From: H Hartley Sweeten Date: Thu, 25 Oct 2012 22:05:46 +0000 (-0700) Subject: staging: comedi: me_daq: fix pointer dereference in me_detach() X-Git-Tag: firefly_0821_release~3680^2~1519^2~940 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=736b605c897204b8c05f15160f12e70c61b2e6e6;p=firefly-linux-kernel-4.4.55.git staging: comedi: me_daq: fix pointer dereference in me_detach() As pointed out by Dan Carpenter, dev_private could be NULL when it is checked before calling comedi_pci_disable(). The private data variable 'plx_regbase_size' is only used to see if the pci device has been enabled. Remove that variable from the private data and just use the unused dev->iobase variable to let the detach know that the pci device is enabled. Signed-off-by: H Hartley Sweeten Reported-by: Dan Carpenter Cc: Ian Abbott Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/comedi/drivers/me_daq.c b/drivers/staging/comedi/drivers/me_daq.c index ddb3dd79874d..cdb97955bbc5 100644 --- a/drivers/staging/comedi/drivers/me_daq.c +++ b/drivers/staging/comedi/drivers/me_daq.c @@ -224,7 +224,6 @@ static const struct me_board me_boards[] = { struct me_private_data { void __iomem *plx_regbase; /* PLX configuration base address */ void __iomem *me_regbase; /* Base address of the Meilhaus card */ - unsigned long plx_regbase_size; /* Size of PLX configuration space */ unsigned long me_regbase_size; /* Size of Meilhaus space */ unsigned short control_1; /* Mirror of CONTROL_1 register */ @@ -639,7 +638,6 @@ static int me_attach_pci(struct comedi_device *dev, struct pci_dev *pcidev) struct me_private_data *dev_private; struct comedi_subdevice *s; resource_size_t plx_regbase_tmp; - unsigned long plx_regbase_size_tmp; resource_size_t me_regbase_tmp; unsigned long me_regbase_size_tmp; resource_size_t swap_regbase_tmp; @@ -664,13 +662,12 @@ static int me_attach_pci(struct comedi_device *dev, struct pci_dev *pcidev) "Failed to enable PCI device and request regions\n"); return -EIO; } + dev->iobase = 1; /* detach needs this */ /* Read PLX register base address [PCI_BASE_ADDRESS #0]. */ plx_regbase_tmp = pci_resource_start(pcidev, 0); - plx_regbase_size_tmp = pci_resource_len(pcidev, 0); - dev_private->plx_regbase = - ioremap(plx_regbase_tmp, plx_regbase_size_tmp); - dev_private->plx_regbase_size = plx_regbase_size_tmp; + dev_private->plx_regbase = ioremap(plx_regbase_tmp, + pci_resource_len(pcidev, 0)); if (!dev_private->plx_regbase) { dev_err(dev->class_dev, "Failed to remap I/O memory\n"); return -ENOMEM; @@ -791,7 +788,7 @@ static void me_detach(struct comedi_device *dev) iounmap(dev_private->plx_regbase); } if (pcidev) { - if (dev_private->plx_regbase_size) + if (dev->iobase) comedi_pci_disable(pcidev); pci_dev_put(pcidev); }