Re: [PATCH v2] iio: imu: adis: Fix NULL pointer dereference in adis_init

[Andy Shevchenko]

On Fri, Feb 20, 2026 at 04:16:41PM +0200, Radu Sabau via B4 Relay wrote:

> The adis_init() function dereferences adis->ops to check if the
> individual function pointers (write, read, reset) are NULL, but does
> not first check if adis->ops itself is NULL.
> 
> Drivers like adis16480, adis16490, adis16545 and others do not set
> custom ops and rely on adis_init() assigning the defaults. Since struct
> adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL
> when adis_init() is called, causing a NULL pointer dereference:
> 
>     Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
>     pc : adis_init+0xc0/0x118
>     Call trace:
>      adis_init+0xc0/0x118
>      adis16480_probe+0xe0/0x670
> 
> Fix this by checking if adis->ops is NULL before dereferencing it,
> falling through to assign the default ops in that case.

Don't throw versions too quickly. You missed a tag from colleague of yours.

> Fixes: 3b29bcee8f6f ("iio: imu: adis: Add custom ops struct")

...

> -	if (!adis->ops->write && !adis->ops->read && !adis->ops->reset)
> +	if (!adis->ops)

I hope you have checked that this is indeed the case and we don't need this
check anymore. (I would be glad to see it being replaced as in this patch!)

Assuming this is confirmed,
Reviewed-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxx>

Collect the tags and issue a new version only on demand, and not earlier
than 24h from previous one.

>  		adis->ops = &adis_default_ops;
>  	else if (!adis->ops->write || !adis->ops->read || !adis->ops->reset)
>  		return -EINVAL;

-- 
With Best Regards,
Andy Shevchenko