Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp3324814pxb; Fri, 4 Feb 2022 06:20:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJyQQudOQYL+U29ggctn0OwLoCdRQoNQBNXpDF3m9qQ30zY8HcA4IonsdBYuo5O2D2ztDJdo X-Received: by 2002:a17:902:e546:: with SMTP id n6mr3360575plf.38.1643984407184; Fri, 04 Feb 2022 06:20:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643984407; cv=none; d=google.com; s=arc-20160816; b=UOwYchJrIHJHERMu1lIRtbj7Rq0fwD08TfnVlIGQRSF0o/p+DCXj/vmZDUnvsehwwW fPpwIyoU6SC33cEk537i0oxPbBQzr0YVm3pEYMsy9eMN6dhXEgu+meK8+VB8FgMeTpoY H6K4fO7mmJRCy8AW5OdEyhdYxa65idGDZzFuLsE/bHb5eJV/d1O/yc+OEVbwLY1yTILN VjIXT1eGh4MqzLCScFy6gf27qfkdwh3Hn9IgfseDS/7Pih5oLoIvMLV2xEJJA9OLubd+ EJt9VSGm7H9j85RLAwBcNiAzJcy+Atz1M1A8jdQDyLjH5KeclkQII+H1KDEdYSe9UWrz WUUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=jHE/rEZPsBZT0frQP6a0bjlVYGJWYLC5krRwpnApMIg=; b=c6qnTBjsJ35A/dVfX7v/HIxgwJMBnmSWLv2UgnkSl9NqDi+xDFx+vyF1oOzI/ods7I a329y27fiGliMrWSHZiwKj1bEQZrc5lJO1EK6uZ9FVJusUvynUeMblm1XElnzN9jWCqT XuZ2qIMJ+YoEL+QRnzflz9mV93jtFre9L5Fl5WfakOqrCkZlDHtKLKhAUVpD/5H5S/D+ Rz2a/1ZsKpuLZrP3BFIbIlOrvooK//+6Ett3fArE81nSTM/udAonDVwelJrUNrvqf1W2 feemsQiDwzCQrxQ37EwLu9A5DJuRBP4xP4gfMroxc25birAOIpkDuv8apZdTxejOqY9F mIQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s6si1803010pjm.101.2022.02.04.06.19.52; Fri, 04 Feb 2022 06:20:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350978AbiBCODL (ORCPT + 99 others); Thu, 3 Feb 2022 09:03:11 -0500 Received: from metis.ext.pengutronix.de ([85.220.165.71]:57027 "EHLO metis.ext.pengutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350969AbiBCODK (ORCPT ); Thu, 3 Feb 2022 09:03:10 -0500 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nFcZ8-0002cQ-AM; Thu, 03 Feb 2022 14:54:26 +0100 Received: from ore by dude.hi.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1nFcZ1-009S1X-Nr; Thu, 03 Feb 2022 14:54:19 +0100 From: Oleksij Rempel To: William Breathitt Gray Cc: Oleksij Rempel , linux-kernel@vger.kernel.org, Pengutronix Kernel Team , David Jander , Robin van der Gracht , linux-iio@vger.kernel.org, Jonathan Cameron Subject: [PATCH v1] counter: fix NULL pointer dereference on counter_comp_u8_store() Date: Thu, 3 Feb 2022 14:54:18 +0100 Message-Id: <20220203135418.2252624-1-o.rempel@pengutronix.de> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::7 X-SA-Exim-Mail-From: ore@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Current kernel will report NULL pointer dereference with following back trace: interrupt_cnt_enable_write from counter_comp_u8_store+0xc0/0xf4 counter_comp_u8_store from dev_attr_store+0x24/0x30 dev_attr_store from sysfs_kf_write+0x48/0x54 sysfs_kf_write from kernfs_fop_write_iter+0x128/0x1c8 kernfs_fop_write_iter from vfs_write+0x124/0x1b4 vfs_write from ksys_write+0x88/0xe0 ksys_write from sys_write+0x18/0x1c sys_write from ret_fast_syscall+0x0/0x1c Add missing dev_set_drvdata() to fix it. Signed-off-by: Oleksij Rempel --- drivers/counter/counter-core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/counter/counter-core.c b/drivers/counter/counter-core.c index 7e0957eea094..1de16d5e9fbc 100644 --- a/drivers/counter/counter-core.c +++ b/drivers/counter/counter-core.c @@ -98,6 +98,8 @@ struct counter_device *counter_alloc(size_t sizeof_priv) counter = &ch->counter; dev = &counter->dev; + dev_set_drvdata(dev, counter); + /* Acquire unique ID */ err = ida_alloc(&counter_ida, GFP_KERNEL); if (err < 0) -- 2.30.2