Module Name: src
Committed By: plunky
Date: Tue Jun 28 13:25:36 UTC 2022
Modified Files:
src/sys/dev/bluetooth: bcsp.c bth5.c btuart.c
Log Message:
remove KASSERT() checking for t_oproc at open since assigning this line
discipline to a pty may not have that set. Instead do a runtime check to
ensure that the function exists before calling it, as ttstart() handles it.
Same code in btuart.c, bcsp.c and bth5.c
Reported-by: syzbot+766981eef92a3cd03...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/sys/dev/bluetooth/bcsp.c
cvs rdiff -u -r1.6 -r1.7 src/sys/dev/bluetooth/bth5.c
cvs rdiff -u -r1.29 -r1.30 src/sys/dev/bluetooth/btuart.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/bluetooth/bcsp.c
diff -u src/sys/dev/bluetooth/bcsp.c:1.31 src/sys/dev/bluetooth/bcsp.c:1.32
--- src/sys/dev/bluetooth/bcsp.c:1.31 Thu Jan 24 09:33:03 2019
+++ src/sys/dev/bluetooth/bcsp.c Tue Jun 28 13:25:36 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: bcsp.c,v 1.31 2019/01/24 09:33:03 knakahara Exp $ */
+/* $NetBSD: bcsp.c,v 1.32 2022/06/28 13:25:36 plunky Exp $ */
/*
* Copyright (c) 2007 KIYOHARA Takashi
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bcsp.c,v 1.31 2019/01/24 09:33:03 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bcsp.c,v 1.32 2022/06/28 13:25:36 plunky Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -387,8 +387,6 @@ bcspopen(dev_t device __unused, struct t
}
}
- KASSERT(tp->t_oproc != NULL);
-
cfdata = malloc(sizeof(struct cfdata), M_DEVBUF, M_WAITOK);
for (unit = 0; unit < bcsp_cd.cd_ndevs; unit++)
if (device_lookup(&bcsp_cd, unit) == NULL)
@@ -597,7 +595,7 @@ bcsp_slip_transmit(struct tty *tp)
sc->sc_stats.byte_tx += count;
- if (tp->t_outq.c_cc != 0)
+ if (tp->t_outq.c_cc != 0 && tp->t_oproc != NULL)
(*tp->t_oproc)(tp);
return 0;
Index: src/sys/dev/bluetooth/bth5.c
diff -u src/sys/dev/bluetooth/bth5.c:1.6 src/sys/dev/bluetooth/bth5.c:1.7
--- src/sys/dev/bluetooth/bth5.c:1.6 Sat Nov 16 22:06:49 2019
+++ src/sys/dev/bluetooth/bth5.c Tue Jun 28 13:25:36 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: bth5.c,v 1.6 2019/11/16 22:06:49 mlelstv Exp $ */
+/* $NetBSD: bth5.c,v 1.7 2022/06/28 13:25:36 plunky Exp $ */
/*
* Copyright (c) 2017 Nathanial Sloss <nathanialsl...@yahoo.com.au>
* All rights reserved.
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bth5.c,v 1.6 2019/11/16 22:06:49 mlelstv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bth5.c,v 1.7 2022/06/28 13:25:36 plunky Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -392,8 +392,6 @@ bth5open(dev_t device __unused, struct t
}
}
- KASSERT(tp->t_oproc != NULL);
-
cfdata = malloc(sizeof(struct cfdata), M_DEVBUF, M_WAITOK);
for (unit = 0; unit < bthfive_cd.cd_ndevs; unit++)
if (device_lookup(&bthfive_cd, unit) == NULL)
@@ -633,7 +631,7 @@ bth5_slip_transmit(struct tty *tp)
sc->sc_stats.byte_tx += count;
- if (tp->t_outq.c_cc != 0)
+ if (tp->t_outq.c_cc != 0 && tp->t_oproc != NULL)
(*tp->t_oproc)(tp);
return 0;
Index: src/sys/dev/bluetooth/btuart.c
diff -u src/sys/dev/bluetooth/btuart.c:1.29 src/sys/dev/bluetooth/btuart.c:1.30
--- src/sys/dev/bluetooth/btuart.c:1.29 Thu Jan 24 09:33:03 2019
+++ src/sys/dev/bluetooth/btuart.c Tue Jun 28 13:25:36 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: btuart.c,v 1.29 2019/01/24 09:33:03 knakahara Exp $ */
+/* $NetBSD: btuart.c,v 1.30 2022/06/28 13:25:36 plunky Exp $ */
/*-
* Copyright (c) 2006, 2007 KIYOHARA Takashi
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: btuart.c,v 1.29 2019/01/24 09:33:03 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: btuart.c,v 1.30 2022/06/28 13:25:36 plunky Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -240,8 +240,6 @@ btuartopen(dev_t devno __unused, struct
}
}
- KASSERT(tp->t_oproc != NULL);
-
cfdata = malloc(sizeof(struct cfdata), M_DEVBUF, M_WAITOK);
for (unit = 0; unit < btuart_cd.cd_ndevs; unit++)
if (device_lookup(&btuart_cd, unit) == NULL)
@@ -543,7 +541,7 @@ btuartstart(struct tty *tp)
sc->sc_stats.byte_tx += count;
- if (tp->t_outq.c_cc != 0)
+ if (tp->t_outq.c_cc != 0 && tp->t_oproc != NULL)
(*tp->t_oproc)(tp);
return 0;
