aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/gadget/s3c-hsudc.c
diff options
context:
space:
mode:
authorHeiko Stübner <heiko@sntech.de>2011-08-21 08:31:17 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2011-08-22 19:03:13 -0400
commitda4fc14c9955bbcafb9cdcc34f9772f3e9481bb8 (patch)
tree59f2c3b11e2924e06a73a0a05d4e430a9c81f3ff /drivers/usb/gadget/s3c-hsudc.c
parent94ab23dd254a1050870160bf9620cd115cb75028 (diff)
s3c-hsudc: Fix possible nullpointer dereference during probe
The usb-interrupt is requested before the endpoints are initalised. If an interrupt happens in the time between request_irq and the init of the endpoint-data (as seen on the Qisda ESx00 ebook-platforms), it is therefore possible for the interrupt handler to access endpoint- data before its creation resulting in a null-pointer dereference. This patch simply moves the irq request below the endpoint init. Signed-off-by: Heiko Stuebner <heiko@sntech.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/gadget/s3c-hsudc.c')
-rw-r--r--drivers/usb/gadget/s3c-hsudc.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/drivers/usb/gadget/s3c-hsudc.c b/drivers/usb/gadget/s3c-hsudc.c
index 3fa717c5f4bc..00056c27a1c8 100644
--- a/drivers/usb/gadget/s3c-hsudc.c
+++ b/drivers/usb/gadget/s3c-hsudc.c
@@ -1269,19 +1269,6 @@ static int s3c_hsudc_probe(struct platform_device *pdev)
1269 goto err_remap; 1269 goto err_remap;
1270 } 1270 }
1271 1271
1272 ret = platform_get_irq(pdev, 0);
1273 if (ret < 0) {
1274 dev_err(dev, "unable to obtain IRQ number\n");
1275 goto err_irq;
1276 }
1277 hsudc->irq = ret;
1278
1279 ret = request_irq(hsudc->irq, s3c_hsudc_irq, 0, driver_name, hsudc);
1280 if (ret < 0) {
1281 dev_err(dev, "irq request failed\n");
1282 goto err_irq;
1283 }
1284
1285 spin_lock_init(&hsudc->lock); 1272 spin_lock_init(&hsudc->lock);
1286 1273
1287 device_initialize(&hsudc->gadget.dev); 1274 device_initialize(&hsudc->gadget.dev);
@@ -1299,6 +1286,19 @@ static int s3c_hsudc_probe(struct platform_device *pdev)
1299 1286
1300 s3c_hsudc_setup_ep(hsudc); 1287 s3c_hsudc_setup_ep(hsudc);
1301 1288
1289 ret = platform_get_irq(pdev, 0);
1290 if (ret < 0) {
1291 dev_err(dev, "unable to obtain IRQ number\n");
1292 goto err_irq;
1293 }
1294 hsudc->irq = ret;
1295
1296 ret = request_irq(hsudc->irq, s3c_hsudc_irq, 0, driver_name, hsudc);
1297 if (ret < 0) {
1298 dev_err(dev, "irq request failed\n");
1299 goto err_irq;
1300 }
1301
1302 hsudc->uclk = clk_get(&pdev->dev, "usb-device"); 1302 hsudc->uclk = clk_get(&pdev->dev, "usb-device");
1303 if (IS_ERR(hsudc->uclk)) { 1303 if (IS_ERR(hsudc->uclk)) {
1304 dev_err(dev, "failed to find usb-device clock source\n"); 1304 dev_err(dev, "failed to find usb-device clock source\n");