Re: [PATCH] iio:adc:at91-sama5d2: Repair crash on module removal

linux-iio.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jonathan Cameron <jic23@kernel.org>
To: Marek Vasut <marex@denx.de>, linux-iio@vger.kernel.org
Cc: Ludovic Desroches <ludovic.desroches@atmel.com>
Subject: Re: [PATCH] iio:adc:at91-sama5d2: Repair crash on module removal
Date: Mon, 18 Apr 2016 19:55:36 +0100	[thread overview]
Message-ID: <57152DA8.8060106@kernel.org> (raw)
In-Reply-To: <1460997005-8786-1-git-send-email-marex@denx.de>

On 18/04/16 17:30, Marek Vasut wrote:
> The driver never calls platform_set_drvdata() , so platform_get_drvdata()
> in .remove returns NULL and thus $indio_dev variable in .remove is NULL.
> Then it's only a matter of dereferencing the indio_dev variable to make
> the kernel blow as seen below. This patch adds the platform_set_drvdata()
> call to fix the problem.
> 
> root@armhf:~# rmmod at91-sama5d2_adc
> 
> Unable to handle kernel NULL pointer dereference at virtual address 000001d4
> pgd = dd57c000
> [000001d4] *pgd=00000000
> Internal error: Oops: 5 [#1] ARM
> Modules linked in: at91_sama5d2_adc(-)
> CPU: 0 PID: 1334 Comm: rmmod Not tainted 4.6.0-rc3-next-20160418+ #3
> Hardware name: Atmel SAMA5
> task: dd4fcc40 ti: de910000 task.ti: de910000
> PC is at mutex_lock+0x4/0x24
> LR is at iio_device_unregister+0x14/0x6c
> pc : [<c05f4624>]    lr : [<c0471f74>]    psr: a00d0013
>                sp : de911f00  ip : 00000000  fp : be898bd8
> r10: 00000000  r9 : de910000  r8 : c0107724
> r7 : 00000081  r6 : bf001048  r5 : 000001d4  r4 : 00000000
> r3 : bf000000  r2 : 00000000  r1 : 00000004  r0 : 000001d4
> Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
> Control: 10c53c7d  Table: 3d57c059  DAC: 00000051
> Process rmmod (pid: 1334, stack limit = 0xde910208)
> Stack: (0xde911f00 to 0xde912000)
> 1f00: bf000000 00000000 df5c7e10 bf000010 bf000000 df5c7e10 df5c7e10 c0351ca8
> 1f20: c0351c84 df5c7e10 bf001048 c0350734 bf001048 df5c7e10 df5c7e44 c035087c
> 1f40: bf001048 7f62dd4c 00000800 c034fb30 bf0010c0 c0158ee8 de910000 31397461
> 1f60: 6d61735f 32643561 6364615f 00000000 de911f90 de910000 de910000 00000000
> 1f80: de911fb0 10c53c7d de911f9c c05f33d8 de911fa0 00910000 be898ecb 7f62dd10
> 1fa0: 00000000 c0107560 be898ecb 7f62dd10 7f62dd4c 00000800 6f844800 6f844800
> 1fc0: be898ecb 7f62dd10 00000000 00000081 00000000 7f62dd10 be898bd8 be898bd8
> 1fe0: b6eedab1 be898b6c 7f61056b b6eedab6 000d0030 7f62dd4c 00000000 00000000
> [<c05f4624>] (mutex_lock) from [<c0471f74>] (iio_device_unregister+0x14/0x6c)
> [<c0471f74>] (iio_device_unregister) from [<bf000010>] (at91_adc_remove+0x10/0x3c [at91_sama5d2_adc])
> [<bf000010>] (at91_adc_remove [at91_sama5d2_adc]) from [<c0351ca8>] (platform_drv_remove+0x24/0x3c)
> [<c0351ca8>] (platform_drv_remove) from [<c0350734>] (__device_release_driver+0x84/0x110)
> [<c0350734>] (__device_release_driver) from [<c035087c>] (driver_detach+0x8c/0x90)
> [<c035087c>] (driver_detach) from [<c034fb30>] (bus_remove_driver+0x4c/0xa0)
> [<c034fb30>] (bus_remove_driver) from [<c0158ee8>] (SyS_delete_module+0x110/0x1d0)
> [<c0158ee8>] (SyS_delete_module) from [<c0107560>] (ret_fast_syscall+0x0/0x3c)
> Code: e3520001 1affffd5 eafffff4 f5d0f000 (e1902f9f)
> ---[ end trace 86914d7ad3696fca ]---
> 
> Signed-off-by: Marek Vasut <marex@denx.de>
> Cc: Ludovic Desroches <ludovic.desroches@atmel.com>
> Cc: Jonathan Cameron <jic23@kernel.org>
Applied to the fixes-togreg branch and marked for stable.

Thanks and oops :)

Who removes modules anyway?

Jonathan
> ---
>  drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
> index 07adb10..e10dca3 100644
> --- a/drivers/iio/adc/at91-sama5d2_adc.c
> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
> @@ -497,6 +497,8 @@ static int at91_adc_probe(struct platform_device *pdev)
>  	if (ret)
>  		goto vref_disable;
>  
> +	platform_set_drvdata(pdev, indio_dev);
> +
>  	ret = iio_device_register(indio_dev);
>  	if (ret < 0)
>  		goto per_clk_disable_unprepare;
>

next prev parent reply	other threads:[~2016-04-18 18:55 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-18 16:30 [PATCH] iio:adc:at91-sama5d2: Repair crash on module removal Marek Vasut
2016-04-18 18:55 ` Jonathan Cameron [this message]
2016-04-18 20:20   ` Marek Vasut
2016-04-19  6:12 ` Ludovic Desroches
2016-04-19 10:32   ` Marek Vasut

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57152DA8.8060106@kernel.org \
    --to=jic23@kernel.org \
    --cc=linux-iio@vger.kernel.org \
    --cc=ludovic.desroches@atmel.com \
    --cc=marex@denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).