linux-stable/drivers
Stanislaw Gruszka 34a35bddb9 atmel_lcdfb: fix oops in rmmod when framebuffer fails to register
If framebuffer registration failed in platform driver ->probe() callback,
dev_get_drvdata() points to freed memory region, but ->remove() function
try to use it and the following oops occurs:

Unable to handle kernel NULL pointer dereference at virtual address 00000228
pgd = c3a20000
[00000228] *pgd=23a2b031, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1]
Modules linked in: atmel_lcdfb(-) cfbcopyarea cfbimgblt cfbfillrect [last unloaded: atmel_lcdfb]
CPU: 0    Not tainted  (2.6.27-rc2 #116)
PC is at atmel_lcdfb_remove+0x14/0xf8 [atmel_lcdfb]
LR is at platform_drv_remove+0x20/0x24
pc : [<bf006bc4>]    lr : [<c0157d28>]    psr: a0000013
sp : c3a45e84  ip : c3a45ea0  fp : c3a45e9c
r10: 00000002  r9 : c3a44000  r8 : c0026c04
r7 : 00000880  r6 : c02bb228  r5 : 00000000  r4 : c02bb230
r3 : bf007e3c  r2 : c02bb230  r1 : 00000004  r0 : c02bb228
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0005317f  Table: 23a20000  DAC: 00000015
Process rmmod (pid: 6799, stack limit = 0xc3a44260)
Stack: (0xc3a45e84 to 0xc3a46000)
5e80:          c02bb230 bf007e3c bf007e3c c3a45eac c3a45ea0 c0157d28 bf006bc0
5ea0: c3a45ec4 c3a45eb0 c0156d20 c0157d18 c02bb230 c02bb2d8 c3a45ee0 c3a45ec8
5ec0: c0156da8 c0156cb8 bf007e3c bf007ee0 c02c8e14 c3a45efc c3a45ee4 c0156018
5ee0: c0156d50 bf007e3c bf007ee0 00000000 c3a45f18 c3a45f00 c0157220 c0155f9c
5f00: 00000000 bf007ee0 bf008000 c3a45f28 c3a45f1c c0157e34 c01571ec c3a45f38
5f20: c3a45f2c bf006ba8 c0157e30 c3a45fa4 c3a45f3c c005772c bf006ba4 656d7461
5f40: 636c5f6c 00626664 c004c988 c3a45f80 c3a45f5c 00000000 c3a45fb0 00000000
5f60: ffffffff becaccd8 00000880 00000000 000a5e80 00000001 bf007ee0 00000880
5f80: c3a45f84 00000000 becaccd4 00000002 000003df 00000081 00000000 c3a45fa8
5fa0: c0026a60 c0057584 00000002 000003df 00900081 000a5e80 00000880 00000000
5fc0: becaccd4 00000002 000003df 00000000 000a5e80 00000001 00000002 0000005f
5fe0: 4004f5ec becacbe8 0001a158 4004f5fc 20000010 00900081 f9ffbadf 7bbfb2bb
Backtrace:
[<bf006bb0>] (atmel_lcdfb_remove+0x0/0xf8 [atmel_lcdfb]) from [<c0157d28>] (platform_drv_remove+0x20/0x24)
 r6:bf007e3c r5:bf007e3c r4:c02bb230
[<c0157d08>] (platform_drv_remove+0x0/0x24) from [<c0156d20>] (__device_release_driver+0x78/0x98)
[<c0156ca8>] (__device_release_driver+0x0/0x98) from [<c0156da8>] (driver_detach+0x68/0x90)
 r5:c02bb2d8 r4:c02bb230
[<c0156d40>] (driver_detach+0x0/0x90) from [<c0156018>] (bus_remove_driver+0x8c/0xb4)
 r6:c02c8e14 r5:bf007ee0 r4:bf007e3c
[<c0155f8c>] (bus_remove_driver+0x0/0xb4) from [<c0157220>] (driver_unregister+0x44/0x48)
 r6:00000000 r5:bf007ee0 r4:bf007e3c
[<c01571dc>] (driver_unregister+0x0/0x48) from [<c0157e34>] (platform_driver_unregister+0x14/0x18)
 r6:bf008000 r5:bf007ee0 r4:00000000
[<c0157e20>] (platform_driver_unregister+0x0/0x18) from [<bf006ba8>] (atmel_lcdfb_exit+0x14/0x1c [atmel_lcdfb])
[<bf006b94>] (atmel_lcdfb_exit+0x0/0x1c [atmel_lcdfb]) from [<c005772c>] (sys_delete_module+0x1b8/0x22c)
[<c0057574>] (sys_delete_module+0x0/0x22c) from [<c0026a60>] (ret_fast_syscall+0x0/0x2c)
 r7:00000081 r6:000003df r5:00000002 r4:becaccd4
Code: e92dd870 e24cb004 e59050c4 e1a06000 (e5954228)
---[ end trace 85476b184d9e68d8 ]---

This patch fixes the oops.

Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-05 14:39:38 -07:00
..
accessibility
acpi Merge branches 'smbus' and 'fujitsu-fix' into release-2.6.27 2008-09-04 14:33:03 +02:00
amba
ata [libata] pata_it821x: fix warning 2008-08-22 02:33:23 -04:00
atm removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
auxdisplay
base PM: Remove WARN_ON from device_pm_add 2008-08-21 10:15:37 -07:00
block Revert "pktcdvd: push BKL down into driver" 2008-08-27 13:42:00 -07:00
bluetooth [Bluetooth] Consolidate maintainers information 2008-08-18 13:23:53 +02:00
cdrom cdrom: handle TOC 2008-08-18 21:40:04 +02:00
char drivers/char/random.c: fix a race which can lead to a bogus BUG() 2008-09-02 19:21:40 -07:00
clocksource
connector
cpufreq [CPUFREQ] Fix -Wshadow warning in conservative governor. 2008-08-08 16:00:48 -04:00
cpuidle cpuidle: Make ladder governor honor latency requirements fully 2008-08-15 21:25:35 +02:00
crypto crypto: padlock - fix VIA PadLock instruction usage with irq_ts_save/restore() 2008-08-13 22:02:26 +10:00
dca
dio
dma Merge branch 'for-rmk' of git://git.marvell.com/orion 2008-08-09 18:03:13 +01:00
edac removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
eisa
firewire firewire: Kconfig help update 2008-08-19 18:47:56 +02:00
firmware ibft: fix target info parsing in ibft module 2008-09-02 19:21:40 -07:00
gpio
gpu drm/radeon: downgrade debug message from info to debug. 2008-09-01 08:51:52 +10:00
hid Input: bcm5974 - add driver for Macbook Air and Pro Penryn touchpads 2008-08-08 16:23:01 -04:00
hwmon hwmon-vid: Fix AMD K8 VID decoding 2008-08-15 11:50:15 -07:00
i2c Merge branch 'sh/for-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2008-09-05 14:30:58 -07:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2008-09-02 11:44:11 -07:00
ieee1394 ieee1394: sbp2: let nodemgr retry node updates during bus reset series 2008-08-19 18:47:56 +02:00
infiniband IB/mlx4: Actually return L_Key and R_Key for fast register MRs 2008-08-27 14:40:38 -07:00
input Blackfin arch: move include/asm-blackfin header files to arch/blackfin 2008-08-27 10:51:02 +08:00
isdn
leds [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
lguest lguest: update commentry 2008-08-26 00:19:28 +10:00
macintosh
mca
md Fix problem with waiting while holding rcu read lock in md/bitmap.c 2008-09-01 12:48:13 +10:00
media V4L/DVB (8881): gspca: After 'while (retry--) {...}', retry will be -1 but not 0. 2008-09-04 18:27:51 -03:00
memstick
message
mfd removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
misc Merge branch 'release-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-acpi-2.6 2008-09-05 14:27:12 -07:00
mmc mmc: at91_mci: don't use coherent dma buffers 2008-09-02 19:21:38 -07:00
mtd [MTD] [NAND] tmio_nand: fix base address programming 2008-09-05 15:34:35 +01:00
net forcedeth: fix kexec regression 2008-09-05 14:39:37 -07:00
nubus
of powerpc/ibmebus: Restore "name" sysfs attribute on ibmebus devices 2008-08-20 09:50:21 +10:00
oprofile powerpc/cell/oprofile: Avoid double vfree of profile buffer 2008-08-26 10:24:46 +10:00
parisc
parport
pci PCI: fix pbus_size_mem() resource alignment for CardBus controllers 2008-09-04 01:33:59 -07:00
pcmcia [ARM] 5198/1: PalmTX: PCMCIA fixes 2008-08-16 16:35:33 +01:00
pnp PNPACPI: ignore the producer/consumer bit for extended IRQ descriptors 2008-08-25 12:04:44 +02:00
power [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
ps3
rapidio
regulator
rtc rtc-cmos: wake again from S5 2008-09-02 19:21:40 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-08-27 17:38:07 -07:00
sbus sparc/drivers: use linux/of_device.h instead of asm/of_device.h 2008-08-11 14:30:53 -07:00
scsi remove blk_register_filter and blk_unregister_filter in gendisk 2008-08-29 11:47:07 +02:00
serial 8250: improve workaround for UARTs that don't re-assert THRE correctly 2008-09-02 19:21:38 -07:00
sh
sn
spi spi: bugfix spi_add_device() with duplicate chipselects 2008-08-15 08:35:44 -07:00
ssb ssb: allow compilation on systems without PCI 2008-08-18 11:05:13 -04:00
tc
telephony
thermal
uio UIO: generic irq handling for some uio platform devices 2008-08-21 10:15:39 -07:00
usb removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
video atmel_lcdfb: fix oops in rmmod when framebuffer fails to register 2008-09-05 14:39:38 -07:00
virtio virtio_balloon: fix towards_target when deflating balloon 2008-08-26 00:19:25 +10:00
w1
watchdog [WATCHDOG] removed unused #include <version.h> 2008-08-26 20:32:02 +00:00
xen stop_machine: wean Xen off stop_machine_run 2008-08-26 00:19:27 +10:00
zorro
Kconfig
Makefile USB: Add MUSB and TUSB support 2008-08-13 17:33:00 -07:00