mfd: tps6105x: Fix possible NULL pointer access

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

tps6105 driver provides two cells. One is for GPIO and another one is
for selected mode depending on platform data. When tps6105x is used in
GPIO-only mode, this driver calls mfd_add_devices() with mfd_cell
.name == NULL. This value causes an oops in platform_device_register()
later.

The following patch adds a mfd_cell for each possible mode thereby
excluding .name assignment in runtime.

Signed-off-by: Denis Grigoryev <grigoryev@fastwel.ru>
Signed-off-by: Lee Jones <lee.jones@linaro.org>

authored by

Grigoryev Denis and committed by

Lee Jones 10 years ago ea50e9d3 ced7e093

+43 -29

1 changed file

expand all

drivers

mfd

tps6105x.c

+43 -29

drivers/mfd/tps6105x.c

··· 64 64 } 65 65 66 66 /* 67 - * MFD cells - we have one cell which is selected operation 68 - * mode, and we always have a GPIO cell. 67 + * MFD cells - we always have a GPIO cell and we have one cell 68 + * which is selected operation mode. 69 69 */ 70 - static struct mfd_cell tps6105x_cells[] = { 71 - { 72 - /* name will be runtime assigned */ 73 - .id = -1, 74 - }, 75 - { 76 - .name = "tps6105x-gpio", 77 - .id = -1, 78 - }, 70 + static struct mfd_cell tps6105x_gpio_cell = { 71 + .name = "tps6105x-gpio", 79 72 }; 73 + 74 + static struct mfd_cell tps6105x_leds_cell = { 75 + .name = "tps6105x-leds", 76 + }; 77 + 78 + static struct mfd_cell tps6105x_flash_cell = { 79 + .name = "tps6105x-flash", 80 + }; 81 + 82 + static struct mfd_cell tps6105x_regulator_cell = { 83 + .name = "tps6105x-regulator", 84 + }; 85 + 86 + static int tps6105x_add_device(struct tps6105x *tps6105x, 87 + struct mfd_cell *cell) 88 + { 89 + cell->platform_data = tps6105x; 90 + cell->pdata_size = sizeof(*tps6105x); 91 + 92 + return mfd_add_devices(&tps6105x->client->dev, 93 + PLATFORM_DEVID_AUTO, cell, 1, NULL, 0, NULL); 94 + } 80 95 81 96 static int tps6105x_probe(struct i2c_client *client, 82 97 const struct i2c_device_id *id) ··· 99 84 struct tps6105x *tps6105x; 100 85 struct tps6105x_platform_data *pdata; 101 86 int ret; 102 - int i; 87 + 88 + pdata = dev_get_platdata(&client->dev); 89 + if (!pdata) { 90 + dev_err(&client->dev, "missing platform data\n"); 91 + return -ENODEV; 92 + } 103 93 104 94 tps6105x = devm_kmalloc(&client->dev, sizeof(*tps6105x), GFP_KERNEL); 105 95 if (!tps6105x) ··· 116 96 117 97 i2c_set_clientdata(client, tps6105x); 118 98 tps6105x->client = client; 119 - pdata = dev_get_platdata(&client->dev); 120 99 tps6105x->pdata = pdata; 121 100 122 101 ret = tps6105x_startup(tps6105x); ··· 124 105 return ret; 125 106 } 126 107 127 - /* Remove warning texts when you implement new cell drivers */ 108 + ret = tps6105x_add_device(tps6105x, &tps6105x_gpio_cell); 109 + if (ret) 110 + return ret; 111 + 128 112 switch (pdata->mode) { 129 113 case TPS6105X_MODE_SHUTDOWN: 130 114 dev_info(&client->dev, 131 115 "present, not used for anything, only GPIO\n"); 132 116 break; 133 117 case TPS6105X_MODE_TORCH: 134 - tps6105x_cells[0].name = "tps6105x-leds"; 135 - dev_warn(&client->dev, 136 - "torch mode is unsupported\n"); 118 + ret = tps6105x_add_device(tps6105x, &tps6105x_leds_cell); 137 119 break; 138 120 case TPS6105X_MODE_TORCH_FLASH: 139 - tps6105x_cells[0].name = "tps6105x-flash"; 140 - dev_warn(&client->dev, 141 - "flash mode is unsupported\n"); 121 + ret = tps6105x_add_device(tps6105x, &tps6105x_flash_cell); 142 122 break; 143 123 case TPS6105X_MODE_VOLTAGE: 144 - tps6105x_cells[0].name ="tps6105x-regulator"; 124 + ret = tps6105x_add_device(tps6105x, &tps6105x_regulator_cell); 145 125 break; 146 126 default: 127 + dev_warn(&client->dev, "invalid mode: %d\n", pdata->mode); 147 128 break; 148 129 } 149 130 150 - /* Set up and register the platform devices. */ 151 - for (i = 0; i < ARRAY_SIZE(tps6105x_cells); i++) { 152 - /* One state holder for all drivers, this is simple */ 153 - tps6105x_cells[i].platform_data = tps6105x; 154 - tps6105x_cells[i].pdata_size = sizeof(*tps6105x); 155 - } 131 + if (ret) 132 + mfd_remove_devices(&client->dev); 156 133 157 - return mfd_add_devices(&client->dev, 0, tps6105x_cells, 158 - ARRAY_SIZE(tps6105x_cells), NULL, 0, NULL); 134 + return ret; 159 135 } 160 136 161 137 static int tps6105x_remove(struct i2c_client *client)