2014-09-10 20:54 GMT+09:00 Dolev Raviv <draviv@xxxxxxxxxxxxxx>:
> +static int ufshcd_config_vreg_load(struct device *dev, struct ufs_vreg *vreg,
> + int ua)
> +{
> + int ret = 0;
> + struct regulator *reg = vreg->reg;
> + const char *name = vreg->name;
> +
> + BUG_ON(!vreg);
> +
> + ret = regulator_set_optimum_mode(reg, ua);
> + if (ret >= 0) {
> + /*
> + * regulator_set_optimum_mode() returns new regulator
> + * mode upon success.
> + */
> + ret = 0;
> + } else {
> + dev_err(dev, "%s: %s set optimum mode(ua=%d) failed, err=%d\n",
> + __func__, name, ua, ret);
> + }
> +
> + return ret;
> +}
> +
> +static inline int ufshcd_config_vreg_lpm(struct ufs_hba *hba,
> + struct ufs_vreg *vreg)
> +{
> + return ufshcd_config_vreg_load(hba->dev, vreg, UFS_VREG_LPM_LOAD_UA);
> +}
If hba->vreg_info.vcc* is NULL as no applicable regulator driver exists,
this function can be called with vreg == NULL through ufshcd_suspend()
-> ufshcd_vreg_set_lpm() -> ufshcd_config_vreg_lpm(). Then this causes
null pointer dereference or hits BUG_ON in ufshcd_config_vreg_load().
> +static inline int ufshcd_config_vreg_hpm(struct ufs_hba *hba,
> + struct ufs_vreg *vreg)
> +{
> + return ufshcd_config_vreg_load(hba->dev, vreg, vreg->max_uA);
> +}
Similar issue as above will happen through ufshcd_resume() ->
ufshcd_vreg_set_hpm() -> ufshcd_config_vreg_hpm(). Then this causes
null pointer dereference of vreg->max_uA.
So should these functions be noop when vreg == NULL is passed?
--
To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
