[PATCH 03/11] comedi: dt2811: Fix sanity check in interrupt handler

Next message: Icenowy Zheng: "Re: [PATCH v4 4/6] drm/verisilicon: add DC8000 (DCUltraLite) display controller support"
Previous message: Ian Abbott: "[PATCH 05/11] comedi: ni_atmio16d: Add sanity check to interrupt handler"
In reply to: Ian Abbott: "[PATCH 05/11] comedi: ni_atmio16d: Add sanity check to interrupt handler"
Next in thread: Ian Abbott: "[PATCH 01/11] comedi: aio_iiro_16: Add sanity check to interrupt handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ian Abbott

Date: Thu Jun 18 2026 - 06:36:59 EST

The driver requests an interrupt handler for the device, after setting
device registers to disable interrupt generation. The interrupt handler
should not be called prematurely unless the user-configured I/O port
base address and/or IRQ number are incorrect or the hardware is bad.

For safety, the interrupt handler checks the dev->attached flag to
ensure the device is fully set up, but it currently does that after
dereferencing dev->read_subdev, which may be NULL if dev->attached is
false. Move the check to avoid the possible null pointer dereference.

Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx>
---
drivers/comedi/drivers/dt2811.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/comedi/drivers/dt2811.c b/drivers/comedi/drivers/dt2811.c
index bcc4b5ef48e8d..0438b8c90e441 100644
--- a/drivers/comedi/drivers/dt2811.c
+++ b/drivers/comedi/drivers/dt2811.c
@@ -193,13 +193,16 @@ static irqreturn_t dt2811_interrupt(int irq, void *d)
{
struct comedi_device *dev = d;
struct comedi_subdevice *s = dev->read_subdev;
- struct comedi_async *async = s->async;
- struct comedi_cmd *cmd = &async->cmd;
+ struct comedi_async *async;
+ struct comedi_cmd *cmd;
unsigned int status;

if (!dev->attached)
return IRQ_NONE;

+ async = s->async;
+ cmd = &async->cmd;
+
status = inb(dev->iobase + DT2811_ADCSR_REG);

if (status & DT2811_ADCSR_ADERROR) {
--
2.53.0