usb: musb: musb_dsps: request_irq() after initializing musb
If IRQ occurs between calling dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev(), then null pointer dereference occurs since glue->musb wasn't initialized yet. The patch puts initializing of neccesery data before registration of the interrupt handler. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Nadezda Lutovinova <lutovinova@ispras.ru> Link: https://lore.kernel.org/r/20210819163323.17714-1-lutovinova@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Nadezda Lutovinova
Greg Kroah-Hartman
parent
1abade6456
commit
7c75bde329
@ -890,23 +890,22 @@ static int dsps_probe(struct platform_device *pdev)
|
|||||||
if (!glue->usbss_base)
|
if (!glue->usbss_base)
|
||||||
return -ENXIO;
|
return -ENXIO;
|
||||||
|
|
||||||
if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
|
|
||||||
ret = dsps_setup_optional_vbus_irq(pdev, glue);
|
|
||||||
if (ret)
|
|
||||||
goto err_iounmap;
|
|
||||||
}
|
|
||||||
|
|
||||||
platform_set_drvdata(pdev, glue);
|
platform_set_drvdata(pdev, glue);
|
||||||
pm_runtime_enable(&pdev->dev);
|
pm_runtime_enable(&pdev->dev);
|
||||||
ret = dsps_create_musb_pdev(glue, pdev);
|
ret = dsps_create_musb_pdev(glue, pdev);
|
||||||
if (ret)
|
if (ret)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
|
||||||
|
ret = dsps_setup_optional_vbus_irq(pdev, glue);
|
||||||
|
if (ret)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
pm_runtime_disable(&pdev->dev);
|
pm_runtime_disable(&pdev->dev);
|
||||||
err_iounmap:
|
|
||||||
iounmap(glue->usbss_base);
|
iounmap(glue->usbss_base);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user