On 1/11/2024 5:46 PM, Paul Menzel wrote:
> Dear Zijun,
>
>
> Thank you for your patch.
>
> Am 11.01.24 um 09:16 schrieb Zijun Hu:
>> A crash will happen when btattach controller ROME, and it is caused by
>
> What does “btattach controller ROME” mean? Is ROME a platform? If so, should it be *on ROME* or similar?
>
ROME is a type of BT controller name, and refer to QCA_ROME of below defination:
drivers/bluetooth/btqca.h:
enum qca_btsoc_type {
QCA_INVALID = -1,
QCA_AR3002,
QCA_ROME,
QCA_WCN3988,
QCA_WCN3990,
QCA_WCN3998,
QCA_WCN3991,
QCA_QCA2066,
QCA_QCA6390,
QCA_WCN6750,
QCA_WCN6855,
QCA_WCN7850,
};
Connect a external ROME module to ubuntu machine by BT UART to USB cable, then run
"sudo btattach -B /dev/ttyUSB0 -P qca" within ubuntu.
will optimize description.
>> dereferring nullptr hu->serdev, fixed by null check before access.
>
> dereferring → dereferencing
>
will correct it.
>>
>> sudo btattach -B /dev/ttyUSB0 -P qca
>> Bluetooth: hci1: QCA setup on UART is completed
>> BUG: kernel NULL pointer dereference, address: 00000000000002f0
>> ......
>> Workqueue: hci1 hci_power_on [bluetooth]
>> RIP: 0010:qca_setup+0x7c1/0xe30 [hci_uart]
>> ......
>> Call Trace:
>> <TASK>
>> ? show_regs+0x72/0x90
>> ? __die+0x25/0x80
>> ? page_fault_oops+0x154/0x4c0
>> ? srso_alias_return_thunk+0x5/0xfbef5
>> ? kmem_cache_alloc+0x16b/0x310
>> ? do_user_addr_fault+0x330/0x6e0
>> ? srso_alias_return_thunk+0x5/0xfbef5
>> ? exc_page_fault+0x84/0x1b0
>> ? asm_exc_page_fault+0x27/0x30
>> ? qca_setup+0x7c1/0xe30 [hci_uart]
>> hci_uart_setup+0x5c/0x1a0 [hci_uart]
>> hci_dev_open_sync+0xee/0xca0 [bluetooth]
>> hci_dev_do_open+0x2a/0x70 [bluetooth]
>> hci_power_on+0x46/0x210 [bluetooth]
>> process_one_work+0x17b/0x360
>> worker_thread+0x307/0x430
>> ? __pfx_worker_thread+0x10/0x10
>> kthread+0xf7/0x130
>> ? __pfx_kthread+0x10/0x10
>> ret_from_fork+0x46/0x70
>> ? __pfx_kthread+0x10/0x10
>> ret_from_fork_asm+0x1b/0x30
>> </TASK>
>>
>> Fixes: 03b0093f7b31 ("Bluetooth: hci_qca: get wakeup status from serdev device handle")
>> Cc: <stable@xxxxxxxxxxxxxxx>
>> Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
>> Tested-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
>
> On what device?
>
this crash will happens on any generic linux machine, for example,
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
>> ---
>> drivers/bluetooth/hci_qca.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
>> index 94b8c406f0c0..6fcfc1f7bb12 100644
>> --- a/drivers/bluetooth/hci_qca.c
>> +++ b/drivers/bluetooth/hci_qca.c
>> @@ -1951,7 +1951,7 @@ static int qca_setup(struct hci_uart *hu)
>> qca_debugfs_init(hdev);
>> hu->hdev->hw_error = qca_hw_error;
>> hu->hdev->cmd_timeout = qca_cmd_timeout;
>> - if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
>> + if (hu->serdev && device_can_wakeup(hu->serdev->ctrl->dev.parent))
>> hu->hdev->wakeup = qca_wakeup;
>
> Why is `hu->serdev` not set on the device?
>
actually, hu->serdev ONLY exists for BT controller which is embedded within machine's board,
and it will be probed by serdev driver and also don't have available device node for user to btattach.
also don't need to btattach.
for external BT module, it is tty instead of serdev. so hu->serdev is nullptr.
>> } else if (ret == -ENOENT) {
>> /* No patch/nvm-config found, run with original fw/config */
>
>
> Kind regards,
>
> Paul
