Re: [PATCH 1/2] mfd: tps65910: Fix crash in i2c_driver .probe

[Stephen Warren]

On 06/17/2013 11:47 AM, Tuomas Tynkkynen wrote:
> Commit "i2c: core: make it possible to match a pure device tree driver"
> changed semantics of the i2c probing for device tree devices.
> Device tree probed devices now get a NULL i2c_device_id pointer.
> This caused kernel panics due to NULL dereference.

> diff --git a/drivers/mfd/tps65910.c b/drivers/mfd/tps65910.c

>  	pmic_plat_data = dev_get_platdata(&i2c->dev);
>  
> -	if (!pmic_plat_data && i2c->dev.of_node) {
> +	if (id) {
> +		chip_id = id->driver_data;
> +	} else if (i2c->dev.of_node) {
>  		pmic_plat_data = tps65910_parse_dt(i2c, &chip_id);

That over-writes pmic_plat_data even if it was already set above. This
should really only happen if the earlier assignment didn't find any
pdata, i.e. if (!pmic_plat_data) here.

Looking at patch 2/2, the structure in that driver is correct, and
perhaps could be implemented the same or similarly here?

>  		of_pmic_plat_data = pmic_plat_data;

Or just swap those assignments:

of_pmic_plat_data = tps65910_parse_dt(...);
if (!pmic_plat_data)
    pmic_plat_data = of_pmic_plat_data;

(although there's perhaps little point parsing the pdata from DT if it's
already provided through the device object)

>  	}
>  
> -	if (!pmic_plat_data)
> +	if (!pmic_plat_data || chip_id < 0)
>  		return -EINVAL;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/