diff options
| author | Hans de Goede <hdegoede@redhat.com> | 2021-05-23 19:00:55 +0200 |
|---|---|---|
| committer | Jonathan Cameron <Jonathan.Cameron@huawei.com> | 2021-06-09 20:47:24 +0100 |
| commit | f2bf22dc9ea8ead180fc0221874bd556bf1d2685 (patch) | |
| tree | 2d843c9dc5611317cb0694dc0e5242a690948a52 /drivers/iio | |
| parent | c9d52c89e7384656c8492b82782707d539fbb509 (diff) | |
| download | linux-stable-f2bf22dc9ea8ead180fc0221874bd556bf1d2685.tar.gz linux-stable-f2bf22dc9ea8ead180fc0221874bd556bf1d2685.tar.bz2 linux-stable-f2bf22dc9ea8ead180fc0221874bd556bf1d2685.zip | |
iio: accel: bmc150: Fix dereferencing the wrong pointer in bmc150_get/set_second_device
The drvdata for iio-parent devices points to the struct iio_dev for
the iio-device. So by directly casting the return from i2c_get_clientdata()
to struct bmc150_accel_data * the code was ending up storing the second_dev
pointer in (and retrieving it from) some semi-random offset inside
struct iio_dev, rather then storing it in the second_dev member of the
bmc150_accel_data struct.
Fix the code to get the struct bmc150_accel_data * pointer to call
iio_priv() on the struct iio_dev * returned by i2c_get_clientdata(),
so that the correct pointer gets dereferenced.
This fixes the following oops on rmmod, caused by trying to
dereference the wrong return of bmc150_get_second_device():
[ 238.980737] BUG: unable to handle page fault for address: 0000000000004710
[ 238.980755] #PF: supervisor read access in kernel mode
[ 238.980760] #PF: error_code(0x0000) - not-present page
...
[ 238.980841] i2c_unregister_device.part.0+0x19/0x60
[ 238.980856] 0xffffffffc0815016
[ 238.980863] i2c_device_remove+0x25/0xb0
[ 238.980869] __device_release_driver+0x180/0x240
[ 238.980876] driver_detach+0xd4/0x120
[ 238.980882] bus_remove_driver+0x5b/0xd0
[ 238.980888] i2c_del_driver+0x44/0x70
While at it also remove the now no longer sensible checks for data
being NULL, iio_priv never returns NULL for an iio_dev with non 0
sized private-data.
Fixes: 5bfb3a4bd8f6 ("iio: accel: bmc150: Check for a second ACPI device for BOSC0200")
Cc: Jeremy Cline <jeremy@jcline.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Diffstat (limited to 'drivers/iio')
| -rw-r--r-- | drivers/iio/accel/bmc150-accel-core.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c index 46ab7675186c..c526d83f14d5 100644 --- a/drivers/iio/accel/bmc150-accel-core.c +++ b/drivers/iio/accel/bmc150-accel-core.c @@ -1805,10 +1805,7 @@ EXPORT_SYMBOL_GPL(bmc150_accel_core_probe); struct i2c_client *bmc150_get_second_device(struct i2c_client *client) { - struct bmc150_accel_data *data = i2c_get_clientdata(client); - - if (!data) - return NULL; + struct bmc150_accel_data *data = iio_priv(i2c_get_clientdata(client)); return data->second_device; } @@ -1816,10 +1813,9 @@ EXPORT_SYMBOL_GPL(bmc150_get_second_device); void bmc150_set_second_device(struct i2c_client *client) { - struct bmc150_accel_data *data = i2c_get_clientdata(client); + struct bmc150_accel_data *data = iio_priv(i2c_get_clientdata(client)); - if (data) - data->second_device = client; + data->second_device = client; } EXPORT_SYMBOL_GPL(bmc150_set_second_device); |