The interrupt handler, ohci_hcd_at91_overcurrent_irq may be called right
after registration. At that time, pdev->dev.platform_data is not yet set,
leading to a NULL pointer dereference.
Fixes: e4df92279fd9 (USB: host: ohci-at91: merge loops in ohci_hcd_at91_drv_probe)
Reported-by: Peter Rosin <[email protected]>
Tested-by: Peter Rosin <[email protected]>
Signed-off-by: Alexandre Belloni <[email protected]>
---
drivers/usb/host/ohci-at91.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/host/ohci-at91.c b/drivers/usb/host/ohci-at91.c
index 342ffd140122..8c6e15bd6ff0 100644
--- a/drivers/usb/host/ohci-at91.c
+++ b/drivers/usb/host/ohci-at91.c
@@ -473,6 +473,8 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
if (!pdata)
return -ENOMEM;
+ pdev->dev.platform_data = pdata;
+
if (!of_property_read_u32(np, "num-ports", &ports))
pdata->ports = ports;
@@ -483,6 +485,7 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
*/
if (i >= pdata->ports) {
pdata->vbus_pin[i] = -EINVAL;
+ pdata->overcurrent_pin[i] = -EINVAL;
continue;
}
@@ -513,10 +516,8 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
}
at91_for_each_port(i) {
- if (i >= pdata->ports) {
- pdata->overcurrent_pin[i] = -EINVAL;
- continue;
- }
+ if (i >= pdata->ports)
+ break;
pdata->overcurrent_pin[i] =
of_get_named_gpio_flags(np, "atmel,oc-gpio", i, &flags);
@@ -552,8 +553,6 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
}
}
- pdev->dev.platform_data = pdata;
-
device_init_wakeup(&pdev->dev, 1);
return usb_hcd_at91_probe(&ohci_at91_hc_driver, pdev);
}
--
2.5.0
Le 02/12/2015 20:36, Alexandre Belloni a ?crit :
> The interrupt handler, ohci_hcd_at91_overcurrent_irq may be called right
> after registration. At that time, pdev->dev.platform_data is not yet set,
> leading to a NULL pointer dereference.
>
> Fixes: e4df92279fd9 (USB: host: ohci-at91: merge loops in ohci_hcd_at91_drv_probe)
Yes, with:
Cc: [email protected] # 4.3+
> Reported-by: Peter Rosin <[email protected]>
> Tested-by: Peter Rosin <[email protected]>
> Signed-off-by: Alexandre Belloni <[email protected]>
Acked-by: Nicolas Ferre <[email protected]>
Alan, I think it's a good candidate to enter the 4.4-rcX...
Thanks, bye.
> ---
> drivers/usb/host/ohci-at91.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/usb/host/ohci-at91.c b/drivers/usb/host/ohci-at91.c
> index 342ffd140122..8c6e15bd6ff0 100644
> --- a/drivers/usb/host/ohci-at91.c
> +++ b/drivers/usb/host/ohci-at91.c
> @@ -473,6 +473,8 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
> if (!pdata)
> return -ENOMEM;
>
> + pdev->dev.platform_data = pdata;
> +
> if (!of_property_read_u32(np, "num-ports", &ports))
> pdata->ports = ports;
>
> @@ -483,6 +485,7 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
> */
> if (i >= pdata->ports) {
> pdata->vbus_pin[i] = -EINVAL;
> + pdata->overcurrent_pin[i] = -EINVAL;
> continue;
> }
>
> @@ -513,10 +516,8 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
> }
>
> at91_for_each_port(i) {
> - if (i >= pdata->ports) {
> - pdata->overcurrent_pin[i] = -EINVAL;
> - continue;
> - }
> + if (i >= pdata->ports)
> + break;
>
> pdata->overcurrent_pin[i] =
> of_get_named_gpio_flags(np, "atmel,oc-gpio", i, &flags);
> @@ -552,8 +553,6 @@ static int ohci_hcd_at91_drv_probe(struct platform_device *pdev)
> }
> }
>
> - pdev->dev.platform_data = pdata;
> -
> device_init_wakeup(&pdev->dev, 1);
> return usb_hcd_at91_probe(&ohci_at91_hc_driver, pdev);
> }
>
--
Nicolas Ferre
On Thu, 3 Dec 2015, Nicolas Ferre wrote:
> Le 02/12/2015 20:36, Alexandre Belloni a ?crit :
> > The interrupt handler, ohci_hcd_at91_overcurrent_irq may be called right
> > after registration. At that time, pdev->dev.platform_data is not yet set,
> > leading to a NULL pointer dereference.
> >
> > Fixes: e4df92279fd9 (USB: host: ohci-at91: merge loops in ohci_hcd_at91_drv_probe)
>
> Yes, with:
> Cc: [email protected] # 4.3+
>
>
> > Reported-by: Peter Rosin <[email protected]>
> > Tested-by: Peter Rosin <[email protected]>
> > Signed-off-by: Alexandre Belloni <[email protected]>
>
> Acked-by: Nicolas Ferre <[email protected]>
>
> Alan, I think it's a good candidate to enter the 4.4-rcX...
I agree. Greg, please merge this with a CC: stable tag added.
Acked-by: Alan Stern <[email protected]>
Alan Stern