Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2604790lqp;
        Mon, 25 Mar 2024 04:17:17 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCV9K8IvzbpjrrDig50jIXZChOFd6HXvmaK92DFk78W/IDMayOotUpLXgFxnHE7wsYAanlIIHei6Q+pN2YufID+0NcFWFGRmN+QhMY25qg==
X-Google-Smtp-Source: AGHT+IEigEhChiY7UEGBk+bQq46G/8UeUJSQij8b99pj/c2iIQ0YEUuKTiOUuz4xK9aAY5DmDEmX
X-Received: by 2002:a92:d1c7:0:b0:368:4805:b8cb with SMTP id u7-20020a92d1c7000000b003684805b8cbmr6657853ilg.18.1711365434797;
        Mon, 25 Mar 2024 04:17:14 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711365434; cv=pass;
        d=google.com; s=arc-20160816;
        b=ctDt234YcdF+xIQOF48zr2EnWft1OXr8NPoBX6CdPsCh3W1weUWwUpp65Rbwhl/7/v
         eIfUKJ3USncH+9vUAneYxzgCoXD+lnAULdHQNHE0jfJlGkB5+gdTEodLiVEEQvI5lWrL
         n4VnRQwmpNfwK+bC1GLonooxf3CZW82gGEPRWxb+pAlryxDgm91mwCZRtoF+TgbfNHxD
         NAOcTLx35eg8EEyRm+bbovN2AOaZG9Y54yLYP57wQ+Ee8npq7HUHxC+U1vYEHGhq6yHM
         vPn99/tg06j+gEZr2j7Dtd3tnrx76jM0M1wgUqeP/ZEJ5O146Z5+82JwEwxpgNHjWYJy
         2blQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=RjWmQdiSy5VLGogP1dnMUloLAJiY/FIg96+xLrGDhRg=;
        fh=ZNuqMgM9DzddGStyhU3gYHP7ZOM7clVf7jb6aYY4wwM=;
        b=DM65jw2kGFysUoQMsZsp8Zex17Bopr+m77vDZ0Xfdt984z6of8kfc5hOqGPhT5gBZG
         JSWecKUqSt5yKI437/rVEQCqh3TRG6G5zfbFB9DNFNV/HCqwiia3ucizGOLjalkJ3/aO
         oUeY0cekj1htPSYMR1QIGQOO1U1hkKmhn55dGXkbTu9SIfoC6r667WYnkAAPG62xZCgJ
         /pTn0zUBpuLDgl/BygnbdzYNQ+K8iMJwHXtoM01CVAtYgCwsJGay0skMkbtdDpSqJ2T2
         /6yE3r5ZEf02Tcj7zaAT9Z0kNXuE3tfC6D3gWpotInC9nCIfkjNM+a8mS/eiMrcGkbL1
         dWcA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="jkC/EUUU";
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-115550-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115550-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-115550-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id p20-20020a637f54000000b005d8b6a84416si7230899pgn.534.2024.03.25.04.17.14
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 25 Mar 2024 04:17:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-115550-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="jkC/EUUU";
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-115550-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115550-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6CD372E3594
	for <linux.lists.archive@gmail.com>; Mon, 25 Mar 2024 11:17:14 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5A23924BC12;
	Mon, 25 Mar 2024 02:43:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jkC/EUUU"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3E081EFE51;
	Sun, 24 Mar 2024 22:57:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711321052; cv=none; b=Y3wgvrx0jRvdwtVAQRl0DJkZ0qMtKqJzI4SIw/IZEdV/iwoVVoLDrwfzUDf2rvhRqXYAD9BDcEVs8IBTw3fc9j1lr80pP9Rab6i2zCqo81gBRH+/SXTnyMuThss0llNEWA3DPqMTwPJho+/8Y+ueA4dwwaWSxZbnpHV6gznaxsc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711321052; c=relaxed/simple;
	bh=zSaTQbLe5/o3mV5I+JsovcB5JCLObPOmrNcs48f9lrA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=MwO3GCUdPaULEWA7J+zs+1CTZUo2ZFeWRy3HRWuZQir2tFADS4FPIdiwkXJbXEDyDdqK90LLB8PftQ3VS9Pq/afNFAbB7XwC2q2DtaZ8tdi64dXSwrT2OPO4HoMsqWv2jbUrL9uOvUuruI9zdPWWjR4OVWXZdE1iESHhAQeBzso=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jkC/EUUU; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1BC73C43394;
	Sun, 24 Mar 2024 22:57:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711321052;
	bh=zSaTQbLe5/o3mV5I+JsovcB5JCLObPOmrNcs48f9lrA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=jkC/EUUU9tAHEkZYRKo91SjmDQYhoH1GutRRKFcRRjezx/vdKOyDEicdm2CIDf/uS
	 UBS6wVgMDocpt9nhxJQ0w22SNZGc4RJBnq+qN5FaQZgTizzRDw4obRn4gIF6O4Lk/l
	 GDofBXLB8oUmol536irXDo0m5y39GsSQjjdGubVQ+XdL+LBFDL4lx/+mtJSuRgfQiX
	 ufQGHMgYC0+szoGvXVHGwPlFFIIKbVkwCEi7EZt80THJbaJDx1tZRjAezLpClVkq0b
	 PLVKLtBZG621ap1uDcecg3/Ef0qpZ9UIthY92zBZV6bWGaEK03Z4OQGqXs+bYvy9I4
	 G9fUr0XCrVpWQ==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Frej Drejhammar <frej.drejhammar@gmail.com>,
	Ian Abbott <abbotti@mev.co.uk>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 6.7 616/713] comedi: comedi_8255: Correct error in subdevice initialization
Date: Sun, 24 Mar 2024 18:45:42 -0400
Message-ID: <20240324224720.1345309-617-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240324224720.1345309-1-sashal@kernel.org>
References: <20240324224720.1345309-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Frej Drejhammar <frej.drejhammar@gmail.com>

commit cfa9ba1ae0bef0681833a22d326174fe633caab5 upstream.

The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Rework
subdevice initialization functions") to the initialization of the io
field of struct subdev_8255_private broke all cards using the
drivers/comedi/drivers/comedi_8255.c module.

Prior to 5c57b1ccecc7, __subdev_8255_init() initialized the io field
in the newly allocated struct subdev_8255_private to the non-NULL
callback given to the function, otherwise it used a flag parameter to
select between subdev_8255_mmio and subdev_8255_io. The refactoring
removed that logic and the flag, as subdev_8255_mm_init() and
subdev_8255_io_init() now explicitly pass subdev_8255_mmio and
subdev_8255_io respectively to __subdev_8255_init(), only
__subdev_8255_init() never sets spriv->io to the supplied
callback. That spriv->io is NULL leads to a later BUG:

BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0010 [#1] SMP PTI
CPU: 1 PID: 1210 Comm: systemd-udevd Not tainted 6.7.3-x86_64 #1
Hardware name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b
RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00
RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000
R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8
FS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0
Call Trace:
 <TASK>
 ? __die_body+0x15/0x57
 ? page_fault_oops+0x2ef/0x33c
 ? insert_vmap_area.constprop.0+0xb6/0xd5
 ? alloc_vmap_area+0x529/0x5ee
 ? exc_page_fault+0x15a/0x489
 ? asm_exc_page_fault+0x22/0x30
 __subdev_8255_init+0x79/0x8d [comedi_8255]
 pci_8255_auto_attach+0x11a/0x139 [8255_pci]
 comedi_auto_config+0xac/0x117 [comedi]
 ? __pfx___driver_attach+0x10/0x10
 pci_device_probe+0x88/0xf9
 really_probe+0x101/0x248
 __driver_probe_device+0xbb/0xed
 driver_probe_device+0x1a/0x72
 __driver_attach+0xd4/0xed
 bus_for_each_dev+0x76/0xb8
 bus_add_driver+0xbe/0x1be
 driver_register+0x9a/0xd8
 comedi_pci_driver_register+0x28/0x48 [comedi_pci]
 ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci]
 do_one_initcall+0x72/0x183
 do_init_module+0x5b/0x1e8
 init_module_from_file+0x86/0xac
 __do_sys_finit_module+0x151/0x218
 do_syscall_64+0x72/0xdb
 entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7f72f50a0cb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000562dd06ae070 RCX: 00007f72f50a0cb9
RDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e
RBP: 0000000000000000 R08: 00007f72f5168b20 R09: 0000000000000000
R10: 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df
R13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8
 </TASK>
Modules linked in: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b
RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00
RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000
R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8
FS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0

This patch simply corrects the above mistake by initializing spriv->io
to the given io callback.

Fixes: 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice initialization functions")
Signed-off-by: Frej Drejhammar <frej.drejhammar@gmail.com>
Cc: stable@vger.kernel.org
Acked-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Link: https://lore.kernel.org/r/20240211175822.1357-1-frej.drejhammar@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/comedi/drivers/comedi_8255.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/comedi/drivers/comedi_8255.c b/drivers/comedi/drivers/comedi_8255.c
index e4974b508328d..a933ef53845a5 100644
--- a/drivers/comedi/drivers/comedi_8255.c
+++ b/drivers/comedi/drivers/comedi_8255.c
@@ -159,6 +159,7 @@ static int __subdev_8255_init(struct comedi_device *dev,
 		return -ENOMEM;
 
 	spriv->context = context;
+	spriv->io      = io;
 
 	s->type		= COMEDI_SUBD_DIO;
 	s->subdev_flags	= SDF_READABLE | SDF_WRITABLE;
-- 
2.43.0