Hi,
Static analysis with Coverity has found a potential issue in
drivers/bluetooth/hci_qca.c, function qca_power_shutdown.
The commit that triggered the detection of the issue was as follows:
commit 5559904ccc0867a0ce796761681e40defe4a5f44
Author: Rocky Liao <rjliao@xxxxxxxxxxxxxx>
Date: Wed Jan 15 16:55:50 2020 +0800
Bluetooth: hci_qca: Add QCA Rome power off support to the
qca_power_shutdown()
The issue is as follows:
1776 static void qca_power_shutdown(struct hci_uart *hu)
1777 {
1778 struct qca_serdev *qcadev;
1779 struct qca_data *qca = hu->priv;
1780 unsigned long flags;
1781 enum qca_btsoc_type soc_type = qca_soc_type(hu);
1782
deref_ptr_in_call: Dereferencing pointer hu->serdev.
1783 qcadev = serdev_device_get_drvdata(hu->serdev);
...
1797 /* Non-serdev device usually is powered by external power
1798 * and don't need additional action in driver for power down
1799 */
Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking hu->serdev suggests that it may be
null, but it has already been dereferenced on all paths leading to the
check.
1800 if (!hu->serdev)
1801 return;
There is a null check on hu->serdev on line 1800, however, in a previous
statement in line 1783 hu->serdev is being dereferenced. Either
hu->serdev is never null and the check is redundant, or it can be null
and the null check needs to be moved to before line 1783.
Colin
