From 2962aecef2878e2192ac9676700469678507c24d Mon Sep 17 00:00:00 2001
From: Hans-Frieder Vogt <hfvogt@gmx.net>
Date: Sun, 6 Oct 2013 21:13:35 +0200
Subject: w1 - fix fops in w1_bus_notify

Introduce a check to make sure that fops are only called if they have
been defined by the slave module.

Without this check modules like w1_smem cause a NULL pointer dereference
bug.

Signed-off by: Hans-Frieder Vogt <hfvogt@gmx.net>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Cc: stable <stable@vger.kernel.org> # 3.11+

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/w1/w1.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'drivers/w1')

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index c7c64f18773d..0781217d2396 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -613,6 +613,9 @@ static int w1_bus_notify(struct notifier_block *nb, unsigned long action,
 	sl = dev_to_w1_slave(dev);
 	fops = sl->family->fops;
 
+	if (!fops)
+		return 0;
+
 	switch (action) {
 	case BUS_NOTIFY_ADD_DEVICE:
 		/* if the family driver needs to initialize something... */
-- 
cgit v1.2.1


From bc04d76d6942068f75c10790072280b847ec6f1f Mon Sep 17 00:00:00 2001
From: Hans-Frieder Vogt <hfvogt@gmx.net>
Date: Sun, 6 Oct 2013 21:13:40 +0200
Subject: w1 - call request_module with w1 master mutex unlocked

request_module for w1 slave modules needs to be called with the w1
master mutex unlocked. Because w1_attach_slave_device gets always(?)
called with mutex locked, we need to temporarily unlock the w1 master
mutex for the loading of the w1 slave module.

Signed-off by: Hans-Frieder Vogt <hfvogt@gmx.net>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Cc: stable <stable@vger.kernel.org> # 3.11+

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/w1/w1.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'drivers/w1')

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 0781217d2396..fa932c2f7d97 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -716,7 +716,10 @@ static int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn)
 	atomic_set(&sl->refcnt, 0);
 	init_completion(&sl->released);
 
+	/* slave modules need to be loaded in a context with unlocked mutex */
+	mutex_unlock(&dev->mutex);
 	request_module("w1-family-0x%0x", rn->family);
+	mutex_lock(&dev->mutex);
 
 	spin_lock(&w1_flock);
 	f = w1_family_registered(rn->family);
-- 
cgit v1.2.1