All of lore.kernel.org
 help / color / mirror / Atom feed
* Revert e0922e5e3ccb78aa0152e93dfbd1755ac39c8582
@ 2015-02-12 20:23 Andrey Smirnov
  2015-02-14 11:34 ` Jonathan Cameron
  0 siblings, 1 reply; 2+ messages in thread
From: Andrey Smirnov @ 2015-02-12 20:23 UTC (permalink / raw)
  To: Jonathan Cameron; +Cc: Hartmut Knaack, linux-iio, linux-kernel, Kaptain Kernel

Hi Jonathan,

Please revert patch e0922e5e3ccb78aa0152e93dfbd1755ac39c8582:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/iio/humidity/si7020.c?id=e0922e5e3ccb78aa0152e93dfbd1755ac39c8582

It incorrectly assumes that the level of indirection is not needed
which is not true(probably because the driver incorrectly allocates
sizeof(*client) instead of sizeof(*data) via devm_iio_device_alloc).
If you look at the code of the probe function(see below) it is easy to
see that what is being stored in the private memory of the IIO device
instance is not a copy of a 'struct i2c_client' but a pointer to an
instance passed as an argument to the probe function.

struct i2c_client **data;
int ret;

< Some code skipped >

indio_dev = devm_iio_device_alloc(&client->dev, sizeof(*client));
if (!indio_dev)
return -ENOMEM;

data = iio_priv(indio_dev);
*data = client;

Without reverting this change any read of a raw value of this sensor
leads to a kernel oops due to a NULL pointer de-reference on my
hardware setup.

I will be sending a patch to fix the 'sizeof' mixup shortly.

Thank you,
Andrey Smirnov

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Revert e0922e5e3ccb78aa0152e93dfbd1755ac39c8582
  2015-02-12 20:23 Revert e0922e5e3ccb78aa0152e93dfbd1755ac39c8582 Andrey Smirnov
@ 2015-02-14 11:34 ` Jonathan Cameron
  0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Cameron @ 2015-02-14 11:34 UTC (permalink / raw)
  To: Andrey Smirnov; +Cc: Hartmut Knaack, linux-iio, linux-kernel

On 12/02/15 20:23, Andrey Smirnov wrote:
> Hi Jonathan,
> 
> Please revert patch e0922e5e3ccb78aa0152e93dfbd1755ac39c8582:
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/iio/humidity/si7020.c?id=e0922e5e3ccb78aa0152e93dfbd1755ac39c8582
> 
> It incorrectly assumes that the level of indirection is not needed
> which is not true(probably because the driver incorrectly allocates
> sizeof(*client) instead of sizeof(*data) via devm_iio_device_alloc).
> If you look at the code of the probe function(see below) it is easy to
> see that what is being stored in the private memory of the IIO device
> instance is not a copy of a 'struct i2c_client' but a pointer to an
> instance passed as an argument to the probe function.
> 
> struct i2c_client **data;
> int ret;
> 
> < Some code skipped >
> 
> indio_dev = devm_iio_device_alloc(&client->dev, sizeof(*client));
> if (!indio_dev)
> return -ENOMEM;
> 
> data = iio_priv(indio_dev);
> *data = client;
> 
> Without reverting this change any read of a raw value of this sensor
> leads to a kernel oops due to a NULL pointer de-reference on my
> hardware setup.
> 
> I will be sending a patch to fix the 'sizeof' mixup shortly.
> 
> Thank you,
> Andrey Smirnov
> 
Reverted in the fixes-togreg branch and cc'd to stable.

I'll pick up the fix as well in a minute.



^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-02-14 11:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-12 20:23 Revert e0922e5e3ccb78aa0152e93dfbd1755ac39c8582 Andrey Smirnov
2015-02-14 11:34 ` Jonathan Cameron

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.