i2c: designware: Fix oops from i2c_dw_irq_handler_slave
authorJarkko Nikula <jarkko.nikula@linux.intel.com>
Fri, 11 Aug 2017 11:44:55 +0000 (14:44 +0300)
committerWolfram Sang <wsa@the-dreams.de>
Mon, 14 Aug 2017 19:11:19 +0000 (21:11 +0200)
When i2c-designware is initialized in slave mode the
i2c-designware-slave.c: i2c_dw_irq_handler_slave() can hit a NULL
pointer dereference when I2C slave backend is not registered but code is
accessing the struct dw_i2c_dev.slave without testing is it NULL.

We might get spurious interrupts from other devices or from IRQ core
during unloading the driver when CONFIG_DEBUG_SHIRQ is set. Existing
check for enable and IRQ status is not enough since device can be power
gated and those bits may read 1.

Fix this by handling the interrupt only when also struct dw_i2c_dev.slave
is set.

Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
drivers/i2c/busses/i2c-designware-slave.c

index 0548c7ea578c9752f7c4cc1efebef37b41bca68a..4b62a3872763b99b7db8e2777a84ee761567efdc 100644 (file)
@@ -272,7 +272,7 @@ static int i2c_dw_irq_handler_slave(struct dw_i2c_dev *dev)
        slave_activity = ((dw_readl(dev, DW_IC_STATUS) &
                DW_IC_STATUS_SLAVE_ACTIVITY) >> 6);
 
-       if (!enabled || !(raw_stat & ~DW_IC_INTR_ACTIVITY))
+       if (!enabled || !(raw_stat & ~DW_IC_INTR_ACTIVITY) || !dev->slave)
                return 0;
 
        dev_dbg(dev->dev,