From: Bamvor Jian Zhang <bamv2005@gmail.com>
To: linux-gpio@vger.kernel.org
Cc: linus.walleij@linaro.org, broonie@kernel.org,
Bamvor Jian Zhang <bamvor.zhangjian@linaro.org>
Subject: [PATCH] gpiolib: fix crash when gpiochip removed
Date: Sat, 20 Feb 2016 13:13:19 +0800 [thread overview]
Message-ID: <1455945199-5068-1-git-send-email-bamv2005@gmail.com> (raw)
From: Bamvor Jian Zhang <bamvor.zhangjian@linaro.org>
Commit cb464a88e1ed ("gpio: make the gpiochip a real device") call
gpiochip_sysfs_unregister after the gpiochip is empty. It lead to the
following crash:
[ 163.503994] Unable to handle kernel NULL pointer dereference at virtual address 0000007c
[...]
[ 163.525394] [<ffffffc0003719a0>] gpiochip_sysfs_unregister+0x44/0xa4
[ 163.525611] [<ffffffc00036f6a0>] gpiochip_remove+0x24/0x154
[ 163.525861] [<ffffffbffc00f0a4>] mockup_gpio_remove+0x38/0x64 [gpio_mockup]
[ 163.526101] [<ffffffc00042b4b4>] platform_drv_remove+0x24/0x64
[ 163.526313] [<ffffffc000429cc8>] __device_release_driver+0x7c/0xfc
[ 163.526525] [<ffffffc000429e54>] driver_detach+0xbc/0xc0
[ 163.526700] [<ffffffc000429014>] bus_remove_driver+0x58/0xac
[ 163.526883] [<ffffffc00042a4cc>] driver_unregister+0x2c/0x4c
[ 163.527067] [<ffffffc00042b5c0>] platform_driver_unregister+0x10/0x18
[ 163.527284] [<ffffffbffc00f340>] mock_device_exit+0x10/0x38 [gpio_mockup]
[ 163.527593] [<ffffffc00011cefc>] SyS_delete_module+0x1b8/0x1fc
[ 163.527799] [<ffffffc000085d8c>] __sys_trace_return+0x0/0x4
[ 163.528049] Code: 940d74b4 f9019abf aa1303e0 940d7439 (7940fac0)
[ 163.536273] ---[ end trace 3d1329be504af609 ]---
This patch fix this by changing the code back.
Signed-off-by: Bamvor Jian Zhang <bamvor.zhangjian@linaro.org>
---
drivers/gpio/gpiolib.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 59f0045..7181807 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -624,11 +624,10 @@ void gpiochip_remove(struct gpio_chip *chip)
unsigned i;
bool requested = false;
- /* Numb the device, cancelling all outstanding operations */
- gdev->chip = NULL;
-
/* FIXME: should the legacy sysfs handling be moved to gpio_device? */
gpiochip_sysfs_unregister(gdev);
+ /* Numb the device, cancelling all outstanding operations */
+ gdev->chip = NULL;
gpiochip_irqchip_remove(chip);
acpi_gpiochip_remove(chip);
gpiochip_remove_pin_ranges(chip);
--
2.6.2
next reply other threads:[~2016-02-20 5:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-20 5:13 Bamvor Jian Zhang [this message]
2016-02-20 11:52 ` [PATCH] gpiolib: fix crash when gpiochip removed Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455945199-5068-1-git-send-email-bamv2005@gmail.com \
--to=bamv2005@gmail.com \
--cc=bamvor.zhangjian@linaro.org \
--cc=broonie@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-gpio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).