On Fri, Jul 12, 2019 at 03:02:37PM +0100, Ian Abbott wrote:
> commit b8336be66dec06bef518030a0df9847122053ec5 upstream.
>
> The interrupt handler `dt282x_interrupt()` causes a null pointer
> dereference for those supported boards that have no analog output
> support. For these boards, `dev->write_subdev` will be `NULL` and
> therefore the `s_ao` subdevice pointer variable will be `NULL`. In that
> case, the following call near the end of the interrupt handler results
> in a null pointer dereference:
>
> cfc_handle_events(dev, s_ao);
>
> [ Upstream equivalent:
> comedi_handle_events(dev, s_ao);
> -- IA ]
>
> Fix it by only calling the above function if `s_ao` is valid.
>
> (There are other uses of `s_ao` by the interrupt handler that may or may
> not be reached depending on values of hardware registers. Trust that
> they are reliable for now.)
>
> Fixes: f21c74fa4cfe ("staging: comedi: dt282x: use cfc_handle_events()")
> Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> ---
> drivers/staging/comedi/drivers/dt282x.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Thanks for the patch, I've taken it for my 3.18-android tree.
greg k-h
