re: Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()

[Colin Ian King]

Hi,

Static analysis with Coverity has found a potential issue in
drivers/bluetooth/hci_qca.c, function qca_power_shutdown.

The commit that triggered the detection of the issue was as follows:

commit 5559904ccc0867a0ce796761681e40defe4a5f44
Author: Rocky Liao <rjliao@xxxxxxxxxxxxxx>
Date:   Wed Jan 15 16:55:50 2020 +0800

    Bluetooth: hci_qca: Add QCA Rome power off support to the
qca_power_shutdown()

The issue is as follows:

1776 static void qca_power_shutdown(struct hci_uart *hu)
1777 {
1778        struct qca_serdev *qcadev;
1779        struct qca_data *qca = hu->priv;
1780        unsigned long flags;
1781        enum qca_btsoc_type soc_type = qca_soc_type(hu);
1782
    deref_ptr_in_call: Dereferencing pointer hu->serdev.

1783        qcadev = serdev_device_get_drvdata(hu->serdev);

...

1797        /* Non-serdev device usually is powered by external power
1798         * and don't need additional action in driver for power down
1799         */

Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking hu->serdev suggests that it may be
null, but it has already been dereferenced on all paths leading to the
check.

1800        if (!hu->serdev)
1801                return;

There is a null check on hu->serdev on line 1800, however, in a previous
statement in line 1783 hu->serdev is being dereferenced.  Either
hu->serdev is never null and the check is redundant, or it can be null
and the null check needs to be moved to before line 1783.

Colin