From: Ben YoungTae Kim Date: Fri, 14 Aug 2015 05:09:42 +0000 (-0700) Subject: Bluetooth: hciuart: Fix to use boolean flag with u32 type X-Git-Tag: firefly_0821_release~176^2~1159^2~149^2~3 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=10be6c0f27d729dcebaa0ac5f168009244d71fed;p=firefly-linux-kernel-4.4.55.git Bluetooth: hciuart: Fix to use boolean flag with u32 type debugfs_create_bool is asking to put u32 type pointer instead of bool so that passing bool type with u32* cast will cause memory corruption to read that value since it is handled by 4 bytes instead of 1 byte inside. Signed-off-by: Ben Young Tae Kim Signed-off-by: Marcel Holtmann --- diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 62e45fff0b4b..6b9b91267959 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -80,8 +80,8 @@ struct qca_data { spinlock_t hci_ibs_lock; /* HCI_IBS state lock */ u8 tx_ibs_state; /* HCI_IBS transmit side power state*/ u8 rx_ibs_state; /* HCI_IBS receive side power state */ - bool tx_vote; /* Clock must be on for TX */ - bool rx_vote; /* Clock must be on for RX */ + u32 tx_vote; /* Clock must be on for TX */ + u32 rx_vote; /* Clock must be on for RX */ struct timer_list tx_idle_timer; u32 tx_idle_delay; struct timer_list wake_retrans_timer; @@ -482,10 +482,10 @@ static void qca_debugfs_init(struct hci_dev *hdev) &qca->ibs_recv_wakes); debugfs_create_u64("ibs_recv_wake_acks", mode, ibs_dir, &qca->ibs_recv_wacks); - debugfs_create_bool("tx_vote", mode, ibs_dir, (u32 *)&qca->tx_vote); + debugfs_create_bool("tx_vote", mode, ibs_dir, &qca->tx_vote); debugfs_create_u64("tx_votes_on", mode, ibs_dir, &qca->tx_votes_on); debugfs_create_u64("tx_votes_off", mode, ibs_dir, &qca->tx_votes_off); - debugfs_create_bool("rx_vote", mode, ibs_dir, (u32 *)&qca->rx_vote); + debugfs_create_bool("rx_vote", mode, ibs_dir, &qca->rx_vote); debugfs_create_u64("rx_votes_on", mode, ibs_dir, &qca->rx_votes_on); debugfs_create_u64("rx_votes_off", mode, ibs_dir, &qca->rx_votes_off); debugfs_create_u64("votes_on", mode, ibs_dir, &qca->votes_on);