tiocmget() and tiocmset() operations are optional and some tty drivers
like pty miss the operations. We need NULL check before referencing
them.
Reported-by: syzbot+a950165cbb86bdd023a4@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Myungho Jung <mhjungk@xxxxxxxxx>
---
drivers/bluetooth/hci_ath.c | 13 ++++++++-----
drivers/bluetooth/hci_ldisc.c | 5 +++++
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/bluetooth/hci_ath.c b/drivers/bluetooth/hci_ath.c
index d568fbd94d6c..076700a1e9a8 100644
--- a/drivers/bluetooth/hci_ath.c
+++ b/drivers/bluetooth/hci_ath.c
@@ -94,11 +94,14 @@ static void ath_hci_uart_work(struct work_struct *work)
hu = ath->hu;
tty = hu->tty;
- /* verify and wake up controller */
- if (ath->cur_sleep) {
- status = ath_wakeup_ar3k(tty);
- if (!(status & TIOCM_CTS))
- return;
+ /* tiocmget() and tiocmset() operations are optional */
+ if (tty->driver->ops->tiocmget && tty->driver->ops->tiocmset) {
+ /* verify and wake up controller */
+ if (ath->cur_sleep) {
+ status = ath_wakeup_ar3k(tty);
+ if (!(status & TIOCM_CTS))
+ return;
+ }
}
/* Ready to send Data */
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index fbf7b4df23ab..9f88a8563cf6 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -314,6 +314,11 @@ void hci_uart_set_flow_control(struct hci_uart *hu, bool enable)
return;
}
+ /* tiocmget() and tiocmset() operations are optional */
+ if (!tty->driver->ops->tiocmget || !tty->driver->ops->tiocmset) {
+ return;
+ }
+
if (enable) {
/* Disable hardware flow control */
ktermios = tty->termios;
--
2.17.1
