[PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

[PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

[Krzysztof Wilczynski]

This is to address a possible NULL pointer dereference on a platform that might
use this driver but its underlying IRQ chip does not provide an irq_eoi callback.

A commit 0766d20 added an conditional to the code, but then it was later
super-seeded by commit 20e2aa9 which introduced number of helper functions
for accessing various members of the irq_desc struct, but removed said
conditional from the code.

This change will re-introduce conditional guarding against possible NULL
pointer dereference caused by missing EIO handler.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
---
 drivers/gpio/gpio-langwell.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/gpio/gpio-langwell.c b/drivers/gpio/gpio-langwell.c
index 00692e8..5749738 100644
--- a/drivers/gpio/gpio-langwell.c
+++ b/drivers/gpio/gpio-langwell.c
@@ -260,7 +260,8 @@ static void lnw_irq_handler(unsigned irq, struct irq_desc *desc)
 		}
 	}
 
-	chip->irq_eoi(data);
+	if (data)
+		chip->irq_eoi(data);
 }
 
 #ifdef CONFIG_PM
-- 
1.7.2.5

Re: [PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

[Thomas Gleixner]

On Sun, 6 May 2012, Krzysztof Wilczynski wrote:

> This is to address a possible NULL pointer dereference on a platform that might
> use this driver but its underlying IRQ chip does not provide an irq_eoi callback.
> 
> A commit 0766d20 added an conditional to the code, but then it was later
> super-seeded by commit 20e2aa9 which introduced number of helper functions
> for accessing various members of the irq_desc struct, but removed said
> conditional from the code.
> 
> This change will re-introduce conditional guarding against possible NULL
> pointer dereference caused by missing EIO handler.
> 
> Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
> ---
>  drivers/gpio/gpio-langwell.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/gpio/gpio-langwell.c b/drivers/gpio/gpio-langwell.c
> index 00692e8..5749738 100644
> --- a/drivers/gpio/gpio-langwell.c
> +++ b/drivers/gpio/gpio-langwell.c
> @@ -260,7 +260,8 @@ static void lnw_irq_handler(unsigned irq, struct irq_desc *desc)
>  		}
>  	}
>  
> -	chip->irq_eoi(data);
> +	if (data)
> +		chip->irq_eoi(data);

And how does data, which is always set as long as the interrupt exist
prove that the chip has an eoi function?

Thanks,

	tglx

Re: [PATCH] gpio: langwell: Prevent possible NULL pointer dereference in the demux handler.

[Krzysztof Wilczynski]

Hi,

[...]
>> -     chip->irq_eoi(data);
>> +     if (data)
>> +             chip->irq_eoi(data);
>
> And how does data, which is always set as long as the interrupt exist
> prove that the chip has an eoi function?

It won't, a very good point. And as you told me (IRC) this has to be
solved on a more generic level (core handlers), and possibly
abstracted from the drivers. I will do and read through the code of
core handlers to learn more. Thanks for pointing it out and help so
far :)

KW