set_termios should not be NULL so return EOPNOTSUPP if tty driver does
not support the operation.
Reported-by: syzbot+a950165cbb86bdd023a4@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Myungho Jung <mhjungk@xxxxxxxxx>
---
drivers/bluetooth/hci_ldisc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index fbf7b4df23ab..44ac2e9494cc 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -474,10 +474,10 @@ static int hci_uart_tty_open(struct tty_struct *tty)
BT_DBG("tty %p", tty);
- /* Error if the tty has no write op instead of leaving an exploitable
- * hole
+ /* Error if the tty has no write or set_termios op instead of leaving an
+ * exploitable hole
*/
- if (tty->ops->write == NULL)
+ if (tty->ops->write == NULL || tty->ops->set_termios == NULL)
return -EOPNOTSUPP;
hu = kzalloc(sizeof(struct hci_uart), GFP_KERNEL);
--
2.17.1
