tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

power_supply: tps65217-charger: Fix NULL deref during property export

This bug leads to:

[ 1.906411] Unable to handle kernel NULL pointer dereference at virtual address 0000000c
[ 1.914878] pgd = c0004000
[ 1.917786] [0000000c] *pgd=00000000
[ 1.921536] Internal error: Oops: 5 [#1] SMP ARM
[ 1.926357] Modules linked in:
[ 1.929556] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 4.4.5 #18
[ 1.936006] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 1.942383] Workqueue: events power_supply_changed_work
[ 1.947842] task: de2c41c0 ti: de2c8000 task.ti: de2c8000
[ 1.953483] PC is at tps65217_ac_get_property+0x14/0x28
[ 1.958937] LR is at tps65217_ac_get_property+0x10/0x28

Driver was trying to use drv_data in property get handler. However drv_data
was not set, so it caused NULL pointer dereference. This patch properly
sets drv_data during probe by power_supply_config parameter, so the
property get handler works as desired.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Fixes: 3636859b280c ("power_supply: Add support for tps65217-charger")
Signed-off-by: Sebastian Reichel <sre@kernel.org>

authored by

Marcin Niestroj and committed by
Sebastian Reichel 36276129 5bc28b93

+5 -1
+5 -1
drivers/power/tps65217_charger.c
··· 197 197 { 198 198 struct tps65217 *tps = dev_get_drvdata(pdev->dev.parent); 199 199 struct tps65217_charger *charger; 200 + struct power_supply_config cfg = {}; 200 201 int ret; 201 202 202 203 dev_dbg(&pdev->dev, "%s\n", __func__); ··· 209 208 charger->tps = tps; 210 209 charger->dev = &pdev->dev; 211 210 211 + cfg.of_node = pdev->dev.of_node; 212 + cfg.drv_data = charger; 213 + 212 214 charger->ac = devm_power_supply_register(&pdev->dev, 213 215 &tps65217_charger_desc, 214 - NULL); 216 + &cfg); 215 217 if (IS_ERR(charger->ac)) { 216 218 dev_err(&pdev->dev, "failed: power supply register\n"); 217 219 return PTR_ERR(charger->ac);