From: Lorenzo Bianconi <lorenzo@kernel.org>
Date: Sun, 6 Oct 2019 13:21:56 +0000 (+0200)
Subject: iio: imu: st_lsm6dsx: add sanity check for read_fifo pointer
X-Git-Tag: v5.15~5053^2~130^2~53
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a912ee4c91542e3746742611a656de1129f919b6;p=platform%2Fkernel%2Flinux-starfive.git

iio: imu: st_lsm6dsx: add sanity check for read_fifo pointer

Check read_fifo pointer before using it since we can't assume it
is always set adding new sensors. This patch fixes the following crash:

irq 277: nobody cared (try booting with the "irqpoll" option)
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc5-00322-g792b824-dirty #7
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[<c0112750>] (unwind_backtrace) from [<c010d018>] (show_stack+0x10/0x14)
[<c010d018>] (show_stack) from [<c0c2bfc8>] (dump_stack+0xd8/0x10c)
[<c0c2bfc8>] (dump_stack) from [<c01923fc>] (__report_bad_irq+0x24/0xc0)
[<c01923fc>] (__report_bad_irq) from [<c0192820>] (note_interrupt+0x27c/0x2dc)
[<c0192820>] (note_interrupt) from [<c018f174>] (handle_irq_event_percpu+0x54/0x7c)
[<c018f174>] (handle_irq_event_percpu) from [<c018f1d4>] (handle_irq_event+0x38/0x5c)
[<c018f1d4>] (handle_irq_event) from [<c0193664>] (handle_level_irq+0xc8/0x154)
[<c0193664>] (handle_level_irq) from [<c018df58>] (generic_handle_irq+0x20/0x34)
[<c018df58>] (generic_handle_irq) from [<c053c348>] (mxc_gpio_irq_handler+0xc4/0xf8)
[<c053c348>] (mxc_gpio_irq_handler) from [<c053c3e0>] (mx3_gpio_irq_handler+0x64/0xb8)
[<c053c3e0>] (mx3_gpio_irq_handler) from [<c018df58>] (generic_handle_irq+0x20/0x34)
[<c018df58>] (generic_handle_irq) from [<c018e550>] (__handle_domain_irq+0x64/0xe0)
[<c018e550>] (__handle_domain_irq) from [<c0529610>] (gic_handle_irq+0x4c/0xa0)
[<c0529610>] (gic_handle_irq) from [<c0101a70>] (__irq_svc+0x70/0x98)
Exception stack(0xc1301f10 to 0xc1301f58
1f00: 00000001 00000006 00000000 c130c340
1f20: c1300000 c1308928 00000001 c1308960 00000000 c12b9db0 c1308908 00000000
1f40: 00000000 c1301f60 c0182010 c0109508 20000013 ffffffff
[<c0101a70>] (__irq_svc) from [<c0109508>] (arch_cpu_idle+0x20/0x3c)
[<c0109508>] (arch_cpu_idle) from [<c015ed70>] (do_idle+0x1bc/0x2bc)
[<c015ed70>] (do_idle) from [<c015f204>] (cpu_startup_entry+0x18/0x1c)
[<c015f204>] (cpu_startup_entry) from [<c1200e68>] (start_kernel+0x440/0x504)
[<c1200e68>] (start_kernel) from [<00000000>] (0x0)
handlers:
[<62052c0d>] st_lsm6dsx_handler_irq threaded
[<f2004b92>] st_lsm6dsx_handler_thread

Fixes: 52f4b1f19679 ("iio: imu: st_lsm6dsx: add support for accel/gyro unit of lsm9ds1")
Tested-by: Bobby Jones <rjones@gateworks.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
---

diff --git a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c
index ef57965..cabd4bf 100644
--- a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c
+++ b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c
@@ -586,6 +586,9 @@ int st_lsm6dsx_flush_fifo(struct st_lsm6dsx_hw *hw)
 {
 	int err;
 
+	if (!hw->settings->fifo_ops.read_fifo)
+		return -ENOTSUPP;
+
 	mutex_lock(&hw->fifo_lock);
 
 	hw->settings->fifo_ops.read_fifo(hw);
diff --git a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c
index 5dfb92d..5928d29 100644
--- a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c
+++ b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c
@@ -1825,6 +1825,9 @@ static irqreturn_t st_lsm6dsx_handler_thread(int irq, void *private)
 
 	event = st_lsm6dsx_report_motion_event(hw);
 
+	if (!hw->settings->fifo_ops.read_fifo)
+		return event ? IRQ_HANDLED : IRQ_NONE;
+
 	mutex_lock(&hw->fifo_lock);
 	count = hw->settings->fifo_ops.read_fifo(hw);
 	mutex_unlock(&hw->fifo_lock);