From da4fc14c9955bbcafb9cdcc34f9772f3e9481bb8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Heiko=20St=C3=BCbner?= Date: Sun, 21 Aug 2011 14:31:17 +0200 Subject: [PATCH] s3c-hsudc: Fix possible nullpointer dereference during probe The usb-interrupt is requested before the endpoints are initalised. If an interrupt happens in the time between request_irq and the init of the endpoint-data (as seen on the Qisda ESx00 ebook-platforms), it is therefore possible for the interrupt handler to access endpoint- data before its creation resulting in a null-pointer dereference. This patch simply moves the irq request below the endpoint init. Signed-off-by: Heiko Stuebner Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/s3c-hsudc.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/drivers/usb/gadget/s3c-hsudc.c b/drivers/usb/gadget/s3c-hsudc.c index 3fa717c..00056c2 100644 --- a/drivers/usb/gadget/s3c-hsudc.c +++ b/drivers/usb/gadget/s3c-hsudc.c @@ -1269,19 +1269,6 @@ static int s3c_hsudc_probe(struct platform_device *pdev) goto err_remap; } - ret = platform_get_irq(pdev, 0); - if (ret < 0) { - dev_err(dev, "unable to obtain IRQ number\n"); - goto err_irq; - } - hsudc->irq = ret; - - ret = request_irq(hsudc->irq, s3c_hsudc_irq, 0, driver_name, hsudc); - if (ret < 0) { - dev_err(dev, "irq request failed\n"); - goto err_irq; - } - spin_lock_init(&hsudc->lock); device_initialize(&hsudc->gadget.dev); @@ -1299,6 +1286,19 @@ static int s3c_hsudc_probe(struct platform_device *pdev) s3c_hsudc_setup_ep(hsudc); + ret = platform_get_irq(pdev, 0); + if (ret < 0) { + dev_err(dev, "unable to obtain IRQ number\n"); + goto err_irq; + } + hsudc->irq = ret; + + ret = request_irq(hsudc->irq, s3c_hsudc_irq, 0, driver_name, hsudc); + if (ret < 0) { + dev_err(dev, "irq request failed\n"); + goto err_irq; + } + hsudc->uclk = clk_get(&pdev->dev, "usb-device"); if (IS_ERR(hsudc->uclk)) { dev_err(dev, "failed to find usb-device clock source\n"); -- 2.7.4