Re: [PATCH] sound: Don't assume i2c device probing always succeeds
From: Takashi Iwai <hidden>
Date: 2009-09-30 14:13:55
Also in:
alsa-devel
At Wed, 30 Sep 2009 15:25:42 +0200, Jean Delvare wrote:
If i2c device probing fails, then there is no driver to dereference after calling i2c_new_device(). Stop assuming that probing will always succeed, to avoid NULL pointer dereferences. We have an easier access to the driver anyway. Reported-by: Tim Shepard <redacted> Signed-off-by: Jean Delvare <redacted> Cc: Johannes Berg <johannes@sipsolutions.net> --- The code is similar to the one in therm_adt746x, for which Tim reported a real-world oops, so it should be fixed ASAP.
Jean, thanks for the patch. I'm just wondering whether the additional NULL check of client->driver would be enough? If yes, sound/aoa/onyx.c has it, at least, and we can add the similar checks to the rest, too. Takashi
quoted hunk ↗ jump to hunk
sound/aoa/codecs/onyx.c | 4 +++- sound/aoa/codecs/tas.c | 4 +++- sound/ppc/keywest.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-)--- linux-2.6.32-rc1.orig/sound/aoa/codecs/onyx.c 2009-09-30 15:13:12.000000000 +0200 +++ linux-2.6.32-rc1/sound/aoa/codecs/onyx.c 2009-09-30 15:13:58.000000000 +0200@@ -996,6 +996,8 @@ static void onyx_exit_codec(struct aoa_c onyx->codec.soundbus_dev->detach_codec(onyx->codec.soundbus_dev, onyx); } +static struct i2c_driver onyx_driver; + static int onyx_create(struct i2c_adapter *adapter, struct device_node *node, int addr)@@ -1027,7 +1029,7 @@ static int onyx_create(struct i2c_adapte * Let i2c-core delete that device on driver removal. * This is safe because i2c-core holds the core_lock mutex for us. */ - list_add_tail(&client->detected, &client->driver->clients); + list_add_tail(&client->detected, &onyx_driver.clients); return 0; } --- linux-2.6.32-rc1.orig/sound/aoa/codecs/tas.c 2009-09-30 15:13:12.000000000 +0200 +++ linux-2.6.32-rc1/sound/aoa/codecs/tas.c 2009-09-30 15:13:58.000000000 +0200@@ -882,6 +882,8 @@ static void tas_exit_codec(struct aoa_co } +static struct i2c_driver tas_driver; + static int tas_create(struct i2c_adapter *adapter, struct device_node *node, int addr)@@ -902,7 +904,7 @@ static int tas_create(struct i2c_adapter * Let i2c-core delete that device on driver removal. * This is safe because i2c-core holds the core_lock mutex for us. */ - list_add_tail(&client->detected, &client->driver->clients); + list_add_tail(&client->detected, &tas_driver.clients); return 0; } --- linux-2.6.32-rc1.orig/sound/ppc/keywest.c 2009-09-30 15:13:12.000000000 +0200 +++ linux-2.6.32-rc1/sound/ppc/keywest.c 2009-09-30 15:13:58.000000000 +0200@@ -40,6 +40,8 @@ static int keywest_probe(struct i2c_clie return 0; } +struct i2c_driver keywest_driver; + /* * This is kind of a hack, best would be to turn powermac to fixed i2c * bus numbers and declare the sound device as part of platform@@ -65,7 +67,7 @@ static int keywest_attach_adapter(struct * This is safe because i2c-core holds the core_lock mutex for us. */ list_add_tail(&keywest_ctx->client->detected, - &keywest_ctx->client->driver->clients); + &keywest_driver.clients); return 0; }-- Jean Delvare