Re: [PATCH] cbus-tahvo-usb: Fix tahvo_usb_device pointer

Felipe Balbi <balbi@xxxxxx> · Thu, 10 Mar 2011 11:03:58 +0200

Hi,

On Wed, Mar 09, 2011 at 07:07:05PM +0100, Michael Buesch wrote:
> The static tahvo_usb_device is uninitialized, but used
> in the otg interrupt handler. This results in a NULL pointer
> dereference on interrupt.
> Fix this by storing a struct tahvo_usb pointer instead of
> a platform device.
> 
> Signed-off-by: Michael Buesch <mb@xxxxxxxxx>

Acked-by: Felipe Balbi <balbi@xxxxxx>

> The global tahvo_usb_device pointer should eventually be removed
> completely in a later patch. But let's get it working first.

For sure :-)

> Index: linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c
> ===================================================================
> --- linux-2.6.38-rc7.orig/drivers/cbus/tahvo-usb.c	2011-03-09 18:47:41.147540155 +0100
> +++ linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c	2011-03-09 18:50:59.658485748 +0100
> @@ -99,7 +99,7 @@ struct tahvo_usb {
>  	int tahvo_mode;
>  #endif
>  };
> -static struct platform_device tahvo_usb_device;
> +static struct tahvo_usb *tahvo_usb_device;
>  
>  /*
>   * ---------------------------------------------------------------------------
> @@ -114,8 +114,7 @@ static struct platform_device *tahvo_otg
>  
>  static irqreturn_t omap_otg_irq(int irq, void *arg)
>  {
> -	struct platform_device *otg_dev = arg;
> -	struct tahvo_usb *tu = platform_get_drvdata(otg_dev);
> +	struct tahvo_usb *tu = arg;
>  	u16 otg_irq;
>  
>  	otg_irq = omap_readw(OTG_IRQ_SRC);
> @@ -201,12 +200,12 @@ static int __init omap_otg_probe(struct
>  
>  	return request_irq(tahvo_otg_dev->resource[1].start,
>  			   omap_otg_irq, IRQF_DISABLED, DRIVER_NAME,
> -			   &tahvo_usb_device);
> +			   tahvo_usb_device);
>  }
>  
>  static int __exit omap_otg_remove(struct platform_device *pdev)
>  {
> -	free_irq(tahvo_otg_dev->resource[1].start, &tahvo_usb_device);
> +	free_irq(tahvo_otg_dev->resource[1].start, tahvo_usb_device);
>  	tahvo_otg_dev = NULL;
>  
>  	return 0;
> @@ -659,6 +658,7 @@ static int __init tahvo_usb_probe(struct
>  	tu = kzalloc(sizeof(*tu), GFP_KERNEL);
>  	if (!tu)
>  		return -ENOMEM;
> +	tahvo_usb_device = tu;
>  
>  	tu->pt_dev = container_of(dev, struct platform_device, dev);

I don't get why they save the entire platform_device structure inside
tahvo_usb structure. It's well enough to have a struct device *

-- 
balbi
--
To unsubscribe from this list: send the line "unsubscribe linux-omap" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html