[PATCH 1/3] staging: media: omap1: fix null pointer dereference in omap1_cam_probe()

From: Janusz Krzysztofik
Date: Wed Jun 15 2016 - 18:31:04 EST

Next message: Logan Gunthorpe: "Re: [PATCH v3 09/10] ntb_test: Add a selftest script for the NTB subsystem"
Previous message: Janusz Krzysztofik: "[PATCH 0/3] media: fixes for Amstrad Delta camera"
In reply to: Janusz Krzysztofik: "[PATCH 0/3] media: fixes for Amstrad Delta camera"
Next in thread: Janusz Krzysztofik: "[PATCH 3/3] media: i2c/soc_camera: fix ov6650 sensor getting wrong clock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit 76e543382bd4 ("staging: media: omap1: Switch to
devm_ioremap_resource") moved assignment of struct resource *res =
platform_get_resource() several lines down. That resulted in the
following error:

[ 3.793237] Unable to handle kernel NULL pointer dereference at virtual address 00000004
[ 3.802198] pgd = c0004000
[ 3.805202] [00000004] *pgd=00000000
[ 3.809373] Internal error: Oops: c5 [#1] ARM
[ 3.814070] CPU: 0 PID: 1 Comm: swapper Not tainted 4.6.0-rc1+ #70
[ 3.820570] Hardware name: Amstrad E3 (Delta)
[ 3.825232] task: c1819440 ti: c181e000 task.ti: c181e000
[ 3.830973] PC is at omap1_cam_probe+0x48/0x2d4
[ 3.835873] LR is at devres_add+0x20/0x28

Move the assignment back up where it was before - it is used to build
an argument for a subsequent devm_kzalloc(). Also, restore the check
for null value of res - it shouldn't hurt.

While being at it:
- follow the recently introduced convention of direct return
instead of jump to return with err value assigned,
- drop no longer needed res member from the definition of struct
omap1_cam_dev.

Created and tested on Amstrad Delta aginst Linux-4.7-rc3

Signed-off-by: Janusz Krzysztofik <jmkrzyszt@xxxxxxxxx>
---
drivers/staging/media/omap1/omap1_camera.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/drivers/staging/media/omap1/omap1_camera.c b/drivers/staging/media/omap1/omap1_camera.c
index 54b8dd2..dc35d30 100644
--- a/drivers/staging/media/omap1/omap1_camera.c
+++ b/drivers/staging/media/omap1/omap1_camera.c
@@ -158,7 +158,6 @@ struct omap1_cam_dev {
int dma_ch;

struct omap1_cam_platform_data *pdata;
- struct resource *res;
unsigned long pflags;
unsigned long camexclk;

@@ -1569,11 +1568,10 @@ static int omap1_cam_probe(struct platform_device *pdev)
unsigned int irq;
int err = 0;

+ res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
irq = platform_get_irq(pdev, 0);
- if ((int)irq <= 0) {
- err = -ENODEV;
- goto exit;
- }
+ if (!res || (int)irq <= 0)
+ return -ENODEV;

clk = devm_clk_get(&pdev->dev, "armper_ck");
if (IS_ERR(clk))
@@ -1614,7 +1612,6 @@ static int omap1_cam_probe(struct platform_device *pdev)
INIT_LIST_HEAD(&pcdev->capture);
spin_lock_init(&pcdev->lock);

- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
base = devm_ioremap_resource(&pdev->dev, res);
if (IS_ERR(base))
return PTR_ERR(base);
@@ -1663,7 +1660,6 @@ static int omap1_cam_probe(struct platform_device *pdev)

exit_free_dma:
omap_free_dma(pcdev->dma_ch);
-exit:
return err;
}

--
2.7.3

Next message: Logan Gunthorpe: "Re: [PATCH v3 09/10] ntb_test: Add a selftest script for the NTB subsystem"
Previous message: Janusz Krzysztofik: "[PATCH 0/3] media: fixes for Amstrad Delta camera"
In reply to: Janusz Krzysztofik: "[PATCH 0/3] media: fixes for Amstrad Delta camera"
Next in thread: Janusz Krzysztofik: "[PATCH 3/3] media: i2c/soc_camera: fix ov6650 sensor getting wrong clock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]