Re:Re: [PATCH] Bluetooth: virtio_bt: unregister HCI device on open failure

[haoxiang_li2024]

Hi Paul,

At 2026-06-24 17:10:55, "Paul Menzel" <pmenzel@xxxxxxxxxxxxx> wrote:
>
>Should you resend, please re-flow for 72/75 characters, so only three 
>lines are used.
>

Thank you for the review!

Following Dan's suggestions, I reworked the patch in v2. I also made the
commit message more compact based on your suggestion. 

>
>PS: gemini/gemini-3.1-pro-preview found an unrelated issue to the patch 
>during review of this patch [1].
>
>> This is a pre-existing issue, but does this error path safely clean up the
>> active virtqueues? 
>> Earlier in virtbt_probe(), virtio_device_ready(vdev) marks the device as
>> active. If virtbt_open_vdev() subsequently fails, the code jumps to the
>> open_failed label and eventually reaches here to call del_vqs(vdev).
>> Deleting virtqueues without calling virtio_reset_device(vdev) first violates
>> the VirtIO API contract for active devices. It could allow the host or
>> hypervisor to access guest memory that has already been freed by del_vqs(),
>> potentially leading to a use-after-free.
>> Should virtio_reset_device(vdev) be called before tearing down the
>> virtqueues in this error path?
>
>No idea, how to best track these things.
>

The issue noted in your PS is now handled by resetting the virtio device
before tearing down the virtqueues in the virtbt_open_vdev() failure path.

Since v2 changes more than the original one-line fix, I did not carry your
Reviewed-by tag. Thanks again!

Thanks,
Haoxiang