[PATCH v2] usb: musb: musb_dsps: Change function call order in dsps_probe()

From: Nadezda Lutovinova
Date: Wed Aug 11 2021 - 09:53:41 EST


If IRQ occurs between calling dsps_setup_optional_vbus_irq()
and dsps_create_musb_pdev(), then null pointer dereference occurs
since glue->musb wasn't initialized yet.

The patch puts initializing of neccesery data before registration
of the interrupt handler.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Nadezda Lutovinova <lutovinova@xxxxxxxxx>
---
v2: fix subject
---
drivers/usb/musb/musb_dsps.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
index 5892f3ce0cdc..ce9fc46c9266 100644
--- a/drivers/usb/musb/musb_dsps.c
+++ b/drivers/usb/musb/musb_dsps.c
@@ -890,23 +890,22 @@ static int dsps_probe(struct platform_device *pdev)
if (!glue->usbss_base)
return -ENXIO;

- if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
- ret = dsps_setup_optional_vbus_irq(pdev, glue);
- if (ret)
- goto err_iounmap;
- }
-
platform_set_drvdata(pdev, glue);
pm_runtime_enable(&pdev->dev);
ret = dsps_create_musb_pdev(glue, pdev);
if (ret)
goto err;

+ if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
+ ret = dsps_setup_optional_vbus_irq(pdev, glue);
+ if (ret)
+ goto err;
+ }
+
return 0;

err:
pm_runtime_disable(&pdev->dev);
-err_iounmap:
iounmap(glue->usbss_base);
return ret;
}
--
2.17.1