Bluetooth: Fix hci core device initialization

We must not call device_del() if we didn't use device_add(). See module.c for comments on that. Therefore, we need to call device_initialize() when allocating the hci device and later device_add() instead of device_register(). This also fixes a bug when hci_register_dev() failed and we call hci_free_dev() without a valid core device. hci_free_dev() segfaults while calling put_device() on invalid memory. We already do this with hci_conn connections (hci_conn_init_sysfs()) so they do not need to be fixed. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

Bluetooth: Fix hci core device initialization
We must not call device_del() if we didn't use device_add(). See module.c for comments on that. Therefore, we need to call device_initialize() when allocating the hci device and later device_add() instead of device_register(). This also fixes a bug when hci_register_dev() failed and we call hci_free_dev() without a valid core device. hci_free_dev() segfaults while calling put_device() on invalid memory. We already do this with hci_conn connections (hci_conn_init_sysfs()) so they do not need to be fixed. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
0ac7e700 · David Herrmann · Gustavo F. Padovan · 928abaa7 · 0ac7e700 · 0ac7e700
Commit 0ac7e700 authored Oct 08, 2011 by David Herrmann Committed by Gustavo F. Padovan Oct 14, 2011
Showing with 14 additions and 6 deletions

include/net/bluetooth/hci_core.h include/net/bluetooth/hci_core.h +1 -0

net/bluetooth/hci_core.c net/bluetooth/hci_core.c +1 -0

net/bluetooth/hci_sysfs.c net/bluetooth/hci_sysfs.c +12 -6

No files found.
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -608,6 +608,7 @@ int hci_recv_frame(struct sk_buff *skb);
 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count);
 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count);
+void hci_init_sysfs(struct hci_dev *hdev);
 int hci_register_sysfs(struct hci_dev *hdev);
 void hci_unregister_sysfs(struct hci_dev *hdev);
 void hci_conn_init_sysfs(struct hci_conn *conn);

--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -912,6 +912,7 @@ struct hci_dev *hci_alloc_dev(void)
 	if (!hdev)
 		return NULL;
+	hci_init_sysfs(hdev);
 	skb_queue_head_init(&hdev->driver_init);
 	return hdev;

--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -542,6 +542,17 @@ static int auto_accept_delay_get(void *data, u64 *val)
 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
 					auto_accept_delay_set, "%llu\n");
+void hci_init_sysfs(struct hci_dev *hdev)
+{
+	struct device *dev = &hdev->dev;
+	dev->type = &bt_host;
+	dev->class = bt_class;
+	dev_set_drvdata(dev, hdev);
+	device_initialize(dev);
+}
 int hci_register_sysfs(struct hci_dev *hdev)
 {
 	struct device *dev = &hdev->dev;
@@ -549,15 +560,10 @@ int hci_register_sysfs(struct hci_dev *hdev)
 	BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
-	dev->type = &bt_host;
-	dev->class = bt_class;
 	dev->parent = hdev->parent;
 	dev_set_name(dev, "%s", hdev->name);
-	dev_set_drvdata(dev, hdev);
+	err = device_add(dev);
-	err = device_register(dev);
 	if (err < 0)
 		return err;