gb_audio_manager_get_module() calls gb_audio_manager_get_locked(), which can return NULL when the requested id does not exist. The returned pointer is dereferenced unconditionally via kobject_get(), leading to a NULL pointer dereference.
Only take a kobject reference when the module is found.
Signed-off-by: Hardik Phalet hardik.phalet@pm.me --- drivers/staging/greybus/audio_manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/greybus/audio_manager.c b/drivers/staging/greybus/audio_manager.c index 27ca5f796c5f..1da8804e61ca 100644 --- a/drivers/staging/greybus/audio_manager.c +++ b/drivers/staging/greybus/audio_manager.c @@ -111,7 +111,8 @@ struct gb_audio_manager_module *gb_audio_manager_get_module(int id)
down_read(&modules_rwsem); module = gb_audio_manager_get_locked(id); - kobject_get(&module->kobj); + if (module) + kobject_get(&module->kobj); up_read(&modules_rwsem); return module; }