Bluetooth: hci_qca: Add helper function to get the chip family

Many functions obtain a 'struct qca_serdev' only to read the btsoc_type field. Add a helper function that encapsulates this. This also fixes crashes observed on platforms with ROME controllers that are instantiated through ldisc and not as serdev clients. The crashes are caused by NULL pointer dereferentiations, which stem from the driver's assumption that a QCA HCI device is always associated with a serdev device. Fixes: fa9ad876b8e0 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth chip wcn3990") Reported-by: Balakrishna Godavarthi <bgodavar@codeaurora.org> Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Matthias Kaehlcke <mka@chromium.org> 2019-03-11 14:38:31 -0400
committer: Marcel Holtmann <marcel@holtmann.org> 2019-04-23 12:09:07 -0400
commit: 4fdd5a4f8b4407c21897dbfba9d0ee77eb80a42c (patch)
tree: ca09ef8d7b5514ac0ea040f8ceae93bf0ebd6429 /drivers/bluetooth
parent: 9aebfd4a2200ab8075e44379c758bccefdc589bb (diff)
1 files changed, 26 insertions, 19 deletions
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 237aea34b69f..4ea995d610d2 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -174,6 +174,21 @@ static int qca_power_setup(struct hci_uart *hu, bool on);
 static void qca_power_shutdown(struct hci_uart *hu);
 static int qca_power_off(struct hci_dev *hdev);
+static enum qca_btsoc_type qca_soc_type(struct hci_uart *hu)
+{
+        enum qca_btsoc_type soc_type;
+        if (hu->serdev) {
+                struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
+                soc_type = qsd->btsoc_type;
+        } else {
+                soc_type = QCA_ROME;
+        }
+        return soc_type;
+}
 static void __serial_clock_on(struct tty_struct *tty)
 {
        /* TODO: Some chipset requires to enable UART clock on client
@@ -963,7 +978,6 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
 {
        struct hci_uart *hu = hci_get_drvdata(hdev);
        struct qca_data *qca = hu->priv;
-        struct qca_serdev *qcadev;
        struct sk_buff *skb;
        u8 cmd[] = { 0x01, 0x48, 0xFC, 0x01, 0x00 };
@@ -985,8 +999,6 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
        skb_queue_tail(&qca->txq, skb);
        hci_uart_tx_wakeup(hu);
-        qcadev = serdev_device_get_drvdata(hu->serdev);
        /* Wait for the baudrate change request to be sent */
        while (!skb_queue_empty(&qca->txq))
@@ -996,7 +1008,7 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
                      msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS));
        /* Give the controller time to process the request */
-        if (qcadev->btsoc_type == QCA_WCN3990)
+        if (qca_soc_type(hu) == QCA_WCN3990)
                msleep(10);
        else
                msleep(300);
@@ -1072,10 +1084,7 @@ static unsigned int qca_get_speed(struct hci_uart *hu,
 static int qca_check_speeds(struct hci_uart *hu)
 {
-        struct qca_serdev *qcadev;
+        if (qca_soc_type(hu) == QCA_WCN3990) {
-        qcadev = serdev_device_get_drvdata(hu->serdev);
-        if (qcadev->btsoc_type == QCA_WCN3990) {
                if (!qca_get_speed(hu, QCA_INIT_SPEED) &&
                    !qca_get_speed(hu, QCA_OPER_SPEED))
                        return -EINVAL;
@@ -1091,7 +1100,6 @@ static int qca_check_speeds(struct hci_uart *hu)
 static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
 {
        unsigned int speed, qca_baudrate;
-        struct qca_serdev *qcadev;
        int ret = 0;
        if (speed_type == QCA_INIT_SPEED) {
@@ -1099,6 +1107,8 @@ static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
                if (speed)
                        host_set_baudrate(hu, speed);
        } else {
+                enum qca_btsoc_type soc_type = qca_soc_type(hu);
                speed = qca_get_speed(hu, QCA_OPER_SPEED);
                if (!speed)
                        return 0;
@@ -1106,8 +1116,7 @@ static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
                /* Disable flow control for wcn3990 to deassert RTS while
                 * changing the baudrate of chip and host.
                 */
-                qcadev = serdev_device_get_drvdata(hu->serdev);
+                if (soc_type == QCA_WCN3990)
-                if (qcadev->btsoc_type == QCA_WCN3990)
                        hci_uart_set_flow_control(hu, true);
                qca_baudrate = qca_get_baudrate_value(speed);
@@ -1119,7 +1128,7 @@ static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
                host_set_baudrate(hu, speed);
 error:
-                if (qcadev->btsoc_type == QCA_WCN3990)
+                if (soc_type == QCA_WCN3990)
                        hci_uart_set_flow_control(hu, false);
        }
@@ -1181,12 +1190,10 @@ static int qca_setup(struct hci_uart *hu)
        struct hci_dev *hdev = hu->hdev;
        struct qca_data *qca = hu->priv;
        unsigned int speed, qca_baudrate = QCA_BAUDRATE_115200;
-        struct qca_serdev *qcadev;
+        enum qca_btsoc_type soc_type = qca_soc_type(hu);
        int ret;
        int soc_ver = 0;
-        qcadev = serdev_device_get_drvdata(hu->serdev);
        ret = qca_check_speeds(hu);
        if (ret)
                return ret;
@@ -1194,7 +1201,7 @@ static int qca_setup(struct hci_uart *hu)
        /* Patch downloading has to be done without IBS mode */
        clear_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags);
-        if (qcadev->btsoc_type == QCA_WCN3990) {
+        if (soc_type == QCA_WCN3990) {
                bt_dev_info(hdev, "setting up wcn3990");
                /* Enable NON_PERSISTENT_SETUP QUIRK to ensure to execute
@@ -1225,7 +1232,7 @@ static int qca_setup(struct hci_uart *hu)
                qca_baudrate = qca_get_baudrate_value(speed);
        }
-        if (qcadev->btsoc_type != QCA_WCN3990) {
+        if (soc_type != QCA_WCN3990) {
                /* Get QCA version information */
                ret = qca_read_soc_version(hdev, &soc_ver);
                if (ret)
@@ -1234,7 +1241,7 @@ static int qca_setup(struct hci_uart *hu)
        bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
        /* Setup patch / NVM configurations */
-        ret = qca_uart_setup(hdev, qca_baudrate, qcadev->btsoc_type, soc_ver);
+        ret = qca_uart_setup(hdev, qca_baudrate, soc_type, soc_ver);
        if (!ret) {
                set_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags);
                qca_debugfs_init(hdev);
@@ -1250,7 +1257,7 @@ static int qca_setup(struct hci_uart *hu)
        }
        /* Setup bdaddr */
-        if (qcadev->btsoc_type == QCA_WCN3990)
+        if (soc_type == QCA_WCN3990)
                hu->hdev->set_bdaddr = qca_set_bdaddr;
        else
                hu->hdev->set_bdaddr = qca_set_bdaddr_rome;
author	Matthias Kaehlcke <mka@chromium.org>	2019-03-11 14:38:31 -0400
committer	Marcel Holtmann <marcel@holtmann.org>	2019-04-23 12:09:07 -0400
commit	4fdd5a4f8b4407c21897dbfba9d0ee77eb80a42c (patch)
tree	ca09ef8d7b5514ac0ea040f8ceae93bf0ebd6429 /drivers/bluetooth
parent	9aebfd4a2200ab8075e44379c758bccefdc589bb (diff)