Commit 9a4a6805 authored Aug 19, 2021 by Nadezda Lutovinova Committed by Greg Kroah-Hartman Sep 22, 2021

usb: musb: musb_dsps: request_irq() after initializing musb



[ Upstream commit 7c75bde329d7e2a93cf86a5c15c61f96f1446cdc ]

If IRQ occurs between calling  dsps_setup_optional_vbus_irq()
and  dsps_create_musb_pdev(), then null pointer dereference occurs
since glue->musb wasn't initialized yet.

The patch puts initializing of neccesery data before registration
of the interrupt handler.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Nadezda Lutovinova <lutovinova@ispras.ru>
Link: https://lore.kernel.org/r/20210819163323.17714-1-lutovinova@ispras.ru


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent d24381e5

drivers/usb/musb/musb_dsps.c

+6 −7

Original line number	Diff line number	Diff line
		@@ -890,23 +890,22 @@ static int dsps_probe(struct platform_device *pdev)
		if (!glue->usbss_base)
		return -ENXIO;

		if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
		ret = dsps_setup_optional_vbus_irq(pdev, glue);
		if (ret)
		goto err_iounmap;
		}

		platform_set_drvdata(pdev, glue);
		pm_runtime_enable(&pdev->dev);
		ret = dsps_create_musb_pdev(glue, pdev);
		if (ret)
		goto err;

		if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) {
		ret = dsps_setup_optional_vbus_irq(pdev, glue);
		if (ret)
		goto err;
		}

		return 0;

		err:
		pm_runtime_disable(&pdev->dev);
		err_iounmap:
		iounmap(glue->usbss_base);
		return ret;
		}