[PATCH 4.2.y-ckt 036/206] staging: comedi: das1800: fix possible NULL dereference

From: Kamal Mostafa
Date: Thu Jun 09 2016 - 18:11:33 EST

Next message: Kamal Mostafa: "[PATCH 4.2.y-ckt 014/206] Bluetooth: vhci: purge unhandled skbs"
Previous message: Kamal Mostafa: "[PATCH 4.2.y-ckt 037/206] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables"
In reply to: Kamal Mostafa: "[PATCH 4.2.y-ckt 037/206] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables"
Next in thread: Kamal Mostafa: "[PATCH 4.2.y-ckt 014/206] Bluetooth: vhci: purge unhandled skbs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.2.8-ckt12 -stable review patch. If anyone has any objections, please let me know.

---8<------------------------------------------------------------

From: H Hartley Sweeten <hsweeten@xxxxxxxxxxxxxxxxxxx>

commit d375278d666760e195693b57415ba0a125cadd55 upstream.

DMA is optional with this driver. If it was not enabled the devpriv->dma
pointer will be NULL.

Fix the possible NULL pointer dereference when trying to disable the DMA
channels in das1800_ai_cancel() and tidy up the comments to fix the
checkpatch.pl issues:
WARNING: line over 80 characters

It's probably harmless in das1800_ai_setup_dma() because the 'desc' pointer
will not be used if DMA is disabled but fix it there also.

Fixes: 99dfc3357e98 ("staging: comedi: das1800: remove depends on ISA_DMA_API limitation")
Signed-off-by: H Hartley Sweeten <hsweeten@xxxxxxxxxxxxxxxxxxx>
Reviewed-by: Ian Abbott <abbotti@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
---
drivers/staging/comedi/drivers/das1800.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/comedi/drivers/das1800.c b/drivers/staging/comedi/drivers/das1800.c
index 94078118..3be1096 100644
--- a/drivers/staging/comedi/drivers/das1800.c
+++ b/drivers/staging/comedi/drivers/das1800.c
@@ -567,14 +567,17 @@ static int das1800_cancel(struct comedi_device *dev, struct comedi_subdevice *s)
struct comedi_isadma_desc *desc;
int i;

- outb(0x0, dev->iobase + DAS1800_STATUS); /* disable conversions */
- outb(0x0, dev->iobase + DAS1800_CONTROL_B); /* disable interrupts and dma */
- outb(0x0, dev->iobase + DAS1800_CONTROL_A); /* disable and clear fifo and stop triggering */
-
- for (i = 0; i < 2; i++) {
- desc = &dma->desc[i];
- if (desc->chan)
- comedi_isadma_disable(desc->chan);
+ /* disable and stop conversions */
+ outb(0x0, dev->iobase + DAS1800_STATUS);
+ outb(0x0, dev->iobase + DAS1800_CONTROL_B);
+ outb(0x0, dev->iobase + DAS1800_CONTROL_A);
+
+ if (dma) {
+ for (i = 0; i < 2; i++) {
+ desc = &dma->desc[i];
+ if (desc->chan)
+ comedi_isadma_disable(desc->chan);
+ }
}

return 0;
@@ -934,13 +937,14 @@ static void das1800_ai_setup_dma(struct comedi_device *dev,
{
struct das1800_private *devpriv = dev->private;
struct comedi_isadma *dma = devpriv->dma;
- struct comedi_isadma_desc *desc = &dma->desc[0];
+ struct comedi_isadma_desc *desc;
unsigned int bytes;

if ((devpriv->irq_dma_bits & DMA_ENABLED) == 0)
return;

dma->cur_dma = 0;
+ desc = &dma->desc[0];

/* determine a dma transfer size to fill buffer in 0.3 sec */
bytes = das1800_ai_transfer_size(dev, s, desc->maxsize, 300000000);
--
2.7.4

Next message: Kamal Mostafa: "[PATCH 4.2.y-ckt 014/206] Bluetooth: vhci: purge unhandled skbs"
Previous message: Kamal Mostafa: "[PATCH 4.2.y-ckt 037/206] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables"
In reply to: Kamal Mostafa: "[PATCH 4.2.y-ckt 037/206] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables"
Next in thread: Kamal Mostafa: "[PATCH 4.2.y-ckt 014/206] Bluetooth: vhci: purge unhandled skbs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]