Commit 5192a564 authored by Ian Abbott's avatar Ian Abbott Committed by Kleber Sacilotto de Souza

staging: comedi: amplc_pci230: fix null pointer deref on interrupt

BugLink: https://bugs.launchpad.net/bugs/1838467

commit 7379e6ba upstream.

The interrupt handler `pci230_interrupt()` causes a null pointer
dereference for a PCI260 card.  There is no analog output subdevice for
a PCI260.  The `dev->write_subdev` subdevice pointer and therefore the
`s_ao` subdevice pointer variable will be `NULL` for a PCI260.  The
following call near the end of the interrupt handler results in the null
pointer dereference for a PCI260:

	comedi_handle_events(dev, s_ao);

Fix it by only calling the above function if `s_ao` is valid.

Note that the other uses of `s_ao` in the calls
`pci230_handle_ao_nofifo(dev, s_ao);` and `pci230_handle_ao_fifo(dev,
s_ao);` will never be reached for a PCI260, so they are safe.

Fixes: 39064f23 ("staging: comedi: amplc_pci230: use comedi_handle_events()")
Cc: <stable@vger.kernel.org> # v3.19+
Signed-off-by: default avatarIan Abbott <abbotti@mev.co.uk>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent 71ba17c0
...@@ -2324,7 +2324,8 @@ static irqreturn_t pci230_interrupt(int irq, void *d) ...@@ -2324,7 +2324,8 @@ static irqreturn_t pci230_interrupt(int irq, void *d)
devpriv->intr_running = false; devpriv->intr_running = false;
spin_unlock_irqrestore(&devpriv->isr_spinlock, irqflags); spin_unlock_irqrestore(&devpriv->isr_spinlock, irqflags);
comedi_handle_events(dev, s_ao); if (s_ao)
comedi_handle_events(dev, s_ao);
comedi_handle_events(dev, s_ai); comedi_handle_events(dev, s_ai);
return IRQ_HANDLED; return IRQ_HANDLED;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment