s3c-hsudc: Fix possible nullpointer dereference during probe
From: Heiko Stuebner <heiko@...> Date: Sun, 21 Aug 2011 12:27:16 +0200
Commit-Message
The usb-interrupt is requested before the endpoints are initalised. If an interrupt happens in the time between request_irq and the init of the endpoint-data (as seen on the Qisda ESx00 ebook-platforms), it is therefore possible for the interrupt handler to access endpoint- data before its creation resulting in a null-pointer dereference. This patch simply moves the irq request below the endpoint init. Signed-off-by: Heiko Stuebner <heiko@...>
Patch-Comment
drivers/usb/gadget/s3c-hsudc.c | 26 +++++++++++++------------- 1 files changed, 13 insertions(+), 13 deletions(-)
Statistics
- 13 lines added
- 13 lines removed
Changes
------------------------ drivers/usb/gadget/s3c-hsudc.c ------------------------
index 3fa717c..00056c2 100644
@@ -1269,19 +1269,6 @@ static int s3c_hsudc_probe(struct platform_device *pdev)
goto err_remap;
}
spin_lock_init(&hsudc->lock);
device_initialize(&hsudc->gadget.dev);
@@ -1299,6 +1286,19 @@ static int s3c_hsudc_probe(struct platform_device *pdev)
s3c_hsudc_setup_ep(hsudc);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0) {
+ dev_err(dev, "unable to obtain IRQ number\n");
+ goto err_irq;
+ }
+ hsudc->irq = ret;
+
+ ret = request_irq(hsudc->irq, s3c_hsudc_irq, 0, driver_name, hsudc);
+ if (ret < 0) {
+ dev_err(dev, "irq request failed\n");
+ goto err_irq;
+ }
+
hsudc->uclk = clk_get(&pdev->dev, "usb-device");
if (IS_ERR(hsudc->uclk)) {
dev_err(dev, "failed to find usb-device clock source\n");