Re: [PATCH] iio:adc:at91-sama5d2: Repair crash on module removal

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jonathan Cameron <jic23@kernel.org>
To: Marek Vasut <marex@denx.de>, linux-iio@vger.kernel.org
Cc: Ludovic Desroches <ludovic.desroches@atmel.com>
Subject: Re: [PATCH] iio:adc:at91-sama5d2: Repair crash on module removal
Date: Mon, 18 Apr 2016 19:55:36 +0100	[thread overview]
Message-ID: <57152DA8.8060106@kernel.org> (raw)
In-Reply-To: <1460997005-8786-1-git-send-email-marex@denx.de>

On 18/04/16 17:30, Marek Vasut wrote:
> The driver never calls platform_set_drvdata() , so platform_get_drvdata()
> in .remove returns NULL and thus $indio_dev variable in .remove is NULL.
> Then it's only a matter of dereferencing the indio_dev variable to make
> the kernel blow as seen below. This patch adds the platform_set_drvdata()
> call to fix the problem.
> 
> root@armhf:~# rmmod at91-sama5d2_adc
> 
> Unable to handle kernel NULL pointer dereference at virtual address 000001d4
> pgd = dd57c000
> [000001d4] *pgd=00000000
> Internal error: Oops: 5 [#1] ARM
> Modules linked in: at91_sama5d2_adc(-)
> CPU: 0 PID: 1334 Comm: rmmod Not tainted 4.6.0-rc3-next-20160418+ #3
> Hardware name: Atmel SAMA5
> task: dd4fcc40 ti: de910000 task.ti: de910000
> PC is at mutex_lock+0x4/0x24
> LR is at iio_device_unregister+0x14/0x6c
> pc : [<c05f4624>]    lr : [<c0471f74>]    psr: a00d0013
>                sp : de911f00  ip : 00000000  fp : be898bd8
> r10: 00000000  r9 : de910000  r8 : c0107724
> r7 : 00000081  r6 : bf001048  r5 : 000001d4  r4 : 00000000
> r3 : bf000000  r2 : 00000000  r1 : 00000004  r0 : 000001d4
> Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
> Control: 10c53c7d  Table: 3d57c059  DAC: 00000051
> Process rmmod (pid: 1334, stack limit = 0xde910208)
> Stack: (0xde911f00 to 0xde912000)
> 1f00: bf000000 00000000 df5c7e10 bf000010 bf000000 df5c7e10 df5c7e10 c0351ca8
> 1f20: c0351c84 df5c7e10 bf001048 c0350734 bf001048 df5c7e10 df5c7e44 c035087c
> 1f40: bf001048 7f62dd4c 00000800 c034fb30 bf0010c0 c0158ee8 de910000 31397461
> 1f60: 6d61735f 32643561 6364615f 00000000 de911f90 de910000 de910000 00000000
> 1f80: de911fb0 10c53c7d de911f9c c05f33d8 de911fa0 00910000 be898ecb 7f62dd10
> 1fa0: 00000000 c0107560 be898ecb 7f62dd10 7f62dd4c 00000800 6f844800 6f844800
> 1fc0: be898ecb 7f62dd10 00000000 00000081 00000000 7f62dd10 be898bd8 be898bd8
> 1fe0: b6eedab1 be898b6c 7f61056b b6eedab6 000d0030 7f62dd4c 00000000 00000000
> [<c05f4624>] (mutex_lock) from [<c0471f74>] (iio_device_unregister+0x14/0x6c)
> [<c0471f74>] (iio_device_unregister) from [<bf000010>] (at91_adc_remove+0x10/0x3c [at91_sama5d2_adc])
> [<bf000010>] (at91_adc_remove [at91_sama5d2_adc]) from [<c0351ca8>] (platform_drv_remove+0x24/0x3c)
> [<c0351ca8>] (platform_drv_remove) from [<c0350734>] (__device_release_driver+0x84/0x110)
> [<c0350734>] (__device_release_driver) from [<c035087c>] (driver_detach+0x8c/0x90)
> [<c035087c>] (driver_detach) from [<c034fb30>] (bus_remove_driver+0x4c/0xa0)
> [<c034fb30>] (bus_remove_driver) from [<c0158ee8>] (SyS_delete_module+0x110/0x1d0)
> [<c0158ee8>] (SyS_delete_module) from [<c0107560>] (ret_fast_syscall+0x0/0x3c)
> Code: e3520001 1affffd5 eafffff4 f5d0f000 (e1902f9f)
> ---[ end trace 86914d7ad3696fca ]---
> 
> Signed-off-by: Marek Vasut <marex@denx.de>
> Cc: Ludovic Desroches <ludovic.desroches@atmel.com>
> Cc: Jonathan Cameron <jic23@kernel.org>
Applied to the fixes-togreg branch and marked for stable.

Thanks and oops :)

Who removes modules anyway?

Jonathan
> ---
>  drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
> index 07adb10..e10dca3 100644
> --- a/drivers/iio/adc/at91-sama5d2_adc.c
> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
> @@ -497,6 +497,8 @@ static int at91_adc_probe(struct platform_device *pdev)
>  	if (ret)
>  		goto vref_disable;
>  
> +	platform_set_drvdata(pdev, indio_dev);
> +
>  	ret = iio_device_register(indio_dev);
>  	if (ret < 0)
>  		goto per_clk_disable_unprepare;
>

next prev parent reply	other threads:[~2016-04-18 18:55 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-18 16:30 [PATCH] iio:adc:at91-sama5d2: Repair crash on module removal Marek Vasut
2016-04-18 18:55 ` Jonathan Cameron [this message]
2016-04-18 20:20   ` Marek Vasut
2016-04-19  6:12 ` Ludovic Desroches
2016-04-19 10:32   ` Marek Vasut

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57152DA8.8060106@kernel.org \
    --to=jic23@kernel.org \
    --cc=linux-iio@vger.kernel.org \
    --cc=ludovic.desroches@atmel.com \
    --cc=marex@denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.