Re: [PATCH] iio: imu: adis: Fix NULL pointer dereference in adis_init

[Andy Shevchenko <andriy.shevchenko@intel.com>]

On Fri, Feb 20, 2026 at 03:36:17PM +0200, Radu Sabau via B4 Relay wrote:

> The adis_init() function dereferences adis->ops to check if the
> individual function pointers (write, read, reset) are NULL, but does
> not first check if adis->ops itself is NULL.
> 
> Drivers like adis16480, adis16490, adis16545 and others do not set
> custom ops and rely on adis_init() assigning the defaults. Since struct
> adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL
> when adis_init() is called, causing a NULL pointer dereference:
> 
>     Unable to handle kernel NULL pointer dereference at virtual
>     address 0000000000000000

No need to wrap backtrace lines. It makes harder to understand the trace.

    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000

>     pc : adis_init+0xc0/0x118
>     Call trace:
>      adis_init+0xc0/0x118
>      adis16480_probe+0xe0/0x670
> 
> Fix this by checking if adis->ops is NULL before dereferencing it,
> falling through to assign the default ops in that case.

...

> -	if (!adis->ops->write && !adis->ops->read && !adis->ops->reset)
> +	if (!adis->ops || (!adis->ops->write && !adis->ops->read && !adis->ops->reset))
>  		adis->ops = &adis_default_ops;
>  	else if (!adis->ops->write || !adis->ops->read || !adis->ops->reset)
>  		return -EINVAL;

Personally I wouldn't mix these two, and do rather

	if (!adis->ops)
		adis->ops = &adis_default_ops;

	// Actually the below check seems redundant to me, I would rather
	// expect that be absent in the first place.

	else if (!adis->ops->write && !adis->ops->read && !adis->ops->reset)
		adis->ops = &adis_default_ops;
	else if (!adis->ops->write || !adis->ops->read || !adis->ops->reset)
		return -EINVAL;

It also adds a flexibility to only cover missed callbacks in the future
(in case if we need that). But also see above comment.

-- 
With Best Regards,
Andy Shevchenko