drivers: iio: imu: Fix NULL pointer dereference in IMU drivers (1392da24) · Commits · e / devices / android_kernel_xiaomi_nabu

drivers/iio/imu/inv_mpu/iam20680/inv_mpu_core_20680.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -809,8 +809,8 @@ static int inv_gyro_read_bootsampl(struct inv_mpu_state *st,
		{
		int i = 0;

		if (enable_read) {
		st->gyro_buffer_inv_samples = false;
		if (enable_read) {
		for (i = 0; i < st->gyro_bufsample_cnt; i++) {
		dev_dbg(st->dev, "gyro_cnt=%d,x=%d,y=%d,z=%d,tsec=%d,nsec=%lld\n",
		i, st->inv_gyro_samplist[i]->xyz[0],
		@@ -853,8 +853,8 @@ static int inv_acc_read_bootsampl(struct inv_mpu_state *st,
		{
		int i = 0;

		if (enable_read) {
		st->acc_buffer_inv_samples = false;
		if (enable_read) {
		for (i = 0; i < st->acc_bufsample_cnt; i++) {
		dev_dbg(st->dev, "acc_cnt=%d,x=%d,y=%d,z=%d,tsec=%d,nsec=%lld\n",
		i, st->inv_acc_samplist[i]->xyz[0],
		@@ -922,7 +922,9 @@ static ssize_t read_gyro_boot_sample_store(struct device *dev,
		"Invalid value of input, input=%ld\n", enable);
		return -EINVAL;
		}
		mutex_lock(&st->gyro_sensor_buff);
		err = inv_gyro_read_bootsampl(st, enable);
		mutex_unlock(&st->gyro_sensor_buff);
		if (err)
		return err;
		st->read_gyro_boot_sample = enable;
		@@ -958,7 +960,9 @@ static ssize_t read_acc_boot_sample_store(struct device *dev,
		"Invalid value of input, input=%ld\n", enable);
		return -EINVAL;
		}
		mutex_lock(&st->acc_sensor_buff);
		err = inv_acc_read_bootsampl(st, enable);
		mutex_unlock(&st->acc_sensor_buff);
		if (err)
		return err;
		st->read_acc_boot_sample = enable;

+3 −0

Original line number	Diff line number	Diff line
		@@ -439,6 +439,9 @@ static int inv_acc_gyro_early_buff_init(struct iio_dev *indio_dev)
		st->acc_buffer_inv_samples = true;
		st->gyro_buffer_inv_samples = true;

		mutex_init(&st->acc_sensor_buff);
		mutex_init(&st->gyro_sensor_buff);

		inv_enable_acc_gyro(st);

		return 1;

+2 −0

Original line number	Diff line number	Diff line
		@@ -873,6 +873,8 @@ struct inv_mpu_state {
		struct input_dev *accbuf_dev;
		struct input_dev *gyrobuf_dev;
		int report_evt_cnt;
		struct mutex acc_sensor_buff;
		struct mutex gyro_sensor_buff;
		#endif

		};

+4 −0

Original line number	Diff line number	Diff line
		@@ -301,6 +301,7 @@ void inv_convert_and_push_8bytes(struct inv_mpu_state *st, u16 hdr,
		static void store_acc_boot_sample(struct inv_mpu_state *st, u64 t,
		s16 x, s16 y, s16 z)
		{
		mutex_lock(&st->acc_sensor_buff);
		if (false == st->acc_buffer_inv_samples)
		return;
		st->timestamp = t;
		@@ -321,11 +322,13 @@ static void store_acc_boot_sample(struct inv_mpu_state *st, u64 t,
		st->acc_bufsample_cnt);
		st->acc_buffer_inv_samples = false;
		}
		mutex_unlock(&st->acc_sensor_buff);
		}
		static void store_gyro_boot_sample(struct inv_mpu_state *st, u64 t,
		s16 x, s16 y, s16 z)
		{

		mutex_lock(&st->gyro_sensor_buff);
		if (false == st->gyro_buffer_inv_samples)
		return;
		st->timestamp = t;
		@@ -349,6 +352,7 @@ static void store_gyro_boot_sample(struct inv_mpu_state *st, u64 t,
		st->gyro_bufsample_cnt);
		st->gyro_buffer_inv_samples = false;
		}
		mutex_unlock(&st->gyro_sensor_buff);
		}
		#else
		static void store_acc_boot_sample(struct inv_mpu_state *st, u64 t,

+1 −0