* [PATCH] NFC: microread/pn544: Fix possible null pointer deference error
@ 2019-05-29 3:43 Young Xiao
0 siblings, 0 replies; only message in thread
From: Young Xiao @ 2019-05-29 3:43 UTC (permalink / raw)
To: sameo, linux-wireless, linux-kernel; +Cc: Young Xiao
When there is an access phy-hdev in pn544_hci_i2c_irq_thread_fn or
microread_i2c_irq_thread_fn, it is not initialized in pn544_hci_i2c_probe
or microread_i2c_probe.
Therefore, we change the order of calling function xxx_probe and
request_threaded_irq, and add guard of phy->hdev in
xxx_i2c_irq_thread_fn function.
Signed-off-by: Young Xiao <92siuyang@gmail.com>
---
drivers/nfc/microread/i2c.c | 19 +++++++------------
drivers/nfc/pn544/i2c.c | 16 ++++++++--------
2 files changed, 15 insertions(+), 20 deletions(-)
diff --git a/drivers/nfc/microread/i2c.c b/drivers/nfc/microread/i2c.c
index 1806d20..80fc6d5 100644
--- a/drivers/nfc/microread/i2c.c
+++ b/drivers/nfc/microread/i2c.c
@@ -212,7 +212,7 @@ static irqreturn_t microread_i2c_irq_thread_fn(int irq, void *phy_id)
struct sk_buff *skb = NULL;
int r;
- if (!phy || irq != phy->i2c_dev->irq) {
+ if (!phy || !phy->hdev || irq != phy->i2c_dev->irq) {
WARN_ON_ONCE(1);
return IRQ_NONE;
}
@@ -257,6 +257,12 @@ static int microread_i2c_probe(struct i2c_client *client,
i2c_set_clientdata(client, phy);
phy->i2c_dev = client;
+ r = microread_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
+ MICROREAD_I2C_FRAME_HEADROOM,
+ MICROREAD_I2C_FRAME_TAILROOM,
+ MICROREAD_I2C_LLC_MAX_PAYLOAD, &phy->hdev);
+ if (r < 0)
+ return r;
r = request_threaded_irq(client->irq, NULL, microread_i2c_irq_thread_fn,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
@@ -266,21 +272,10 @@ static int microread_i2c_probe(struct i2c_client *client,
return r;
}
- r = microread_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
- MICROREAD_I2C_FRAME_HEADROOM,
- MICROREAD_I2C_FRAME_TAILROOM,
- MICROREAD_I2C_LLC_MAX_PAYLOAD, &phy->hdev);
- if (r < 0)
- goto err_irq;
nfc_info(&client->dev, "Probed\n");
return 0;
-
-err_irq:
- free_irq(client->irq, phy);
-
- return r;
}
static int microread_i2c_remove(struct i2c_client *client)
diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index d0207f8..c9694c8 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -496,7 +496,7 @@ static irqreturn_t pn544_hci_i2c_irq_thread_fn(int irq, void *phy_id)
struct sk_buff *skb = NULL;
int r;
- if (!phy || irq != phy->i2c_dev->irq) {
+ if (!phy || !phy->hdev || irq != phy->i2c_dev->irq) {
WARN_ON_ONCE(1);
return IRQ_NONE;
}
@@ -924,6 +924,13 @@ static int pn544_hci_i2c_probe(struct i2c_client *client,
pn544_hci_i2c_platform_init(phy);
+ r = pn544_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
+ PN544_I2C_FRAME_HEADROOM, PN544_I2C_FRAME_TAILROOM,
+ PN544_HCI_I2C_LLC_MAX_PAYLOAD,
+ pn544_hci_i2c_fw_download, &phy->hdev);
+ if (r < 0)
+ return r;
+
r = devm_request_threaded_irq(&client->dev, client->irq, NULL,
pn544_hci_i2c_irq_thread_fn,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
@@ -933,13 +940,6 @@ static int pn544_hci_i2c_probe(struct i2c_client *client,
return r;
}
- r = pn544_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
- PN544_I2C_FRAME_HEADROOM, PN544_I2C_FRAME_TAILROOM,
- PN544_HCI_I2C_LLC_MAX_PAYLOAD,
- pn544_hci_i2c_fw_download, &phy->hdev);
- if (r < 0)
- return r;
-
return 0;
}
--
2.7.4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-05-29 3:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-29 3:43 [PATCH] NFC: microread/pn544: Fix possible null pointer deference error Young Xiao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox