From 0d06086399c2db473a12f9dc5a2b6a5a08a82251 Mon Sep 17 00:00:00 2001 From: mb Date: Sun, 6 Mar 2011 22:58:49 +0000 Subject: tahvo-usb: Fix NULL ptr deref in OTR irq handler git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25913 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../patches-2.6.38/590-cbus-tahvo-usb-fixes.patch | 48 +++++++++++++++++++--- 1 file changed, 43 insertions(+), 5 deletions(-) (limited to 'target') diff --git a/target/linux/omap24xx/patches-2.6.38/590-cbus-tahvo-usb-fixes.patch b/target/linux/omap24xx/patches-2.6.38/590-cbus-tahvo-usb-fixes.patch index 963b09c22..2f0ab6fb2 100644 --- a/target/linux/omap24xx/patches-2.6.38/590-cbus-tahvo-usb-fixes.patch +++ b/target/linux/omap24xx/patches-2.6.38/590-cbus-tahvo-usb-fixes.patch @@ -1,15 +1,51 @@ Index: linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c =================================================================== --- linux-2.6.38-rc7.orig/drivers/cbus/tahvo-usb.c 2011-03-06 23:00:14.411191087 +0100 -+++ linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c 2011-03-06 23:00:16.571473834 +0100 -@@ -98,6 +98,7 @@ struct tahvo_usb { ++++ linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c 2011-03-06 23:43:26.524751556 +0100 +@@ -98,8 +98,9 @@ struct tahvo_usb { #ifdef CONFIG_USB_OTG int tahvo_mode; #endif + struct clk *ick; }; - static struct platform_device tahvo_usb_device; +-static struct platform_device tahvo_usb_device; ++static struct tahvo_usb *tahvo_usb_device; + /* + * --------------------------------------------------------------------------- +@@ -114,8 +115,7 @@ static struct platform_device *tahvo_otg + + static irqreturn_t omap_otg_irq(int irq, void *arg) + { +- struct platform_device *otg_dev = arg; +- struct tahvo_usb *tu = platform_get_drvdata(otg_dev); ++ struct tahvo_usb *tu = arg; + u16 otg_irq; + + otg_irq = omap_readw(OTG_IRQ_SRC); +@@ -201,12 +201,12 @@ static int __init omap_otg_probe(struct + + return request_irq(tahvo_otg_dev->resource[1].start, + omap_otg_irq, IRQF_DISABLED, DRIVER_NAME, +- &tahvo_usb_device); ++ tahvo_usb_device); + } + + static int __exit omap_otg_remove(struct platform_device *pdev) + { +- free_irq(tahvo_otg_dev->resource[1].start, &tahvo_usb_device); ++ free_irq(tahvo_otg_dev->resource[1].start, tahvo_usb_device); + tahvo_otg_dev = NULL; + + return 0; +@@ -659,6 +659,7 @@ static int __init tahvo_usb_probe(struct + tu = kzalloc(sizeof(*tu), GFP_KERNEL); + if (!tu) + return -ENOMEM; ++ tahvo_usb_device = tu; + + tu->pt_dev = container_of(dev, struct platform_device, dev); + #ifdef CONFIG_USB_OTG @@ -673,6 +674,14 @@ static int __init tahvo_usb_probe(struct INIT_WORK(&tu->irq_work, tahvo_usb_irq_work); mutex_init(&tu->serialize); @@ -49,7 +85,7 @@ Index: linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c } dev_set_drvdata(dev, tu); -@@ -719,10 +725,22 @@ static int __init tahvo_usb_probe(struct +@@ -719,10 +725,23 @@ static int __init tahvo_usb_probe(struct * may not be generated in addition to this. */ schedule_work(&tu->irq_work); return 0; @@ -61,6 +97,7 @@ Index: linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c + clk_put(tu->ick); +err_free_tu: + kfree(tu); ++ tahvo_usb_device = NULL; + + return ret; } @@ -72,7 +109,7 @@ Index: linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c dev_dbg(&pdev->dev, "remove\n"); tahvo_free_irq(TAHVO_INT_VBUSON); -@@ -732,6 +750,11 @@ static int __exit tahvo_usb_remove(struc +@@ -732,6 +751,12 @@ static int __exit tahvo_usb_remove(struc #ifdef CONFIG_USB_OTG device_remove_file(&pdev->dev, &dev_attr_otg_mode); #endif @@ -80,6 +117,7 @@ Index: linux-2.6.38-rc7/drivers/cbus/tahvo-usb.c + clk_put(tu->ick); + + kfree(tu); ++ tahvo_usb_device = NULL; + return 0; } -- cgit v1.2.3