iio: adc: ad7091r: Pass iio_dev to event handler

commit a25a7df518fc71b1ba981d691e9322e645d2689c upstream.

Previous version of ad7091r event handler received the ADC state pointer
and retrieved the iio device from driver data field with dev_get_drvdata().
However, no driver data have ever been set, which led to null pointer
dereference when running the event handler.

Pass the iio device to the event handler and retrieve the ADC state struct
from it so we avoid the null pointer dereference and save the driver from
filling the driver data field.

Fixes: ca69300173b6 ("iio: adc: Add support for AD7091R5 ADC")
Signed-off-by: Marcelo Schmitt <marcelo.schmitt@analog.com>
Link: https://lore.kernel.org/r/5024b764107463de9578d5b3b0a3d5678e307b1a.1702746240.git.marcelo.schmitt1@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/iio/adc/ad7091r-base.c b/drivers/iio/adc/ad7091r-base.c
index 8e252cd..0e5d3d2 100644 (file)
--- a/drivers/iio/adc/ad7091r-base.c
+++ b/drivers/iio/adc/ad7091r-base.c
@@ -174,8 +174,8 @@ static const struct iio_info ad7091r_info = {
 
 static irqreturn_t ad7091r_event_handler(int irq, void *private)
 {
-       struct ad7091r_state *st = (struct ad7091r_state *) private;
-       struct iio_dev *iio_dev = dev_get_drvdata(st->dev);
+       struct iio_dev *iio_dev = private;
+       struct ad7091r_state *st = iio_priv(iio_dev);
        unsigned int i, read_val;
        int ret;
        s64 timestamp = iio_get_time_ns(iio_dev);
@@ -234,7 +234,7 @@ int ad7091r_probe(struct device *dev, const char *name,
        if (irq) {
                ret = devm_request_threaded_irq(dev, irq, NULL,
                                ad7091r_event_handler,
-                               IRQF_TRIGGER_FALLING | IRQF_ONESHOT, name, st);
+                               IRQF_TRIGGER_FALLING | IRQF_ONESHOT, name, iio_dev);
                if (ret)
                        return ret;
        }