[3.13.y.z extended stable] Patch "mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy error" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Thu May 1 19:17:20 UTC 2014


This is a note to let you know that I have just added a patch titled

    mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy error

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11.1.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 4b082ae9f1009d5a9d3c527d0f3431ab9b131a48 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <k.kozlowski at samsung.com>
Date: Tue, 11 Feb 2014 11:03:33 +0100
Subject: mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy
 error

commit 96cf3dedc491d2f1f66cc26217f2b06b0c7b6797 upstream.

During probe the driver allocates dummy I2C devices for RTC and ADC
with i2c_new_dummy() but it does not check the return value of this
calls.

In case of error (i2c_new_device(): memory allocation failure or I2C
address cannot be used) this function returns NULL which is later used
by i2c_unregister_device().

If i2c_new_dummy() fails for RTC or ADC devices, fail also the probe
for main MFD driver.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski at samsung.com>
Signed-off-by: Lee Jones <lee.jones at linaro.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 drivers/mfd/max8925-i2c.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/mfd/max8925-i2c.c b/drivers/mfd/max8925-i2c.c
index 176aa26..a83eed5 100644
--- a/drivers/mfd/max8925-i2c.c
+++ b/drivers/mfd/max8925-i2c.c
@@ -181,9 +181,18 @@ static int max8925_probe(struct i2c_client *client,
 	mutex_init(&chip->io_lock);

 	chip->rtc = i2c_new_dummy(chip->i2c->adapter, RTC_I2C_ADDR);
+	if (!chip->rtc) {
+		dev_err(chip->dev, "Failed to allocate I2C device for RTC\n");
+		return -ENODEV;
+	}
 	i2c_set_clientdata(chip->rtc, chip);

 	chip->adc = i2c_new_dummy(chip->i2c->adapter, ADC_I2C_ADDR);
+	if (!chip->adc) {
+		dev_err(chip->dev, "Failed to allocate I2C device for ADC\n");
+		i2c_unregister_device(chip->rtc);
+		return -ENODEV;
+	}
 	i2c_set_clientdata(chip->adc, chip);

 	device_init_wakeup(&client->dev, 1);
--
1.9.1





More information about the kernel-team mailing list