[PATCH v2 30/31] staging: comedi: ni_pcidio: request_irq() before seting up subdevices

Hartley Sweeten HartleyS at visionengravers.com
Fri Dec 6 17:00:05 UTC 2013


On Friday, December 06, 2013 3:34 AM, Ian Abbott wrote:
> On 2013-12-05 20:43, H Hartley Sweeten wrote:

[snip]
>> +	irq = mite_irq(devpriv->mite);
>> +	if (irq) {
>> +		ret = request_irq(irq, nidio_interrupt, IRQF_SHARED,
>> +				  dev->board_name, dev);
>> +		if (ret == 0)
>> +			dev->irq = irq;
>> +	}
>> +
>>   	ret = comedi_alloc_subdevices(dev, 1);
>
> Unfortunately, the interrupt handler `nidio_interrupt()` still 
> dereferences the subdevice pointer before it tests `dev->attached`:
>
>	struct comedi_subdevice *s = dev->read_subdev;
>	struct comedi_async *async = s->async;	
>	/* ... */
>	if (!dev->attached) {
>		return IRQ_NONE;
>	}
>
> so this can still fail if `dev->read_subdev` hasn't been set yet.

I just posted a v3 of this patch to fix the possible dereference of 's'.

Thanks,
Hartley



More information about the devel mailing list