From: Dean Jenkins <Dean_Jenkins@mentor.com>
Date: Thu, 20 Apr 2017 17:06:39 +0000 (+0100)
Subject: Bluetooth: hci_ldisc: Add missing return in hci_uart_init_work()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cb926520e18e6aecc63614b8aa2e40d431aa29cd;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

Bluetooth: hci_ldisc: Add missing return in hci_uart_init_work()

If hci_register_dev() returns an error in hci_uart_init_work()
then the HCI_UART_REGISTERED bit gets erroneously set due to
a missing return statement. Therefore, add the missing return
statement.

The consequence of the missing return is that the HCI UART is not
registered but HCI_UART_REGISTERED is set which allows the code
to think that hu->hdev is safe to access but hu->hdev has been
freed so could lead to a crash.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---

diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index cec4438ede01..1166e3f5682d 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -187,6 +187,7 @@ static void hci_uart_init_work(struct work_struct *work)
 		hci_free_dev(hu->hdev);
 		hu->hdev = NULL;
 		hu->proto->close(hu);
+		return;
 	}
 
 	set_bit(HCI_UART_REGISTERED, &hu->flags);