A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures.
Fixes: b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") Cc: stable@vger.kernel.org # 5.12 Cc: Douglas Anderson dianders@chromium.org Signed-off-by: Johan Hovold johan+linaro@kernel.org --- drivers/hid/i2c-hid/i2c-hid-of.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/hid/i2c-hid/i2c-hid-of.c b/drivers/hid/i2c-hid/i2c-hid-of.c index c4e1fa0273c8..8be4d576da77 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of.c +++ b/drivers/hid/i2c-hid/i2c-hid-of.c @@ -87,6 +87,7 @@ static int i2c_hid_of_probe(struct i2c_client *client) if (!ihid_of) return -ENOMEM;
+ ihid_of->client = client; ihid_of->ops.power_up = i2c_hid_of_power_up; ihid_of->ops.power_down = i2c_hid_of_power_down;
Hi,
On Fri, Jan 26, 2024 at 9:10 AM Johan Hovold johan+linaro@kernel.org wrote:
A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures.
Fixes: b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") Cc: stable@vger.kernel.org # 5.12 Cc: Douglas Anderson dianders@chromium.org Signed-off-by: Johan Hovold johan+linaro@kernel.org
drivers/hid/i2c-hid/i2c-hid-of.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/hid/i2c-hid/i2c-hid-of.c b/drivers/hid/i2c-hid/i2c-hid-of.c index c4e1fa0273c8..8be4d576da77 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of.c +++ b/drivers/hid/i2c-hid/i2c-hid-of.c @@ -87,6 +87,7 @@ static int i2c_hid_of_probe(struct i2c_client *client) if (!ihid_of) return -ENOMEM;
ihid_of->client = client;
Good catch and thanks for the fix. FWIW, I'd be OK w/
Reviewed-by: Douglas Anderson dianders@chromium.org
That being said, I'd be even happier if you simply removed the "client" from the structure and removed the error printout. regulator_bulk_enable() already prints error messages when a failure happens and thus the error printout is redundant and wastes space.
-Doug
On Fri, 26 Jan 2024, Doug Anderson wrote:
A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures.
Fixes: b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") Cc: stable@vger.kernel.org # 5.12 Cc: Douglas Anderson dianders@chromium.org Signed-off-by: Johan Hovold johan+linaro@kernel.org
drivers/hid/i2c-hid/i2c-hid-of.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/hid/i2c-hid/i2c-hid-of.c b/drivers/hid/i2c-hid/i2c-hid-of.c index c4e1fa0273c8..8be4d576da77 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of.c +++ b/drivers/hid/i2c-hid/i2c-hid-of.c @@ -87,6 +87,7 @@ static int i2c_hid_of_probe(struct i2c_client *client) if (!ihid_of) return -ENOMEM;
ihid_of->client = client;
Good catch and thanks for the fix. FWIW, I'd be OK w/
Reviewed-by: Douglas Anderson dianders@chromium.org
I've now queued this as a fix for 6.8 ....
That being said, I'd be even happier if you simply removed the "client" from the structure and removed the error printout. regulator_bulk_enable() already prints error messages when a failure happens and thus the error printout is redundant and wastes space.
... and this can be done for 6.9.
Thanks,
On Fri, Jan 26, 2024 at 09:47:23AM -0800, Doug Anderson wrote:
On Fri, Jan 26, 2024 at 9:10 AM Johan Hovold johan+linaro@kernel.org wrote:
A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures.
Good catch and thanks for the fix. FWIW, I'd be OK w/
Reviewed-by: Douglas Anderson dianders@chromium.org
That being said, I'd be even happier if you simply removed the "client" from the structure and removed the error printout. regulator_bulk_enable() already prints error messages when a failure happens and thus the error printout is redundant and wastes space.
True, but that error message does not include the device that tried to use the regulator.
I actually hit this when adding dev_dbg() to the function in question. For such cases, it's also convenient to have struct device easily accessible so I think it should be ok to just leave this pointer in.
Johan
linux-stable-mirror@lists.linaro.org