Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-07-14 11:33:41 +0200
committerJiri Slaby <jslaby@suse.cz>2019-07-14 11:33:51 +0200
commitf28e049719d9c03e29e12551e9e2c2bf19c5f10a (patch)
tree85d87dc22f498999027b44859e2a63a1d0928774
parentf33221f48afe47114cb0e4e0403be2bc42c4823d (diff)
staging: comedi: amplc_pci230: fix null pointer deref on
interrupt (bnc#1012628).
-rw-r--r--patches.kernel.org/5.2.1-037-staging-comedi-amplc_pci230-fix-null-pointer-de.patch51
-rw-r--r--series.conf1
2 files changed, 52 insertions, 0 deletions
diff --git a/patches.kernel.org/5.2.1-037-staging-comedi-amplc_pci230-fix-null-pointer-de.patch b/patches.kernel.org/5.2.1-037-staging-comedi-amplc_pci230-fix-null-pointer-de.patch
new file mode 100644
index 0000000000..5683c2bae3
--- /dev/null
+++ b/patches.kernel.org/5.2.1-037-staging-comedi-amplc_pci230-fix-null-pointer-de.patch
@@ -0,0 +1,51 @@
+From: Ian Abbott <abbotti@mev.co.uk>
+Date: Wed, 26 Jun 2019 14:17:39 +0100
+Subject: [PATCH] staging: comedi: amplc_pci230: fix null pointer deref on
+ interrupt
+References: bnc#1012628
+Patch-mainline: 5.2.1
+Git-commit: 7379e6baeddf580d01feca650ec1ad508b6ea8ee
+
+commit 7379e6baeddf580d01feca650ec1ad508b6ea8ee upstream.
+
+The interrupt handler `pci230_interrupt()` causes a null pointer
+dereference for a PCI260 card. There is no analog output subdevice for
+a PCI260. The `dev->write_subdev` subdevice pointer and therefore the
+`s_ao` subdevice pointer variable will be `NULL` for a PCI260. The
+following call near the end of the interrupt handler results in the null
+pointer dereference for a PCI260:
+
+ comedi_handle_events(dev, s_ao);
+
+Fix it by only calling the above function if `s_ao` is valid.
+
+Note that the other uses of `s_ao` in the calls
+`pci230_handle_ao_nofifo(dev, s_ao);` and `pci230_handle_ao_fifo(dev,
+s_ao);` will never be reached for a PCI260, so they are safe.
+
+Fixes: 39064f23284c ("staging: comedi: amplc_pci230: use comedi_handle_events()")
+Cc: <stable@vger.kernel.org> # v3.19+
+Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/staging/comedi/drivers/amplc_pci230.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/staging/comedi/drivers/amplc_pci230.c b/drivers/staging/comedi/drivers/amplc_pci230.c
+index 65f60c2b702a..f7e673121864 100644
+--- a/drivers/staging/comedi/drivers/amplc_pci230.c
++++ b/drivers/staging/comedi/drivers/amplc_pci230.c
+@@ -2330,7 +2330,8 @@ static irqreturn_t pci230_interrupt(int irq, void *d)
+ devpriv->intr_running = false;
+ spin_unlock_irqrestore(&devpriv->isr_spinlock, irqflags);
+
+- comedi_handle_events(dev, s_ao);
++ if (s_ao)
++ comedi_handle_events(dev, s_ao);
+ comedi_handle_events(dev, s_ai);
+
+ return IRQ_HANDLED;
+--
+2.22.0
+
diff --git a/series.conf b/series.conf
index 34d54b69cc..dc13993e9f 100644
--- a/series.conf
+++ b/series.conf
@@ -63,6 +63,7 @@
patches.kernel.org/5.2.1-034-staging-comedi-dt282x-fix-a-null-pointer-deref-.patch
patches.kernel.org/5.2.1-035-staging-wilc1000-fix-error-path-cleanup-in-wilc.patch
patches.kernel.org/5.2.1-036-staging-bcm2835-camera-Restore-return-behavior-.patch
+ patches.kernel.org/5.2.1-037-staging-comedi-amplc_pci230-fix-null-pointer-de.patch
########################################################
# Build fixes that apply to the vanilla kernel too.