From: Ian Abbott <abbotti@mev.co.uk>
Date: Fri, 23 Aug 2013 11:37:17 +0000 (+0100)
Subject: staging: comedi: bug-fix NULL pointer dereference on failed attach
X-Git-Tag: firefly_0821_release~6453^2~974
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6f123e952c4144ddda16ebdac765677ebdf6f37c;p=firefly-linux-kernel-4.4.55.git

staging: comedi: bug-fix NULL pointer dereference on failed attach

commit 3955dfa8216f712bc204a5ad2f4e51efff252fde upstream.

Commit dcd7b8bd63cb81c5b973bf86510ca3c80bbbd162 ("staging: comedi: put
module _after_ detach" by myself) reversed a couple of calls in
`comedi_device_attach()` when recovering from an error returned by the
low-level driver's 'attach' handler.  Unfortunately, that introduced a
NULL pointer dereference bug as `dev->driver` is NULL after the call to
`comedi_device_detach()`.   We still have a pointer to the low-level
comedi driver structure in the `driv` variable, so use that instead.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/comedi/drivers.c b/drivers/staging/comedi/drivers.c
index 06d190f8fd34..4a2b04277304 100644
--- a/drivers/staging/comedi/drivers.c
+++ b/drivers/staging/comedi/drivers.c
@@ -464,7 +464,7 @@ int comedi_device_attach(struct comedi_device *dev, struct comedi_devconfig *it)
 		ret = comedi_device_postconfig(dev);
 	if (ret < 0) {
 		comedi_device_detach(dev);
-		module_put(dev->driver->module);
+		module_put(driv->module);
 	}
 	/* On success, the driver module count has been incremented. */
 	return ret;