mirror of
https://github.com/torvalds/linux.git
synced 2024-11-24 13:11:40 +00:00
f07b60b7c3
When hid sensor hub is unplugged, there is a crash in iio_device_unregister_trigger_consumer. In a typical IIO driver when remove is called, it will unregister and free trigger and then it will call iio_device_free. The function iio_trigger_free() will free the allocated memory for trigger. If this trigger was assigned to iio_dev->trig, then it should be set to NULL. Othewise when iio_device_free() is called later, it finally calls iio_device_unregsister_trigger(), which checks for if (indio_dev->trig) iio_trigger_put(indio_dev->trig); If indio_dev->trig is not set to NULL, it calls iio_trigger_put on a bad pointer causing crash. This scenerio can happen in any driver, which is storing trigger pointer in iio_dev structure and following current procedure during remove. Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org> |
||
---|---|---|
.. | ||
accel | ||
adc | ||
amplifiers | ||
common | ||
dac | ||
frequency | ||
gyro | ||
light | ||
magnetometer | ||
iio_core_trigger.h | ||
iio_core.h | ||
industrialio-buffer.c | ||
industrialio-core.c | ||
industrialio-event.c | ||
industrialio-trigger.c | ||
industrialio-triggered-buffer.c | ||
inkern.c | ||
Kconfig | ||
kfifo_buf.c | ||
Makefile |