On Fri, Mar 08, 2019 at 10:51:30AM -0800, Matthias Kaehlcke wrote:
> Many functions obtain a 'struct qca_serdev' only to read the btsoc_type
> field. Add a helper function that encapsulates this.
>
> This also fixes crashes observed on platforms with ROME controllers
> that are instantiated through ldisc and not as serdev clients. The
> crashes are caused by NULL pointer dereferentiations, which stem from
> the driver's assumption that a QCA HCI device is always associated with
> a serdev device.
>
> Fixes: fa9ad876b8e0 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth chip wcn3990")
> Reported-by: Balakrishna Godavarthi <bgodavar@xxxxxxxxxxxxxx>
> Signed-off-by: Matthias Kaehlcke <mka@xxxxxxxxxxxx>
> ---
> drivers/bluetooth/hci_qca.c | 45 +++++++++++++++++++++----------------
> 1 file changed, 26 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
> index 237aea34b69f..241e099473f8 100644
> --- a/drivers/bluetooth/hci_qca.c
> +++ b/drivers/bluetooth/hci_qca.c
> @@ -174,6 +174,21 @@ static int qca_power_setup(struct hci_uart *hu, bool on);
> static void qca_power_shutdown(struct hci_uart *hu);
> static int qca_power_off(struct hci_dev *hdev);
>
> +static enum qca_btsoc_type qca_soc_type(struct hci_uart *hu)
> +{
> + enum qca_btsoc_type soc_type;
> +
> + if (hu->serdev) {
> + struct qca_serdev *qsd = serdev_device_get_drvdata(hu->serdev);
> +
> + soc_type = qsd->btsoc_type;
> + } else {
> + soc_type = QCA_AR3002;
Actually this is not correct, I think it should be QCA_ROME.
>From commit 6e03126adda3 ("Bluetooth: btqca: Add AR3002 rampatch
support") I deduce the QCA_AR3002 is part of the ROME family. If
that's correct we should probably remove 'QCA_AR3002' (in another
independent patch).
I'll wait with respinning for if there are further comments.
Thanks
Matthias
