Message ID | 20200407063310.85466-1-alexandru.ardelean@analog.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v2] iio: adc: ad7192: fix null pointer de-reference crash during probe | expand |
On Tue, 7 Apr 2020 09:33:10 +0300 Alexandru Ardelean <alexandru.ardelean@analog.com> wrote: > When the 'spi_device_id' table was removed, it omitted to cleanup/fix the > assignment: > 'indio_dev->name = spi_get_device_id(spi)->name;' > > After that patch 'spi_get_device_id(spi)' returns NULL, so this crashes > during probe with null de-ref. > > This change assigns the 'compatible' string from the DT table, as the new > 'indio_dev->name'. As such, the new device/part name now looks like > 'adi,ad719x', and now has the vendor prefix. > > Note that this change is not doing any NULL check to the return value of > 'of_match_device()'. This shouldn't happen, and if it does it's likely a > framework error on the probe side. > > Fixes: 66614ab2be38 ("staging: iio: adc: ad7192: removed spi_device_id") > Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Hmm. Returning the compatible isn't compatible with the ABI. I think we will have to introduce a bit of indirection here to allow for a 'chip info' type structure with the name and the magic ID value that is currently in the data field of the of_device_id table. That way we can have the name explicit. Note I don't want to mess around with stripping the prefix off the compatible as that sort of thing is hard to read. Jonathan > --- > > Changelog v1 -> v2: > * fix colon for Fixes tag > * updated commit title a bit; to make it longer > > drivers/iio/adc/ad7192.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c > index 8ec28aa8fa8a..0039a45e1f33 100644 > --- a/drivers/iio/adc/ad7192.c > +++ b/drivers/iio/adc/ad7192.c > @@ -888,6 +888,7 @@ MODULE_DEVICE_TABLE(of, ad7192_of_match); > > static int ad7192_probe(struct spi_device *spi) > { > + const struct of_device_id *of_id; > struct ad7192_state *st; > struct iio_dev *indio_dev; > int ret, voltage_uv = 0; > @@ -937,10 +938,12 @@ static int ad7192_probe(struct spi_device *spi) > goto error_disable_avdd; > } > > + of_id = of_match_device(ad7192_of_match, &spi->dev); > + > spi_set_drvdata(spi, indio_dev); > - st->devid = (unsigned long)of_device_get_match_data(&spi->dev); > + st->devid = (unsigned long)of_id->data; > indio_dev->dev.parent = &spi->dev; > - indio_dev->name = spi_get_device_id(spi)->name; > + indio_dev->name = of_id->compatible; > indio_dev->modes = INDIO_DIRECT_MODE; > > ret = ad7192_channels_config(indio_dev);
On Sun, 2020-04-12 at 12:38 +0100, Jonathan Cameron wrote: > [External] > > On Tue, 7 Apr 2020 09:33:10 +0300 > Alexandru Ardelean <alexandru.ardelean@analog.com> wrote: > > > When the 'spi_device_id' table was removed, it omitted to cleanup/fix the > > assignment: > > 'indio_dev->name = spi_get_device_id(spi)->name;' > > > > After that patch 'spi_get_device_id(spi)' returns NULL, so this crashes > > during probe with null de-ref. > > > > This change assigns the 'compatible' string from the DT table, as the new > > 'indio_dev->name'. As such, the new device/part name now looks like > > 'adi,ad719x', and now has the vendor prefix. > > > > Note that this change is not doing any NULL check to the return value of > > 'of_match_device()'. This shouldn't happen, and if it does it's likely a > > framework error on the probe side. > > > > Fixes: 66614ab2be38 ("staging: iio: adc: ad7192: removed spi_device_id") > > Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> > > Hmm. Returning the compatible isn't compatible with the ABI. i was a bit vague on whether part-name can contain vendor prefix [in terms of ABI]; chances are really low that a part-name from vendor A could collide with part- name from a vendor B > > I think we will have to introduce a bit of indirection here to > allow for a 'chip info' type structure with the name and the magic ID value > that is currently in the data field of the of_device_id table. i'll do that for V2 > > That way we can have the name explicit. Note I don't want to > mess around with stripping the prefix off the compatible as that sort of > thing is hard to read. > > Jonathan > > > --- > > > > Changelog v1 -> v2: > > * fix colon for Fixes tag > > * updated commit title a bit; to make it longer > > > > drivers/iio/adc/ad7192.c | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c > > index 8ec28aa8fa8a..0039a45e1f33 100644 > > --- a/drivers/iio/adc/ad7192.c > > +++ b/drivers/iio/adc/ad7192.c > > @@ -888,6 +888,7 @@ MODULE_DEVICE_TABLE(of, ad7192_of_match); > > > > static int ad7192_probe(struct spi_device *spi) > > { > > + const struct of_device_id *of_id; > > struct ad7192_state *st; > > struct iio_dev *indio_dev; > > int ret, voltage_uv = 0; > > @@ -937,10 +938,12 @@ static int ad7192_probe(struct spi_device *spi) > > goto error_disable_avdd; > > } > > > > + of_id = of_match_device(ad7192_of_match, &spi->dev); > > + > > spi_set_drvdata(spi, indio_dev); > > - st->devid = (unsigned long)of_device_get_match_data(&spi->dev); > > + st->devid = (unsigned long)of_id->data; > > indio_dev->dev.parent = &spi->dev; > > - indio_dev->name = spi_get_device_id(spi)->name; > > + indio_dev->name = of_id->compatible; > > indio_dev->modes = INDIO_DIRECT_MODE; > > > > ret = ad7192_channels_config(indio_dev);
diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c index 8ec28aa8fa8a..0039a45e1f33 100644 --- a/drivers/iio/adc/ad7192.c +++ b/drivers/iio/adc/ad7192.c @@ -888,6 +888,7 @@ MODULE_DEVICE_TABLE(of, ad7192_of_match); static int ad7192_probe(struct spi_device *spi) { + const struct of_device_id *of_id; struct ad7192_state *st; struct iio_dev *indio_dev; int ret, voltage_uv = 0; @@ -937,10 +938,12 @@ static int ad7192_probe(struct spi_device *spi) goto error_disable_avdd; } + of_id = of_match_device(ad7192_of_match, &spi->dev); + spi_set_drvdata(spi, indio_dev); - st->devid = (unsigned long)of_device_get_match_data(&spi->dev); + st->devid = (unsigned long)of_id->data; indio_dev->dev.parent = &spi->dev; - indio_dev->name = spi_get_device_id(spi)->name; + indio_dev->name = of_id->compatible; indio_dev->modes = INDIO_DIRECT_MODE; ret = ad7192_channels_config(indio_dev);
When the 'spi_device_id' table was removed, it omitted to cleanup/fix the assignment: 'indio_dev->name = spi_get_device_id(spi)->name;' After that patch 'spi_get_device_id(spi)' returns NULL, so this crashes during probe with null de-ref. This change assigns the 'compatible' string from the DT table, as the new 'indio_dev->name'. As such, the new device/part name now looks like 'adi,ad719x', and now has the vendor prefix. Note that this change is not doing any NULL check to the return value of 'of_match_device()'. This shouldn't happen, and if it does it's likely a framework error on the probe side. Fixes: 66614ab2be38 ("staging: iio: adc: ad7192: removed spi_device_id") Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> --- Changelog v1 -> v2: * fix colon for Fixes tag * updated commit title a bit; to make it longer drivers/iio/adc/ad7192.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)