linux

mirror of https://github.com/torvalds/linux.git synced 2024-11-08 05:01:48 +00:00

History

Krzysztof Kozlowski 6e4a2a83f9 dmaengine: pl330: Fix NULL pointer dereference on driver unbind Fix a NULL pointer dereference after unbinding the driver, if channel resources were not yet allocated (no call to pl330_alloc_chan_resources()): $ echo 12850000.mdma > /sys/bus/amba/drivers/dma-pl330/unbind [ 13.606533] DMA pl330_control: removing pch: eeab6800, chan: eeab6814, thread: (null) [ 13.614472] Unable to handle kernel NULL pointer dereference at virtual address 0000000c [ 13.622537] pgd = ee284000 [ 13.625228] [0000000c] pgd=6e1e4831, pte=00000000, *ppte=00000000 [ 13.631482] Internal error: Oops: 17 [#1] PREEMPT SMP ARM [ 13.636859] Modules linked in: [ 13.639903] CPU: 0 PID: 1 Comm: sh Not tainted 3.17.0-rc3-next-20140904-00004-g7020ffc33ca3-dirty #420 [ 13.649187] task: ee80a800 ti: ee888000 task.ti: ee888000 [ 13.654589] PC is at _stop+0x8/0x2c8 [ 13.658131] LR is at pl330_control+0x70/0x2e8 [ 13.662468] pc : [<c0206028>] lr : [<c020649c>] psr: 60000093 [ 13.662468] sp : ee889e58 ip : 00000001 fp : 000bab70 [ 13.673922] r10: eeab6814 r9 : ee16debc r8 : 00000000 [ 13.679131] r7 : eeab685c r6 : 60000013 r5 : ee16de10 r4 : eeab6800 [ 13.685641] r3 : 00000002 r2 : 00000000 r1 : 00010000 r0 : 00000000 [ 13.692153] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user [ 13.699357] Control: 10c5387d Table: 6e28404a DAC: 00000015 [ 13.705085] Process sh (pid: 1, stack limit = 0xee888240) [ 13.710466] Stack: (0xee889e58 to 0xee88a000) [ 13.714808] 9e40: 00000002 eeab6800 [ 13.722969] 9e60: ee16de10 eeab6800 ee16de10 60000013 eeab685c c020649c 00000000 c040280c [ 13.731128] 9e80: ee889e80 ee889e80 ee16de18 ee16de10 eeab6880 eeab6814 00200200 eeab68a8 [ 13.739287] 9ea0: 00100100 c0208048 00000000 c0409fc4 eea80800 eea808f8 c0605c44 0000000e [ 13.747446] 9ec0: 0000000e eeb3960c eeb39600 c0203c48 eea80800 c0605c44 c0605a8c c023f694 [ 13.755605] 9ee0: ee80a800 eea80834 eea80800 c023f704 ee80a800 eea80800 c0605c44 c023e8ec [ 13.763764] 9f00: 0000000e ee149780 ee29e580 ee889f80 ee29e580 c023e19c 0000000e c01167e4 [ 13.771923] 9f20: c01167a0 00000000 00000000 c0115e88 00000000 00000000 ee0b1a00 0000000e [ 13.780082] 9f40: b6f48000 ee889f80 0000000e ee888000 b6f48000 c00bfadc 00000000 00000003 [ 13.788241] 9f60: 00000000 00000000 00000000 ee0b1a00 ee0b1a00 0000000e b6f48000 c00bfdf4 [ 13.796401] 9f80: 00000000 00000000 ffffffff 0000000e b6f48000 b6edc5d0 00000004 c000e7a4 [ 13.804560] 9fa0: 00000000 c000e620 0000000e b6f48000 00000001 b6f48000 0000000e 00000000 [ 13.812719] 9fc0: 0000000e b6f48000 b6edc5d0 00000004 0000000e b6f4c8c0 000c3470 000bab70 [ 13.820879] 9fe0: 00000000 bed2aa50 b6e18bdc b6e6b52c 60000010 00000001 c0c0c0c0 c0c0c0c0 [ 13.829058] [<c0206028>] (_stop) from [<c020649c>] (pl330_control+0x70/0x2e8) [ 13.836165] [<c020649c>] (pl330_control) from [<c0208048>] (pl330_remove+0xb0/0xdc) [ 13.843800] [<c0208048>] (pl330_remove) from [<c0203c48>] (amba_remove+0x24/0xc0) [ 13.851272] [<c0203c48>] (amba_remove) from [<c023f694>] (__device_release_driver+0x70/0xc4) [ 13.859685] [<c023f694>] (__device_release_driver) from [<c023f704>] (device_release_driver+0x1c/0x28) [ 13.868971] [<c023f704>] (device_release_driver) from [<c023e8ec>] (unbind_store+0x58/0x90) [ 13.877303] [<c023e8ec>] (unbind_store) from [<c023e19c>] (drv_attr_store+0x20/0x2c) [ 13.885036] [<c023e19c>] (drv_attr_store) from [<c01167e4>] (sysfs_kf_write+0x44/0x48) [ 13.892928] [<c01167e4>] (sysfs_kf_write) from [<c0115e88>] (kernfs_fop_write+0xc0/0x17c) [ 13.901090] [<c0115e88>] (kernfs_fop_write) from [<c00bfadc>] (vfs_write+0xa0/0x1a8) [ 13.908812] [<c00bfadc>] (vfs_write) from [<c00bfdf4>] (SyS_write+0x40/0x8c) [ 13.915850] [<c00bfdf4>] (SyS_write) from [<c000e620>] (ret_fast_syscall+0x0/0x30) [ 13.923392] Code: e5813010 e12fff1e e92d40f0 e24dd00c (e590200c) [ 13.929467] ---[ end trace 10064e15a5929cf8 ]--- Terminate the thread and free channel resource only if channel resources were allocated (thread is not NULL). Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com> Cc: <stable@vger.kernel.org> Fixes: `b3040e4067` ("DMA: PL330: Add dma api driver") Reviewed-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Vinod Koul <vinod.koul@intel.com>		2014-10-15 13:30:09 +05:30
..
bestcomm	drivers: clean-up prom.h implicit includes	2013-10-09 20:04:04 -05:00
dw	dmaengine: dw: add PCI IDs for Braswell DMAs	2014-09-11 11:48:13 +05:30
ioat	ioat: fix tasklet tear down	2014-02-25 09:44:20 -08:00
ipu	dmaengine: ipu: use return value of request_irq	2014-07-25 15:39:50 +05:30
ppc4xx	Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma	2014-01-29 20:27:23 -08:00
sh	dma: rcar-audmapp: Fix for no corresponding slave ID	2014-08-28 12:42:10 +05:30
xilinx	dma: xilinx: Remove .owner field for driver	2014-08-19 22:36:50 +05:30
acpi-dma.c	acpi-dma: convert to return error code when asked for channel	2014-02-11 23:30:50 +05:30
amba-pl08x.c	dma: pl08x: Use correct specifier for size_t values	2014-08-04 13:45:26 +05:30
at_hdmac_regs.h	dmaengine: at_hdmac: remove unused function	2013-12-12 22:43:41 -08:00
at_hdmac.c	dma: at_hdmac: fix invalid remaining bytes detection	2014-08-07 21:52:27 +05:30
bcm2835-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
coh901318_lli.c	Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma	2013-02-26 09:24:48 -08:00
coh901318.c	dmaengine: coh901318: use DMA_COMPLETE for dma completion status	2013-10-25 11:15:56 +05:30
coh901318.h	dma: coh901318: merge header files	2013-01-07 17:36:37 +01:00
cppi41.c	dma: cppi41: handle 0-length packets	2014-07-01 12:15:48 +05:30
dma-jz4740.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
dmaengine.c	dmaengine: fix dmaengine_unmap failure	2014-05-21 14:02:37 -07:00
dmaengine.h	dmaengine: consolidate initialization of cookies	2012-03-13 11:37:22 +05:30
dmatest.c	dmatest: prevent memory leakage on error path in thread	2014-09-23 20:50:39 +05:30
edma.c	Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma	2014-08-11 07:14:01 -07:00
ep93xx_dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
fsl-edma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
fsldma.c	dmaengine: Freescale: change descriptor release process for supporting async_tx	2014-07-14 21:32:18 +05:30
fsldma.h	dmaengine: Freescale: change descriptor release process for supporting async_tx	2014-07-14 21:32:18 +05:30
imx-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
imx-sdma.c	dma: imx-sdma: fix another incorrect __init annotation	2014-09-28 21:30:05 +05:30
intel_mid_dma_regs.h	dma: fix comments	2012-09-01 08:57:12 -07:00
intel_mid_dma.c	dmaengine: intel_mid_dma: use DMA_COMPLETE for dma completion status	2013-10-25 11:16:04 +05:30
iop-adma.c	Merge commit 'dmaengine-3.13-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine	2013-11-16 12:02:36 +05:30
iovlock.c
k3dma.c	dmaengine: k3dma: fix sparse warnings	2014-01-20 13:53:20 +05:30
Kconfig	dma: Kconfig: Include mx6 in the IMX_SDMA help section	2014-09-23 20:56:23 +05:30
Makefile	Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma	2014-08-11 07:14:01 -07:00
mic_x100_dma.c	dma: MIC X100 DMA Driver	2014-07-12 09:57:42 -07:00
mic_x100_dma.h	dma: MIC X100 DMA Driver	2014-07-12 09:57:42 -07:00
mmp_pdma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
mmp_tdma.c	dmaengine: mmp_tdma: add DMA_PREP_INTERRUPT flag support	2014-09-11 10:47:44 +05:30
moxart-dma.c	dmaengine: Add MOXA ART DMA engine driver	2014-01-20 12:32:46 +05:30
mpc512x_dma.c	dmaengine: mpc512x: register for device tree channel lookup	2014-07-26 00:21:42 +05:30
mv_xor.c	dma: mv_xor: Add support for DMA_INTERRUPT	2014-09-23 20:17:01 +05:30
mv_xor.h	dma: mv_xor: Add support for DMA_INTERRUPT	2014-09-23 20:17:01 +05:30
mxs-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
nbpfaxi.c	dmaengine: nbpf_error_get_channel() can be static	2014-08-05 22:00:18 +05:30
of-dma.c	dmaengine: of: add common xlate function for matching by channel id	2014-07-26 00:21:41 +05:30
omap-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
pch_dma.c	dmaengine: pch: fix compilation for alpha target	2014-05-22 18:50:49 +05:30
pl330.c	dmaengine: pl330: Fix NULL pointer dereference on driver unbind	2014-10-15 13:30:09 +05:30
qcom_bam_dma.c	dmaengine: qcom_bam_dma: Add descriptor flags	2014-07-14 22:06:41 +05:30
s3c24xx-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
sa11x0-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
sirf-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
ste_dma40_ll.c	dmaengine: ste_dma40_ll: Replace meaningless register set with comment	2013-06-04 11:12:10 +02:00
ste_dma40_ll.h	dmaengine: ste_dma40: Remove unnecessary call to d40_phy_cfg()	2013-05-23 21:13:19 +02:00
ste_dma40.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
sun6i-dma.c	dmaengine: sun6i: Remove obsolete clk muxing code	2014-09-24 10:58:27 +05:30
tegra20-apb-dma.c	dmaengine: Remove the context argument to the prep_dma_cyclic operation	2014-08-04 13:41:50 +05:30
timb_dma.c	dmaengine: remove DMA unmap from drivers	2013-11-14 11:04:38 -08:00
TODO	dmaengine: dw: don't perform DMA when dmaengine_submit is called	2014-07-15 22:14:30 +05:30
txx9dmac.c	dma: fix build warnings in txx9	2013-12-12 22:43:41 -08:00
txx9dmac.h
virt-dma.c	dmaengine: virt-dma: add support for cyclic DMA periodic callbacks	2012-07-01 14:15:23 +01:00
virt-dma.h	dma: fix vchan_cookie_complete() debug print	2014-01-26 17:33:45 +05:30