From: Hans de Goede <hdegoede@redhat.com>
To: Jonathan Cameron <jic23@kernel.org>
Cc: Hans de Goede <hdegoede@redhat.com>,
Andy Shevchenko <andy@infradead.org>,
Lars-Peter Clausen <lars@metafoo.de>,
Jeremy Cline <jeremy@jcline.org>,
linux-iio@vger.kernel.org
Subject: [PATCH v2 1/9] iio: accel: bmc150: Fix dereferencing the wrong pointer in bmc150_get/set_second_device
Date: Sun, 23 May 2021 19:00:55 +0200 [thread overview]
Message-ID: <20210523170103.176958-2-hdegoede@redhat.com> (raw)
In-Reply-To: <20210523170103.176958-1-hdegoede@redhat.com>
The drvdata for iio-parent devices points to the struct iio_dev for
the iio-device. So by directly casting the return from i2c_get_clientdata()
to struct bmc150_accel_data * the code was ending up storing the second_dev
pointer in (and retrieving it from) some semi-random offset inside
struct iio_dev, rather then storing it in the second_dev member of the
bmc150_accel_data struct.
Fix the code to get the struct bmc150_accel_data * pointer to call
iio_priv() on the struct iio_dev * returned by i2c_get_clientdata(),
so that the correct pointer gets dereferenced.
This fixes the following oops on rmmod, caused by trying to
dereference the wrong return of bmc150_get_second_device():
[ 238.980737] BUG: unable to handle page fault for address: 0000000000004710
[ 238.980755] #PF: supervisor read access in kernel mode
[ 238.980760] #PF: error_code(0x0000) - not-present page
...
[ 238.980841] i2c_unregister_device.part.0+0x19/0x60
[ 238.980856] 0xffffffffc0815016
[ 238.980863] i2c_device_remove+0x25/0xb0
[ 238.980869] __device_release_driver+0x180/0x240
[ 238.980876] driver_detach+0xd4/0x120
[ 238.980882] bus_remove_driver+0x5b/0xd0
[ 238.980888] i2c_del_driver+0x44/0x70
While at it also remove the now no longer sensible checks for data
being NULL, iio_priv never returns NULL for an iio_dev with non 0
sized private-data.
Fixes: 5bfb3a4bd8f6 ("iio: accel: bmc150: Check for a second ACPI device for BOSC0200")
Cc: Jeremy Cline <jeremy@jcline.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/iio/accel/bmc150-accel-core.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c
index 04d85ce34e9f..3a3f67930165 100644
--- a/drivers/iio/accel/bmc150-accel-core.c
+++ b/drivers/iio/accel/bmc150-accel-core.c
@@ -1809,10 +1809,7 @@ EXPORT_SYMBOL_GPL(bmc150_accel_core_probe);
struct i2c_client *bmc150_get_second_device(struct i2c_client *client)
{
- struct bmc150_accel_data *data = i2c_get_clientdata(client);
-
- if (!data)
- return NULL;
+ struct bmc150_accel_data *data = iio_priv(i2c_get_clientdata(client));
return data->second_device;
}
@@ -1820,10 +1817,9 @@ EXPORT_SYMBOL_GPL(bmc150_get_second_device);
void bmc150_set_second_device(struct i2c_client *client)
{
- struct bmc150_accel_data *data = i2c_get_clientdata(client);
+ struct bmc150_accel_data *data = iio_priv(i2c_get_clientdata(client));
- if (data)
- data->second_device = client;
+ data->second_device = client;
}
EXPORT_SYMBOL_GPL(bmc150_set_second_device);
--
2.31.1
next prev parent reply other threads:[~2021-05-23 17:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-23 17:00 [PATCH v2 0/9] iio: accel: bmc150: Add support for yoga's with dual accelerometers with an ACPI HID of DUAL250E Hans de Goede
2021-05-23 17:00 ` Hans de Goede [this message]
2021-05-23 17:00 ` [PATCH v2 2/9] iio: accel: bmc150: Don't make the remove function of the second accelerometer unregister itself Hans de Goede
2021-05-26 16:55 ` Jonathan Cameron
2021-06-09 19:49 ` Jonathan Cameron
2021-06-09 20:41 ` Hans de Goede
2021-05-23 17:00 ` [PATCH v2 3/9] iio: accel: bmc150: Move check for second ACPI device into a separate function Hans de Goede
2021-05-23 17:00 ` [PATCH v2 4/9] iio: accel: bmc150: Add support for dual-accelerometers with a DUAL250E HID Hans de Goede
2021-05-23 17:00 ` [PATCH v2 5/9] iio: accel: bmc150: Move struct bmc150_accel_data definition to bmc150-accel.h Hans de Goede
2021-05-23 17:01 ` [PATCH v2 6/9] iio: accel: bmc150: Remove bmc150_set/get_second_device() accessor functions Hans de Goede
2021-05-23 17:01 ` [PATCH v2 7/9] iio: accel: bmc150: Add support for DUAL250E ACPI DSM for setting the hinge angle Hans de Goede
2021-05-23 17:01 ` [PATCH v2 8/9] iio: accel: bmc150: Refactor bmc150_apply_acpi_orientation() Hans de Goede
2021-05-23 17:01 ` [PATCH v2 9/9] iio: accel: bmc150: Set label based on accel-location for ACPI DUAL250E fwnodes Hans de Goede
2021-05-23 19:08 ` [PATCH v2 0/9] iio: accel: bmc150: Add support for yoga's with dual accelerometers with an ACPI HID of DUAL250E Andy Shevchenko
2021-06-09 19:54 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210523170103.176958-2-hdegoede@redhat.com \
--to=hdegoede@redhat.com \
--cc=andy@infradead.org \
--cc=jeremy@jcline.org \
--cc=jic23@kernel.org \
--cc=lars@metafoo.de \
--cc=linux-iio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.