From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Marek Belisko <marek.belisko@open-nandra.com>,
Jonathan Cameron <jic23@kernel.org>
Subject: [ 25/75] staging: iio: hmc5843: Fix crash in probe function.
Date: Thu, 19 Apr 2012 14:03:28 -0700 [thread overview]
Message-ID: <20120419210305.263670572@linuxfoundation.org> (raw)
In-Reply-To: <20120419210322.GA6478@kroah.com>
3.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Belisko <marek.belisko@open-nandra.com>
commit 62d2feb9803f18c4e3c8a1a2c7e30a54df8a1d72 upstream.
Fix crash after issuing:
echo hmc5843 0x1e > /sys/class/i2c-dev/i2c-2/device/new_device
[ 37.180999] device: '2-001e': device_add
[ 37.188293] bus: 'i2c': add device 2-001e
[ 37.194549] PM: Adding info for i2c:2-001e
[ 37.200958] bus: 'i2c': driver_probe_device: matched device 2-001e with driver hmc5843
[ 37.210815] bus: 'i2c': really_probe: probing driver hmc5843 with device 2-001e
[ 37.224884] HMC5843 initialized
[ 37.228759] ------------[ cut here ]------------
[ 37.233612] kernel BUG at mm/slab.c:505!
[ 37.237701] Internal error: Oops - BUG: 0 [#1] PREEMPT
[ 37.243103] Modules linked in:
[ 37.246337] CPU: 0 Not tainted (3.3.1-gta04+ #28)
[ 37.251647] PC is at kfree+0x84/0x144
[ 37.255493] LR is at kfree+0x20/0x144
[ 37.259338] pc : [<c00b408c>] lr : [<c00b4028>] psr: 40000093
[ 37.259368] sp : de249cd8 ip : 0000000c fp : 00000090
[ 37.271362] r10: 0000000a r9 : de229eac r8 : c0236274
[ 37.276855] r7 : c09d6490 r6 : a0000013 r5 : de229c00 r4 : de229c10
[ 37.283691] r3 : c0f00218 r2 : 00000400 r1 : c0eea000 r0 : c00b4028
[ 37.290527] Flags: nZcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 37.298095] Control: 10c5387d Table: 9e1d0019 DAC: 00000015
[ 37.304107] Process sh (pid: 91, stack limit = 0xde2482f0)
[ 37.309844] Stack: (0xde249cd8 to 0xde24a000)
[ 37.314422] 9cc0: de229c10 de229c00
[ 37.322998] 9ce0: de229c10 ffffffea 00000005 c0236274 de140a80 c00b4798 dec00080 de140a80
[ 37.331573] 9d00: c032f37c dec00080 000080d0 00000001 de229c00 de229c10 c048d578 00000005
[ 37.340148] 9d20: de229eac 0000000a 00000090 c032fa40 00000001 00000000 00000001 de229c10
[ 37.348724] 9d40: de229eac 00000029 c075b558 00000001 00000003 00000004 de229c10 c048d594
[ 37.357299] 9d60: 00000000 60000013 00000018 205b0007 37332020 3432322e 5d343838 c0060020
[ 37.365905] 9d80: de251600 00000001 00000000 de251600 00000001 c0065a84 de229c00 de229c48
[ 37.374481] 9da0: 00000006 0048d62c de229c38 de229c00 de229c00 de1f6c00 de1f6c20 00000001
[ 37.383056] 9dc0: 00000000 c048d62c 00000000 de229c00 de229c00 de1f6c00 de1f6c20 00000001
[ 37.391632] 9de0: 00000000 c048d62c 00000000 c0330164 00000000 de1f6c20 c048d62c de1f6c00
[ 37.400207] 9e00: c0330078 de1f6c04 c078d714 de189b58 00000000 c02ccfd8 de1f6c20 c0795f40
[ 37.408782] 9e20: c0238330 00000000 00000000 c02381a8 de1b9fc0 de1f6c20 de1f6c20 de249e48
[ 37.417358] 9e40: c0238330 c0236bb0 decdbed8 de7d0f14 de1f6c20 de1f6c20 de1f6c54 de1f6c20
[ 37.425933] 9e60: 00000000 c0238030 de1f6c20 c078d7bc de1f6c20 c02377ec de1f6c20 de1f6c28
[ 37.434509] 9e80: dee64cb0 c0236138 c047c554 de189b58 00000000 c004b45c de1f6c20 de1f6cd8
[ 37.443084] 9ea0: c0edfa6c de1f6c00 dee64c68 de1f6c04 de1f6c20 dee64cb8 c047c554 de189b58
[ 37.451690] 9ec0: 00000000 c02cd634 dee64c68 de249ef4 de23b008 dee64cb0 0000000d de23b000
[ 37.460266] 9ee0: de23b007 c02cd78c 00000002 00000000 00000000 35636d68 00333438 00000000
[ 37.468841] 9f00: 00000000 00000000 001e0000 00000000 00000000 00000000 00000000 0a10cec0
[ 37.477416] 9f20: 00000002 de249f80 0000000d dee62990 de189b40 c0234d88 0000000d c010c354
[ 37.485992] 9f40: 0000000d de210f28 000acc88 de249f80 0000000d de248000 00000000 c00b7bf8
[ 37.494567] 9f60: de210f28 000acc88 de210f28 000acc88 00000000 00000000 0000000d c00b7ed8
[ 37.503143] 9f80: 00000000 00000000 0000000d 00000000 0007fa28 0000000d 000acc88 00000004
[ 37.511718] 9fa0: c000e544 c000e380 0007fa28 0000000d 00000001 000acc88 0000000d 00000000
[ 37.520294] 9fc0: 0007fa28 0000000d 000acc88 00000004 00000001 00000020 00000002 00000000
[ 37.528869] 9fe0: 00000000 beab8624 0000ea05 b6eaebac 600d0010 00000001 00000000 00000000
[ 37.537475] [<c00b408c>] (kfree+0x84/0x144) from [<c0236274>] (device_add+0x530/0x57c)
[ 37.545806] [<c0236274>] (device_add+0x530/0x57c) from [<c032fa40>] (iio_device_register+0x8c8/0x990)
[ 37.555480] [<c032fa40>] (iio_device_register+0x8c8/0x990) from [<c0330164>] (hmc5843_probe+0xec/0x114)
[ 37.565338] [<c0330164>] (hmc5843_probe+0xec/0x114) from [<c02ccfd8>] (i2c_device_probe+0xc4/0xf8)
[ 37.574737] [<c02ccfd8>] (i2c_device_probe+0xc4/0xf8) from [<c02381a8>] (driver_probe_device+0x118/0x218)
[ 37.584777] [<c02381a8>] (driver_probe_device+0x118/0x218) from [<c0236bb0>] (bus_for_each_drv+0x4c/0x84)
[ 37.594818] [<c0236bb0>] (bus_for_each_drv+0x4c/0x84) from [<c0238030>] (device_attach+0x78/0xa4)
[ 37.604125] [<c0238030>] (device_attach+0x78/0xa4) from [<c02377ec>] (bus_probe_device+0x28/0x9c)
[ 37.613433] [<c02377ec>] (bus_probe_device+0x28/0x9c) from [<c0236138>] (device_add+0x3f4/0x57c)
[ 37.622650] [<c0236138>] (device_add+0x3f4/0x57c) from [<c02cd634>] (i2c_new_device+0xf8/0x19c)
[ 37.631805] [<c02cd634>] (i2c_new_device+0xf8/0x19c) from [<c02cd78c>] (i2c_sysfs_new_device+0xb4/0x130)
[ 37.641754] [<c02cd78c>] (i2c_sysfs_new_device+0xb4/0x130) from [<c0234d88>] (dev_attr_store+0x18/0x24)
[ 37.651611] [<c0234d88>] (dev_attr_store+0x18/0x24) from [<c010c354>] (sysfs_write_file+0x10c/0x140)
[ 37.661193] [<c010c354>] (sysfs_write_file+0x10c/0x140) from [<c00b7bf8>] (vfs_write+0xb0/0x178)
[ 37.670410] [<c00b7bf8>] (vfs_write+0xb0/0x178) from [<c00b7ed8>] (sys_write+0x3c/0x68)
[ 37.678833] [<c00b7ed8>] (sys_write+0x3c/0x68) from [<c000e380>] (ret_fast_syscall+0x0/0x3c)
[ 37.687683] Code: 1593301c e5932000 e3120080 1a000000 (e7f001f2)
[ 37.700775] ---[ end trace aaf805debdb69390 ]---
Client data was assigned to iio_dev structure in probe but in
hmc5843_init_client function casted to private driver data structure which
is wrong. Possibly calling mutex_init(&data->lock); corrupt data
which the lead to above crash.
Signed-off-by: Marek Belisko <marek.belisko@open-nandra.com>
Acked-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/magnetometer/hmc5843.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/staging/iio/magnetometer/hmc5843.c
+++ b/drivers/staging/iio/magnetometer/hmc5843.c
@@ -521,7 +521,9 @@ static int hmc5843_detect(struct i2c_cli
/* Called when we have found a new HMC5843. */
static void hmc5843_init_client(struct i2c_client *client)
{
- struct hmc5843_data *data = i2c_get_clientdata(client);
+ struct iio_dev *indio_dev = i2c_get_clientdata(client);
+ struct hmc5843_data *data = iio_priv(indio_dev);
+
hmc5843_set_meas_conf(client, data->meas_conf);
hmc5843_set_rate(client, data->rate);
hmc5843_configure(client, data->operating_mode);
next prev parent reply other threads:[~2012-04-19 21:11 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-19 21:03 [ 00/75] 3.3.3-stable review Greg KH
2012-04-19 21:03 ` [ 01/75] Btrfs: fix regression in scrub path resolving Greg KH
2012-04-19 21:03 ` [ 02/75] drm/radeon/kms: fix DVO setup on some r4xx chips Greg KH
2012-04-19 21:03 ` [ 03/75] drm/i915: Removed IVB forced enable of sprite dest key Greg KH
2012-04-19 21:03 ` [ 04/75] drm/i915/ringbuffer: Exclude last 2 cachlines of ring on 845g Greg KH
2012-04-19 21:03 ` [ 05/75] drm/radeon: only add the mm i2c bus if the hw_i2c module param is set Greg KH
2012-04-19 21:03 ` [ 06/75] drm/i915: properly compute dp dithering for user-created modes Greg KH
2012-04-19 21:03 ` [ 07/75] drm/i915: make rc6 module parameter read-only Greg KH
2012-04-19 21:03 ` [ 08/75] rtlwifi: Preallocate USB read buffers and eliminate kalloc in read routine Greg KH
2012-04-19 21:03 ` [ 09/75] rtlwifi: Add missing DMA buffer unmapping for PCI drivers Greg KH
2012-04-19 21:03 ` [ 10/75] ARM: 7379/1: DT: fix atags_to_fdt() second call site Greg KH
2012-04-19 21:03 ` [ 11/75] ARM: 7384/1: ThumbEE: Disable userspace TEEHBR access for !CONFIG_ARM_THUMBEE Greg KH
2012-04-19 21:03 ` [ 12/75] md/raid1,raid10: Fix calculation of vcnt when processing error recovery Greg KH
2012-04-19 21:03 ` [ 13/75] md/bitmap: prevent bitmap_daemon_work running while initialising bitmap Greg KH
2012-04-19 21:03 ` [ 14/75] [PATCH] Bluetooth: uart-ldisc: Fix memory leak Greg KH
2012-04-19 21:03 ` [ 15/75] Bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close Greg KH
2012-04-19 21:03 ` [ 16/75] Bluetooth: hci_core: fix NULL-pointer dereference at unregister Greg KH
2012-04-19 21:03 ` [ 17/75] Bluetooth: Remove unneeded locking Greg KH
2012-04-19 21:03 ` [ 18/75] Revert "Btrfs: increase the global block reserve estimates" Greg KH
2012-04-19 21:03 ` [ 19/75] ALSA: hda/realtek - Add a fixup entry for Acer Aspire 8940G Greg KH
2012-04-19 21:03 ` [ 20/75] ext4: address scalability issue by removing extent cache statistics Greg KH
2012-04-19 21:03 ` [ 21/75] ia64: fix futex_atomic_cmpxchg_inatomic() Greg KH
2012-04-19 21:03 ` [ 22/75] panic: fix stack dump print on direct call to panic() Greg KH
2012-04-19 21:03 ` [ 23/75] drivers/rtc/rtc-pl031.c: enable clock on all ST variants Greg KH
2012-04-19 21:03 ` [ 24/75] hugetlb: fix race condition in hugetlb_fault() Greg KH
2012-04-19 21:03 ` Greg KH [this message]
2012-04-19 21:03 ` [ 26/75] Revert "serial/8250_pci: init-quirk msi support for kt serial controller" Greg KH
2012-04-19 21:03 ` [ 27/75] serial: samsung: fix omission initialize ulcon in reset port fn() Greg KH
2012-04-19 21:03 ` [ 28/75] Revert "serial/8250_pci: setup-quirk workaround for the kt serial controller" Greg KH
2012-04-19 21:03 ` [ 29/75] serial/8250_pci: add a "force background timer" flag and use it for the "kt" serial port Greg KH
2012-04-19 21:03 ` [ 30/75] tty: serial: altera_uart: Check for NULL platform_data in probe Greg KH
2012-04-19 21:03 ` [ 31/75] sparc64: Eliminate obsolete __handle_softirq() function Greg KH
2012-04-19 21:03 ` [ 32/75] sparc64: Fix bootup crash on sun4v Greg KH
2012-04-19 21:03 ` [ 33/75] cciss: Initialize scsi host max_sectors for tape drive support Greg KH
2012-04-19 21:03 ` [ 34/75] cciss: Fix scsi tape io with more than 255 scatter gather elements Greg KH
2012-04-19 21:03 ` [ 35/75] perf hists: Catch and handle out-of-date hist entry maps Greg KH
2012-04-19 21:03 ` [ 36/75] video:uvesafb: Fix oops that uvesafb try to execute NX-protected page Greg KH
2012-04-19 21:03 ` [ 37/75] IB/srpt: Set srq_type to IB_SRQT_BASIC Greg KH
2012-04-19 21:03 ` [ 38/75] nohz: Fix stale jiffies update in tick_nohz_restart() Greg KH
2012-04-19 21:03 ` [ 39/75] pch_uart: Fix MSI setting issue Greg KH
2012-04-19 21:03 ` [ 40/75] x86: Use correct byte-sized register constraint in __xchg_op() Greg KH
2012-04-19 21:03 ` [ 41/75] x86: Use correct byte-sized register constraint in __add() Greg KH
2012-04-19 21:03 ` [ 42/75] USB: serial: fix race between probe and open Greg KH
2012-04-19 21:03 ` [ 43/75] USB: pl2303: fix DTR/RTS being raised on baud rate change Greg KH
2012-04-19 21:03 ` [ 44/75] USB: option: re-add NOVATELWIRELESS_PRODUCT_HSPA_HIGHSPEED to option_id array Greg KH
2012-04-19 21:03 ` [ 45/75] USB: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT Greg KH
2012-04-19 21:03 ` [ 46/75] USB: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed Greg KH
2012-04-19 21:03 ` [ 47/75] USB: sierra: add support for Sierra Wireless MC7710 Greg KH
2012-04-19 21:03 ` [ 48/75] USB: dont clear urb->dev in scatter-gather library Greg KH
2012-04-19 21:03 ` [ 49/75] USB: dont ignore suspend errors for root hubs Greg KH
2012-04-19 21:03 ` [ 50/75] xhci: dont re-enable IE constantly Greg KH
2012-04-19 21:03 ` [ 51/75] xhci: Dont write zeroed pointers to xHC registers Greg KH
2012-04-19 21:03 ` [ 52/75] xhci: Restore event ring dequeue pointer on resume Greg KH
2012-04-19 21:03 ` [ 53/75] USB: fix bug of device descriptor got from superspeed device Greg KH
2012-04-19 21:03 ` [ 54/75] xHCI: add XHCI_RESET_ON_RESUME quirk for VIA xHCI host Greg KH
2012-04-19 21:03 ` [ 55/75] xHCI: Correct the #define XHCI_LEGACY_DISABLE_SMI Greg KH
2012-04-19 21:03 ` [ 56/75] [S390] fix tlb flushing for page table pages Greg KH
2012-04-19 21:04 ` [ 57/75] memcg: fix Bad page state after replace_page_cache Greg KH
2012-04-19 21:04 ` [ 58/75] serial: PL011: clear pending interrupts Greg KH
2012-04-19 21:04 ` [ 59/75] serial: PL011: move interrupt clearing Greg KH
2012-04-19 21:04 ` [ 60/75] fcaps: clear the same personality flags as suid when fcaps are used Greg KH
2012-04-19 21:04 ` [ 61/75] xhci: Fix register save/restore order Greg KH
2012-04-19 21:04 ` [ 62/75] usb: gadget: pch_udc: Fix disconnect issue Greg KH
2012-04-19 21:04 ` [ 63/75] usb: gadget: pch_udc: Fix wrong return value Greg KH
2012-04-19 21:04 ` [ 64/75] usb: gadget: pch_udc: Fix USB suspend issue Greg KH
2012-04-19 21:04 ` [ 65/75] usb: gadget: pch_udc: Fix usb/gadget/pch_udc: Fix ether gadget connect/disconnect issue Greg KH
2012-04-19 21:04 ` [ 66/75] usb: gadget: pch_udc: Reduce redundant interrupt Greg KH
2012-04-19 21:04 ` [ 67/75] security: fix compile error in commoncap.c Greg KH
2012-04-19 21:04 ` [ 68/75] spi-topcliff-pch: fix -Wuninitialized warning Greg KH
2012-04-19 21:04 ` [ 69/75] Bluetooth: Adding USB device 13d3:3375 as an Atheros AR3012 Greg KH
2012-04-19 21:04 ` [ 70/75] Bluetooth: Add Atheros maryann PIDVID support Greg KH
2012-04-19 21:04 ` [ 71/75] futex: Do not leak robust list to unprivileged process Greg KH
2012-04-19 21:04 ` [ 72/75] drm/i915: Hold mode_config lock whilst changing mode for lastclose() Greg KH
2012-04-19 21:04 ` [ 73/75] drm/radeon/kms: fix the regression of DVI connector check Greg KH
2012-04-19 21:04 ` [ 74/75] drm/radeon: disable MSI on RV515 Greg KH
2012-04-19 21:04 ` [ 75/75] drm/radeon: fix load detect on rn50 with hardcoded EDIDs Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120419210305.263670572@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=jic23@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marek.belisko@open-nandra.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.