700 (PDT) X-Received: by 2002:a05:7300:cb13:b0:2d5:9438:2a02 with SMTP id 5a478bee46e88-304fa4a48acmr2304727eec.1.1780313553303; Mon, 01 Jun 2026 04:32:33 -0700 (PDT) Received: from hu-zijuhu-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-304ed2f2904sm8667431eec.9.2026.06.01.04.32.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:32:32 -0700 (PDT) From: Zijun Hu Date: Mon, 01 Jun 2026 04:30:55 -0700 Subject: [PATCH 1/2] Bluetooth: hci_qca: fix NULL pointer dereference in qca_setup() for non-serdev device Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260601-fix_none_serdev-v1-1-8d0497ba83b0@oss.qualcomm.com> References: <20260601-fix_none_serdev-v1-0-8d0497ba83b0@oss.qualcomm.com> In-Reply-To: <20260601-fix_none_serdev-v1-0-8d0497ba83b0@oss.qualcomm.com> To: Bartosz Golaszewski , Marcel Holtmann , Luiz Augusto von Dentz , Mengshi Wu , Dmitry Baryshkov , Sai Teja Aluvala Cc: Zijun Hu , Luiz Augusto von Dentz , Bartosz Golaszewski , linux-arm-msm@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, Zijun Hu X-Mailer: b4 0.14.3 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAxMDExNiBTYWx0ZWRfX1uMmIzoQp0z8 M33ERTut6Wc/YrRc69dVchb5MFxhvhhK5k4Z+WhOaR2k6FL2DBYnCN4eS4wkO4g/DCgJmtjOivU ZHCZmILLkrRGRb0PO/yRqtvswL2CaNNd0lkzLIux+0ORDC0uNklPydF2P42/KebF97KManJmKtB niyRMPxzlgSKsufip48YHNx2terSCfPYZxZkyte/N6jWuzWH5h0jIi7APhI4PlRGx+uDX1Apjx8 dphLdISmj4uVkJYk+npMozESk2AUiadMA2IZ7ChQVGgC1XhNLyeJL97L6nSl8iL/O2Hj07geqna UBzd/Vqq0eH7KT6BJ/6P7FDkAT/3k4UvKgPgtUM9T+dPYWulGOu0hXTf9Sbglh3ngZAHIRDMAU5 4VKGRxx3QCquClsl7xvIXM+GI9GGw+fFdpNLKHYw8of98V+xDY5XnxKRMzlNBeY9XUacF1528cY M4cXLdShO4vBx4jyqwQ== X-Proofpoint-ORIG-GUID: sf0F81Pyea7OL9H0b8_3x8Bc47Mb2TEo X-Authority-Analysis: v=2.4 cv=HrNG3UTS c=1 sm=1 tr=0 ts=6a1d6dd2 cx=c_pps a=JYo30EpNSr/tUYqK9jHPoA==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=FelO9ux0wxsA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=DJpcGTmdVt4CTyJn9g5Z:22 a=EUspDBNiAAAA:8 a=EPjRy8lAqh_CNP4ImRkA:9 a=QEXdDO2ut3YA:10 a=Fk4IpSoW4aLDllm1B1p-:22 X-Proofpoint-GUID: sf0F81Pyea7OL9H0b8_3x8Bc47Mb2TEo X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-01_03,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 bulkscore=0 clxscore=1015 impostorscore=0 adultscore=0 malwarescore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606010116 hu->serdev is NULL for hci_uart attached via non-serdev paths, but qca_setup() unconditionally calls serdev_device_get_drvdata(hu->serdev) and dereferences the result, causing a NULL pointer dereference. Fix by guarding the dereference with a NULL check, consistent with the rest of qca_setup(). Fixes: 22d893eec0d5 ("Bluetooth: hci_qca: Refactor HFP hardware offload cap= ability handling") Signed-off-by: Zijun Hu --- drivers/bluetooth/hci_qca.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 34500137df2c..cc7b34a61fa7 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1916,9 +1916,12 @@ static int qca_setup(struct hci_uart *hu) const char *rampatch_name =3D qca_get_rampatch_name(hu); int ret; struct qca_btsoc_version ver; - struct qca_serdev *qcadev =3D serdev_device_get_drvdata(hu->serdev); + struct qca_serdev *qcadev =3D NULL; const char *soc_name; =20 + if (hu->serdev) + qcadev =3D serdev_device_get_drvdata(hu->serdev); + ret =3D qca_check_speeds(hu); if (ret) return ret; @@ -1980,7 +1983,7 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - if (qcadev->bdaddr_property_broken) + if (qcadev && qcadev->bdaddr_property_broken) hci_set_quirk(hdev, HCI_QUIRK_BDADDR_PROPERTY_BROKEN); =20 hci_set_aosp_capable(hdev); @@ -2073,7 +2076,7 @@ static int qca_setup(struct hci_uart *hu) else hu->hdev->set_bdaddr =3D qca_set_bdaddr; =20 - if (qcadev->support_hfp_hw_offload) + if (qcadev && qcadev->support_hfp_hw_offload) qca_configure_hfp_offload(hdev); =20 qca->fw_version =3D le16_to_cpu(ver.patch_ver); --=20 2.34.1 From nobody Mon Jun 8 06:38:02 2026 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44B98346782 for ; Mon, 1 Jun 2026 11:32:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780313558; cv=none; b=BWZ//N8D36sWi0a46zOyXM0YHmNk+uJ/UQNQ2OiOcroSvUZxnv1ANT4z15XhwdlbGbU34nZYjxmu9MQb0dpIV1nqRGNiowIi6FhywhhLPO6CSw2Wl0YXlY5C0/PKYUKvpx/vYlKWHy6EALABYuosU8+2B7bJFpHcjlNtzK5NmDg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780313558; c=relaxed/simple; bh=C/oJL4OXMPAkCHROnwSUjkyw0/H3oVbBhabNzweM3CY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JjQ1I7HZeNj/aW5+HrufbCWg1js6bTXxMPEzgNGQCfXXrMO3QXx/cUTJWXT7wPiaGtBBc/RXJH+1nI5FvgMxNm4l7uFIAjP8BLdnWowWMdrjB3mE6JhOdR95+GFG0Otdz6+Hw0eLeJe6Eob9+NpuyVc+he8nChzcoY6y2Z6oI0k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=YkbJ8Sh0; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=GdUQlsCe; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="YkbJ8Sh0"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="GdUQlsCe" Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6519Y0a43372584 for ; Mon, 1 Jun 2026 11:32:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= 4k3hU31Qwy98Fe3cp1M3dStfljplsWIx3TYT5kKMZUs=; b=YkbJ8Sh0wzPOhfx0 4qVXBegwBp3Vq26ZiDVuxUQNQur7AoT85bcqNcV3V+TtzROwcM6XbNoi5Np1oKE3 MOvyc8fXBu/U1wyGLvowh0OiEbUNJT7S8TpSPd+4QDxBAXfjmHUq/+wHV+lN2uqP FqFkEO5VbYhXgFbs3vDZzsXtHfTYR7q9pSsAFE3Vd9egJmHcOguM8FGLKbkRlXVe nZn8a/27IlTpGEXVECVG3BUztp9H41gUuO+k2G5+ubWshkI1MeLyvjErQig1/dtW k67IUqM9N4uRBoTPVtYp8ys8/fQa9S2kIG2CMAZfnbgU9YFNANvl5jxpK2BLsPIp zAUfYA== Received: from mail-dy1-f199.google.com (mail-dy1-f199.google.com [74.125.82.199]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4eh7jh8fab-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Mon, 01 Jun 2026 11:32:36 +0000 (GMT) Received: by mail-dy1-f199.google.com with SMTP id 5a478bee46e88-304d8f6373eso133747eec.0 for ; Mon, 01 Jun 2026 04:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1780313556; x=1780918356; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=4k3hU31Qwy98Fe3cp1M3dStfljplsWIx3TYT5kKMZUs=; b=GdUQlsCe2uLmvmoK5CCHsPedXY+JI14Axu5x3h/zEvYNK5WBRghpHMPNrgyks7gb78 1in6XPRHt/6fxjCnux1vu4xlEzfslE2I7W0YYwfNs1Ofh7jp9NmmlaWk2t2sO18ffEPE A86pevng1Gw+hH4kmBJEUUTtSghC9eqNHArK7hKqMRL1Rora7e7EHogjYOxN1qbZA1th 5jQHcTJXem4Mq91iIzMSomj7sgaR/Ug2UIp3q7keTkRm7vbgMlTiAzceZAQZwna8KEA2 S0zCQ/YHrnXYB7cYEmPNL4BHPCV+69wzMNeaxO5vSkkt3K49Tj+ZDsJZ1j3+q6E3KnW5 nLFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313556; x=1780918356; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=4k3hU31Qwy98Fe3cp1M3dStfljplsWIx3TYT5kKMZUs=; b=C0Csl0i6c6AAW8adinmVxntbgpJXG59sKB59JLmTyLR1quEDhmmzRofiGqBy/Ktx4S yDueo9kc9V6rjFvrGJf4eDwgO/e3q8BVNiJS3cXz0/5B7r1D+WZvfpR3BIGYYTUNQkck DvzXe/kZIjVGQhOogPDObjXHeGIyit69sPYyYH7Xj6iHgpUWX6aLBc2wwvF+NoN16pN8 EuTZF9XuMPQF/T8MGMfcgdcBbrymh7gzQ3y98cAasVBdPWqtg7b1STfh9aWurirThLrr 0wE4K8pagwtImqjDNEnARxwcNLzRrlJYE+XbDxJHLKbZjKuN/gnKP2YVLH6oEC6DV/x/ QT4w== X-Forwarded-Encrypted: i=1; AFNElJ96Cyac7QDTu6UwVAgcWrHyRD4+ybxSlfHSvA3us4YcO0ZE5ZLAfEx7mWYwvO+8kAJby3aDTvX+H8q5+uI=@vger.kernel.org X-Gm-Message-State: AOJu0YwQ37V/ZQUUKpObcRCo8gtlvcGbyZQqenAiGALZMvuxz3YowHqE RzCnCioBQ412Id2bBlTfe/Sy6yCJNz0tJYtLyZ8vvj4ICBiUUTnEr0NUHSvJpHrfZNjywmfGNqb r0XhecWSyRxtECcFC8x7Q8osScmPHIYgeHObycGBY8RnkiyzrhSQhW9o+PNkRLqVakyo= X-Gm-Gg: Acq92OGw95/Iwd4lDQZaAJ6jjBVWEIy1RG7EvthwXfhOrarOzKHqSHgkt5NGNV8Ia1M r9x9KNU6tEWsy7LFD9YThWPsHm6EEXI6U3IpVJuvR4vwW1kjrXCFU3+mhRzi727ztO+mIsTWhvv EtB/hv21PVGEth7gbJt+7wZ1yab0xljRiO15f/vqjSfO6CoCt5h7yBV+WXqFUumqdfA4ITH/W2l GZXPdC7D8WOyvwtKaX2Xo3Ox3aysontX45A7frlEdPgJZGtk6oD9yW66eHnCXFToQ4vjOaMkovR B9RzGXITB7bFg/k2XiUn18vFYLUHcCrDviqAdeovzI8nzECMvson76hLqZvs0YdYmKZX6DPuM4L ip5DNRP5/HTRo3yDb05oEA+EjwJA+YN4ZCSWxgJgLOdPnBBfm+ccCWyv2wPf0sBApqZH6hR4CpX 54ysY= X-Received: by 2002:a05:693c:2c8c:b0:2da:b05a:5a7d with SMTP id 5a478bee46e88-304fa31c4a2mr2203654eec.0.1780313555882; Mon, 01 Jun 2026 04:32:35 -0700 (PDT) X-Received: by 2002:a05:693c:2c8c:b0:2da:b05a:5a7d with SMTP id 5a478bee46e88-304fa31c4a2mr2203634eec.0.1780313555333; Mon, 01 Jun 2026 04:32:35 -0700 (PDT) Received: from hu-zijuhu-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-304ed2f2904sm8667431eec.9.2026.06.01.04.32.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:32:33 -0700 (PDT) From: Zijun Hu Date: Mon, 01 Jun 2026 04:30:56 -0700 Subject: [PATCH 2/2] Bluetooth: hci_qca: fix NULL pointer dereference in qca_dmp_hdr() for non-serdev device Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260601-fix_none_serdev-v1-2-8d0497ba83b0@oss.qualcomm.com> References: <20260601-fix_none_serdev-v1-0-8d0497ba83b0@oss.qualcomm.com> In-Reply-To: <20260601-fix_none_serdev-v1-0-8d0497ba83b0@oss.qualcomm.com> To: Bartosz Golaszewski , Marcel Holtmann , Luiz Augusto von Dentz , Mengshi Wu , Dmitry Baryshkov , Sai Teja Aluvala Cc: Zijun Hu , Luiz Augusto von Dentz , Bartosz Golaszewski , linux-arm-msm@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, Zijun Hu X-Mailer: b4 0.14.3 X-Proofpoint-ORIG-GUID: S-clsyQ4WwfXxfaDYQsMHAwFqgsOFLUT X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAxMDExNiBTYWx0ZWRfX4368DTpnIvJE H2iVWOrxm5qnAkCf/Z3w/xFArvhHfcTjHT/OfXo+XiHY6Ir3awqFSVN6dSZ/HPWXawwzXdNfo0/ 6vt1tAPj1Ly6N/vVYzWMLYJOMl23VaJT/7uj23D8Z+07/H9OrBj4INwCsg/Y/zWPamQRYBE97Wk W4iJbKkij5BdQbgDoRt+j/jlrbKeg6aq3afPg/EfKRDiRZIK1VFL0jk1ueZjjLNX2/a+B+IT8JM iR/GtgY29e70CwFV4QrdOU+tnclVcjApGlpH8GTvhnrUZ+4otZ5yTwF08pB0yJlUwpc9cBc5a15 bLdLGe+fXO5nZ2BiQtCmIM8sS5BSWO0k1majB1FRtuqyq5KsgCxQrSSBEArZz1OaehgBnxoTFoO 2pa7Ty55janGuDdByvrZiDufYHr8HevDH4IIbfGvAw8qDZzfDqKkMAdk4Xtp/Kn84tHG38Swm9A hM6KJ+abAZA1AunRJ4g== X-Authority-Analysis: v=2.4 cv=YuY/gYYX c=1 sm=1 tr=0 ts=6a1d6dd4 cx=c_pps a=cFYjgdjTJScbgFmBucgdfQ==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=FelO9ux0wxsA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=YMgV9FUhrdKAYTUUvYB2:22 a=EUspDBNiAAAA:8 a=OD5Mg_is9F9GS7JlITEA:9 a=QEXdDO2ut3YA:10 a=scEy_gLbYbu1JhEsrz4S:22 X-Proofpoint-GUID: S-clsyQ4WwfXxfaDYQsMHAwFqgsOFLUT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-01_03,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 priorityscore=1501 suspectscore=0 phishscore=0 clxscore=1015 impostorscore=0 spamscore=0 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606010116 hu->serdev is NULL for hci_uart attached via non-serdev paths, but qca_dmp_hdr() unconditionally dereferences hu->serdev->dev.driver->name, causing a NULL pointer dereference. Fix by guarding the dereference with a NULL check and falling back to "hci_ldisc_qca" for the non-serdev case. Fixes: 06d3fdfcdf5c ("Bluetooth: hci_qca: Add qcom devcoredump support") Signed-off-by: Zijun Hu --- drivers/bluetooth/hci_qca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index cc7b34a61fa7..244447195619 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1028,7 +1028,7 @@ static void qca_dmp_hdr(struct hci_dev *hdev, struct = sk_buff *skb) skb_put_data(skb, buf, strlen(buf)); =20 snprintf(buf, sizeof(buf), "Driver: %s\n", - hu->serdev->dev.driver->name); + hu->serdev ? hu->serdev->dev.driver->name : "hci_ldisc_qca"); skb_put_data(skb, buf, strlen(buf)); } =20 --=20 2.34.1