At Wed, 30 Sep 2009 15:25:42 +0200, Jean Delvare wrote:
If i2c device probing fails, then there is no driver to dereference after calling i2c_new_device(). Stop assuming that probing will always succeed, to avoid NULL pointer dereferences. We have an easier access to the driver anyway.
Reported-by: Tim Shepard shep@alum.mit.edu Signed-off-by: Jean Delvare khali@linux-fr.org Cc: Johannes Berg johannes@sipsolutions.net
The code is similar to the one in therm_adt746x, for which Tim reported a real-world oops, so it should be fixed ASAP.
Jean, thanks for the patch.
I'm just wondering whether the additional NULL check of client->driver would be enough? If yes, sound/aoa/onyx.c has it, at least, and we can add the similar checks to the rest, too.
Takashi
sound/aoa/codecs/onyx.c | 4 +++- sound/aoa/codecs/tas.c | 4 +++- sound/ppc/keywest.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-)
--- linux-2.6.32-rc1.orig/sound/aoa/codecs/onyx.c 2009-09-30 15:13:12.000000000 +0200 +++ linux-2.6.32-rc1/sound/aoa/codecs/onyx.c 2009-09-30 15:13:58.000000000 +0200 @@ -996,6 +996,8 @@ static void onyx_exit_codec(struct aoa_c onyx->codec.soundbus_dev->detach_codec(onyx->codec.soundbus_dev, onyx); }
+static struct i2c_driver onyx_driver;
static int onyx_create(struct i2c_adapter *adapter, struct device_node *node, int addr) @@ -1027,7 +1029,7 @@ static int onyx_create(struct i2c_adapte * Let i2c-core delete that device on driver removal. * This is safe because i2c-core holds the core_lock mutex for us. */
- list_add_tail(&client->detected, &client->driver->clients);
- list_add_tail(&client->detected, &onyx_driver.clients); return 0;
}
--- linux-2.6.32-rc1.orig/sound/aoa/codecs/tas.c 2009-09-30 15:13:12.000000000 +0200 +++ linux-2.6.32-rc1/sound/aoa/codecs/tas.c 2009-09-30 15:13:58.000000000 +0200 @@ -882,6 +882,8 @@ static void tas_exit_codec(struct aoa_co }
+static struct i2c_driver tas_driver;
static int tas_create(struct i2c_adapter *adapter, struct device_node *node, int addr) @@ -902,7 +904,7 @@ static int tas_create(struct i2c_adapter * Let i2c-core delete that device on driver removal. * This is safe because i2c-core holds the core_lock mutex for us. */
- list_add_tail(&client->detected, &client->driver->clients);
- list_add_tail(&client->detected, &tas_driver.clients); return 0;
}
--- linux-2.6.32-rc1.orig/sound/ppc/keywest.c 2009-09-30 15:13:12.000000000 +0200 +++ linux-2.6.32-rc1/sound/ppc/keywest.c 2009-09-30 15:13:58.000000000 +0200 @@ -40,6 +40,8 @@ static int keywest_probe(struct i2c_clie return 0; }
+struct i2c_driver keywest_driver;
/*
- This is kind of a hack, best would be to turn powermac to fixed i2c
- bus numbers and declare the sound device as part of platform
@@ -65,7 +67,7 @@ static int keywest_attach_adapter(struct * This is safe because i2c-core holds the core_lock mutex for us. */ list_add_tail(&keywest_ctx->client->detected,
&keywest_ctx->client->driver->clients);
&keywest_driver.clients);}
-- Jean Delvare