Skip to content

Commit

Permalink
usb: musb: musb_dsps: request_irq() after initializing musb
Browse files Browse the repository at this point in the history 
[ Upstream commit 7c75bde ]

If IRQ occurs between calling  dsps_setup_optional_vbus_irq()
and  dsps_create_musb_pdev(), then null pointer dereference occurs
since glue->musb wasn't initialized yet.

The patch puts initializing of neccesery data before registration
of the interrupt handler.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Nadezda Lutovinova <lutovinova@ispras.ru>
Link: https://lore.kernel.org/r/20210819163323.17714-1-lutovinova@ispras.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
  • Loading branch information
@gregkh
Nadezda Lutovinova authored and gregkh committed Sep 18, 2021
1 parent c0751ee commit 8de01a8
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions drivers/usb/musb/musb_dsps.c
View file
Expand Up @@ -890,23 +890,22 @@ static int dsps_probe(struct platform_device *pdev)
if (!glue->usbss_base)
return -ENXIO;

if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
ret = dsps_setup_optional_vbus_irq(pdev, glue);
if (ret)
goto err_iounmap;
}

platform_set_drvdata(pdev, glue);
pm_runtime_enable(&pdev->dev);
ret = dsps_create_musb_pdev(glue, pdev);
if (ret)
goto err;

if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
ret = dsps_setup_optional_vbus_irq(pdev, glue);
if (ret)
goto err;
}

return 0;

err:
pm_runtime_disable(&pdev->dev);
err_iounmap:
iounmap(glue->usbss_base);
return ret;
}
Expand Down

0 comments on commit 8de01a8

Please sign in to comment.