Hello Rocky Liao,
The patch bb2500ab0270: "Bluetooth: hci_qca: Retry btsoc initialize
when it fails" from Jan 15, 2020, leads to the following static
checker warning:
drivers/bluetooth/hci_qca.c:1624 qca_setup()
warn: variable dereferenced before check 'hu->serdev' (see line 1623)
drivers/bluetooth/hci_qca.c:1718 qca_power_shutdown()
warn: variable dereferenced before check 'hu->serdev' (see line 1701)
drivers/bluetooth/hci_qca.c
1615 ret = 0;
1616 } else {
1617 if (retries < MAX_INIT_RETRIES) {
1618 qca_power_shutdown(hu);
^^^^^^^^^^^^^^^^^^^^^^
Dereferenced inside function
1619 if (hu->serdev) {
^^^^^^^^^^
Too late.
1620 serdev_device_close(hu->serdev);
1621 ret = serdev_device_open(hu->serdev);
1622 if (ret) {
1623 bt_dev_err(hdev, "failed to open port");
1624 return ret;
1625 }
1626 }
1627 retries++;
1628 goto retry;
1629 }
1630 }
[ snip ]
1689 static void qca_power_shutdown(struct hci_uart *hu)
1690 {
1691 struct qca_serdev *qcadev;
1692 struct qca_data *qca = hu->priv;
1693 unsigned long flags;
1694 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1695
1696 qcadev = serdev_device_get_drvdata(hu->serdev);
^^^^^^^^^^
Deref.
1697
1698 /* From this point we go into power off state. But serial port is
1699 * still open, stop queueing the IBS data and flush all the buffered
1700 * data in skb's.
1701 */
1702 spin_lock_irqsave(&qca->hci_ibs_lock, flags);
1703 clear_bit(QCA_IBS_ENABLED, &qca->flags);
1704 qca_flush(hu);
1705 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags);
1706
1707 hu->hdev->hw_error = NULL;
1708 hu->hdev->cmd_timeout = NULL;
1709
1710 /* Non-serdev device usually is powered by external power
1711 * and don't need additional action in driver for power down
1712 */
1713 if (!hu->serdev)
^^^^^^^^^^
Too late.
1714 return;
1715
1716 if (qca_is_wcn399x(soc_type)) {
1717 host_set_baudrate(hu, 2400);
1718 qca_send_power_pulse(hu, false);
1719 qca_regulator_disable(qcadev);
1720 } else {
1721 gpiod_set_value_cansleep(qcadev->bt_en, 0);
1722 }
1723 }
regards,
dan carpenter
