Bluetooth: hci_qca: Fix an error pointer dereference
authorDan Carpenter <dan.carpenter@oracle.com>
Fri, 29 May 2020 09:59:48 +0000 (12:59 +0300)
committerMarcel Holtmann <marcel@holtmann.org>
Wed, 3 Jun 2020 17:55:33 +0000 (19:55 +0200)
When a function like devm_clk_get_optional() function returns both error
pointers on error and NULL then the NULL return means that the optional
feature is deliberately disabled.  It is a special sort of success and
should not trigger an error message.  The surrounding code should be
written to check for NULL and not crash.

On the other hand, if we encounter an error, then the probe from should
clean up and return a failure.

In this code, if devm_clk_get_optional() returns an error pointer then
the kernel will crash inside the call to:

clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ);

The error handling must be updated to prevent that.

Fixes: 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
drivers/bluetooth/hci_qca.c

index 81c3c38baba18168b883b8def6121b7fdd4fa763..836949d827ee918c96fbfe65bc8bb21140e0ca59 100644 (file)
@@ -1962,17 +1962,17 @@ static int qca_serdev_probe(struct serdev_device *serdev)
                }
 
                qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
                }
 
                qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
-               if (!qcadev->susclk) {
+               if (IS_ERR(qcadev->susclk)) {
                        dev_warn(&serdev->dev, "failed to acquire clk\n");
                        dev_warn(&serdev->dev, "failed to acquire clk\n");
-               } else {
-                       err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ);
-                       if (err)
-                               return err;
-
-                       err = clk_prepare_enable(qcadev->susclk);
-                       if (err)
-                               return err;
+                       return PTR_ERR(qcadev->susclk);
                }
                }
+               err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ);
+               if (err)
+                       return err;
+
+               err = clk_prepare_enable(qcadev->susclk);
+               if (err)
+                       return err;
 
                err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
                if (err) {
 
                err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
                if (err) {