On 21/05/2024 17:48, Luiz Augusto von Dentz wrote:
driver->remove() even is not triggered during above steps.
Commit C: 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") this commit is to fix issue B which is actually caused by Commit B, but it has Fixes tag for Commit A. and it also introduces the regression issue A.
Reading again the commit message for the UAF fix it sounds like a different problem:
The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g. if hci_dev_open_sync() failed), because the serdev and its TTY are not open either. Also skip this step if device is powered off (qca_power_shutdown()).So if hci_dev_open_sync has failed it says serdev and its TTY will not be open either, so I guess that's why HCI_SETUP was added as a condition to bail out? So it seems correct to do that although I'd change the comments.
@Krzysztof Kozlowski do you still have a test setup for 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev"), can you try with these changes?
Unfortunately not at the moment, because mainline never had a proper support for a variant of this Bluetooth/WiFi on our boards, so it was working with few out of tree patches. I think Bartosz is working on fixing it via power sequence, but that's not in the mainline yet.
Best regards, Krzysztof