[PATCH 04/11] comedi: ni_at_a2150: Fix sanity check in interrupt handler
From: Ian Abbott
Date: Thu Jun 18 2026 - 06:37:38 EST
The driver requests an interrupt handler for the device before it is
fully set up.
For safety, the interrupt handler checks the dev->attached flag to
ensure the device is fully set up, but it currently does that after
dereferencing various pointers which may be NULL if dev->attached is
false. Move the check to avoid the possible null pointer dereferences.
Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx>
---
drivers/comedi/drivers/ni_at_a2150.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/comedi/drivers/ni_at_a2150.c b/drivers/comedi/drivers/ni_at_a2150.c
index 44221c928e327..86629b495fedc 100644
--- a/drivers/comedi/drivers/ni_at_a2150.c
+++ b/drivers/comedi/drivers/ni_at_a2150.c
@@ -132,11 +132,11 @@ static irqreturn_t a2150_interrupt(int irq, void *d)
struct comedi_device *dev = d;
struct a2150_private *devpriv = dev->private;
struct comedi_isadma *dma = devpriv->dma;
- struct comedi_isadma_desc *desc = &dma->desc[0];
+ struct comedi_isadma_desc *desc;
struct comedi_subdevice *s = dev->read_subdev;
- struct comedi_async *async = s->async;
- struct comedi_cmd *cmd = &async->cmd;
- unsigned short *buf = desc->virt_addr;
+ struct comedi_async *async;
+ struct comedi_cmd *cmd;
+ unsigned short *buf;
unsigned int max_points, num_points, residue, leftover;
unsigned short dpnt;
int status;
@@ -145,6 +145,11 @@ static irqreturn_t a2150_interrupt(int irq, void *d)
if (!dev->attached)
return IRQ_HANDLED;
+ desc = &dma->desc[0];
+ async = s->async;
+ cmd = &async->cmd;
+ buf = desc->virt_addr;
+
status = inw(dev->iobase + STATUS_REG);
if ((status & INTR_BIT) == 0)
return IRQ_NONE;
--
2.53.0