2012-05-06 16:25:14

by Krzysztof Wilczynski

[permalink] [raw]
Subject: [PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

This is to address a possible NULL pointer dereference on a platform that might
use this driver but its underlying IRQ chip does not provide an irq_eoi callback.

A commit 0766d20 added an conditional to the code, but then it was later
super-seeded by commit 20e2aa9 which introduced number of helper functions
for accessing various members of the irq_desc struct, but removed said
conditional from the code.

This change will re-introduce conditional guarding against possible NULL
pointer dereference caused by missing EIO handler.

Signed-off-by: Krzysztof Wilczynski <[email protected]>
---
drivers/gpio/gpio-langwell.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/gpio/gpio-langwell.c b/drivers/gpio/gpio-langwell.c
index 00692e8..5749738 100644
--- a/drivers/gpio/gpio-langwell.c
+++ b/drivers/gpio/gpio-langwell.c
@@ -260,7 +260,8 @@ static void lnw_irq_handler(unsigned irq, struct irq_desc *desc)
}
}

- chip->irq_eoi(data);
+ if (data)
+ chip->irq_eoi(data);
}

#ifdef CONFIG_PM
--
1.7.2.5


2012-05-07 19:19:01

by Thomas Gleixner

[permalink] [raw]
Subject: Re: [PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

On Sun, 6 May 2012, Krzysztof Wilczynski wrote:

> This is to address a possible NULL pointer dereference on a platform that might
> use this driver but its underlying IRQ chip does not provide an irq_eoi callback.
>
> A commit 0766d20 added an conditional to the code, but then it was later
> super-seeded by commit 20e2aa9 which introduced number of helper functions
> for accessing various members of the irq_desc struct, but removed said
> conditional from the code.
>
> This change will re-introduce conditional guarding against possible NULL
> pointer dereference caused by missing EIO handler.
>
> Signed-off-by: Krzysztof Wilczynski <[email protected]>
> ---
> drivers/gpio/gpio-langwell.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/gpio/gpio-langwell.c b/drivers/gpio/gpio-langwell.c
> index 00692e8..5749738 100644
> --- a/drivers/gpio/gpio-langwell.c
> +++ b/drivers/gpio/gpio-langwell.c
> @@ -260,7 +260,8 @@ static void lnw_irq_handler(unsigned irq, struct irq_desc *desc)
> }
> }
>
> - chip->irq_eoi(data);
> + if (data)
> + chip->irq_eoi(data);

And how does data, which is always set as long as the interrupt exist
prove that the chip has an eoi function?

Thanks,

tglx

2012-05-07 20:20:20

by Krzysztof Wilczynski

[permalink] [raw]
Subject: Re: [PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

Hi,

[...]
>> -     chip->irq_eoi(data);
>> +     if (data)
>> +             chip->irq_eoi(data);
>
> And how does data, which is always set as long as the interrupt exist
> prove that the chip has an eoi function?

It won't, a very good point. And as you told me (IRC) this has to be
solved on a more generic level (core handlers), and possibly
abstracted from the drivers. I will do and read through the code of
core handlers to learn more. Thanks for pointing it out and help so
far :)

KW