[3.11.y.z extended stable] Patch "mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy error" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Mon Apr 21 09:28:59 UTC 2014 

This is a note to let you know that I have just added a patch titled

    mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy error

to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.11.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 90a8f4b5a9aa5d41cbd6836320856bf32fef074e Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <k.kozlowski at samsung.com>
Date: Tue, 11 Feb 2014 11:03:35 +0100
Subject: mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy
 error

commit ed26f87b9f71693a1d1ee85f5e6209601505080f upstream.

During probe the driver allocates dummy I2C device for RTC with i2c_new_dummy() but it does not check the return value of this call.

In case of error (i2c_new_device(): memory allocation failure or I2C
address cannot be used) this function returns NULL which is later used
by i2c_unregister_device().

If i2c_new_dummy() fails for RTC device, fail also the probe for
main MFD driver.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski at samsung.com>
Signed-off-by: Lee Jones <lee.jones at linaro.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/mfd/max8998.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/mfd/max8998.c b/drivers/mfd/max8998.c
index 21af51a..7c169e6 100644
--- a/drivers/mfd/max8998.c
+++ b/drivers/mfd/max8998.c
@@ -214,6 +214,10 @@ static int max8998_i2c_probe(struct i2c_client *i2c,
 	mutex_init(&max8998->iolock);

 	max8998->rtc = i2c_new_dummy(i2c->adapter, RTC_I2C_ADDR);
+	if (!max8998->rtc) {
+		dev_err(&i2c->dev, "Failed to allocate I2C device for RTC\n");
+		return -ENODEV;
+	}
 	i2c_set_clientdata(max8998->rtc, max8998);

 	max8998_irq_init(max8998);
--
1.9.1

More information about the kernel-team mailing list