| Message ID | 20230612080847.39170-1-markus.burri@mt.com (mailing list archive) |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [v1] iio: adc: ad7192: store indio_dev into spi driver data | expand |
Mon, Jun 12, 2023 at 10:08:47AM +0200, Markus Burri kirjoitti: > After calibration the indio_dev is used to get channel information. > Since the pointer is not stored into spi driver data, there is a kernel > null pointer dereference. > Store the indio_dev into spi driver data to fix this. This definitely deserves the Fixes tag. Can you dig the history to find the culprit one? > Add error check and slightly extend the debug messages. I'm not sure this will belong to the same change, so I would split this out to a separate one.
On Mon, 12 Jun 2023 13:15:44 +0300 <andy.shevchenko@gmail.com> wrote: > Mon, Jun 12, 2023 at 10:08:47AM +0200, Markus Burri kirjoitti: > > After calibration the indio_dev is used to get channel information. > > Since the pointer is not stored into spi driver data, there is a kernel > > null pointer dereference. > > Store the indio_dev into spi driver data to fix this. > > This definitely deserves the Fixes tag. Can you dig the history to find the > culprit one? Good catch, but see https://lore.kernel.org/all/20230530075311.400686-2-fl.scratchpad@gmail.com/ Which I think is a nicer fix for the same issue. I sent a pull request for that fix yesterday, but given we are late in the cycle it might go in during the merge window then get backported to stable kernels after that. > > > Add error check and slightly extend the debug messages. > > I'm not sure this will belong to the same change, so I would split this out to > a separate one. Definitely. Multiple issues so multiple patches. Thanks, Jonathan >
diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c index d71977be7..7c2ead72b 100644 --- a/drivers/iio/adc/ad7192.c +++ b/drivers/iio/adc/ad7192.c @@ -403,8 +403,8 @@ static int ad7192_setup(struct ad7192_state *st, struct device_node *np) id &= AD7192_ID_MASK; if (id != st->chip_info->chip_id) - dev_warn(&st->sd.spi->dev, "device ID query failed (0x%X)\n", - id); + dev_warn(&st->sd.spi->dev, "device ID query failed (0x%X != 0x%X)\n", + id, st->chip_info->chip_id); st->mode = AD7192_MODE_SEL(AD7192_MODE_IDLE) | AD7192_MODE_CLKSRC(st->clock_sel) | @@ -998,6 +998,7 @@ static int ad7192_probe(struct spi_device *spi) return -ENOMEM; st = iio_priv(indio_dev); + spi_set_drvdata(spi, indio_dev); mutex_init(&st->lock); @@ -1049,7 +1050,9 @@ static int ad7192_probe(struct spi_device *spi) else indio_dev->info = &ad7192_info; - ad_sd_init(&st->sd, indio_dev, spi, &ad7192_sigma_delta_info); + ret = ad_sd_init(&st->sd, indio_dev, spi, &ad7192_sigma_delta_info); + if (ret) + return ret; ret = devm_ad_sd_setup_buffer_and_trigger(&spi->dev, indio_dev); if (ret) @@ -1077,7 +1080,7 @@ static int ad7192_probe(struct spi_device *spi) st->fclk = clk_get_rate(st->mclk); if (!ad7192_valid_external_frequency(st->fclk)) { dev_err(&spi->dev, - "External clock frequency out of bounds\n"); + "External clock frequency out of bounds (clk:%d)\n", st->fclk); return -EINVAL; } }
After calibration the indio_dev is used to get channel information. Since the pointer is not stored into spi driver data, there is a kernel null pointer dereference. Store the indio_dev into spi driver data to fix this. Add error check and slightly extend the debug messages. Signed-off-by: Markus Burri <markus.burri@mt.com> --- drivers/iio/adc/ad7192.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)