mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-11 02:59:12 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/platform/x86
History
João Paulo Rechi Vita bd2088d1d7 platform/x86: asus-wireless: Fix NULL pointer dereference 
commit 9f0a93de91 upstream.

When the module is removed the led workqueue is destroyed in the remove
callback, before the led device is unregistered from the led subsystem.

This leads to a NULL pointer derefence when the led device is
unregistered automatically later as part of the module removal cleanup.
Bellow is the backtrace showing the problem.

  BUG: unable to handle kernel NULL pointer dereference at           (null)
  IP: __queue_work+0x8c/0x410
  PGD 0 P4D 0
  Oops: 0000 [#1] SMP NOPTI
  Modules linked in: ccm edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 joydev crypto_simd asus_nb_wmi glue_helper uvcvideo snd_hda_codec_conexant snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel asus_wmi snd_hda_codec cryptd snd_hda_core sparse_keymap videobuf2_vmalloc arc4 videobuf2_memops snd_hwdep input_leds videobuf2_v4l2 ath9k psmouse videobuf2_core videodev ath9k_common snd_pcm ath9k_hw media fam15h_power ath k10temp snd_timer mac80211 i2c_piix4 r8169 mii mac_hid cfg80211 asus_wireless(-) snd soundcore wmi shpchp 8250_dw ip_tables x_tables amdkfd amd_iommu_v2 amdgpu radeon chash i2c_algo_bit drm_kms_helper syscopyarea serio_raw sysfillrect sysimgblt fb_sys_fops ahci ttm libahci drm video
  CPU: 3 PID: 2177 Comm: rmmod Not tainted 4.15.0-5-generic #6+dev94.b4287e5bem1-Endless
  Hardware name: ASUSTeK COMPUTER INC. X555DG/X555DG, BIOS 5.011 05/05/2015
  RIP: 0010:__queue_work+0x8c/0x410
  RSP: 0018:ffffbe8cc249fcd8 EFLAGS: 00010086
  RAX: ffff992ac6810800 RBX: 0000000000000000 RCX: 0000000000000008
  RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff992ac6400e18
  RBP: ffffbe8cc249fd18 R08: ffff992ac6400db0 R09: 0000000000000000
  R10: 0000000000000040 R11: ffff992ac6400dd8 R12: 0000000000002000
  R13: ffff992abd762e00 R14: ffff992abd763e38 R15: 000000000001ebe0
  FS:  00007f318203e700(0000) GS:ffff992aced80000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000000 CR3: 00000001c720e000 CR4: 00000000001406e0
  Call Trace:
   queue_work_on+0x38/0x40
   led_state_set+0x2c/0x40 [asus_wireless]
   led_set_brightness_nopm+0x14/0x40
   led_set_brightness+0x37/0x60
   led_trigger_set+0xfc/0x1d0
   led_classdev_unregister+0x32/0xd0
   devm_led_classdev_release+0x11/0x20
   release_nodes+0x109/0x1f0
   devres_release_all+0x3c/0x50
   device_release_driver_internal+0x16d/0x220
   driver_detach+0x3f/0x80
   bus_remove_driver+0x55/0xd0
   driver_unregister+0x2c/0x40
   acpi_bus_unregister_driver+0x15/0x20
   asus_wireless_driver_exit+0x10/0xb7c [asus_wireless]
   SyS_delete_module+0x1da/0x2b0
   entry_SYSCALL_64_fastpath+0x24/0x87
  RIP: 0033:0x7f3181b65fd7
  RSP: 002b:00007ffe74bcbe18 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
  RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3181b65fd7
  RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000555ea2559258
  RBP: 0000555ea25591f0 R08: 00007ffe74bcad91 R09: 000000000000000a
  R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
  R13: 00007ffe74bcae00 R14: 0000000000000000 R15: 0000555ea25591f0
  Code: 01 00 00 02 0f 85 7d 01 00 00 48 63 45 d4 48 c7 c6 00 f4 fa 87 49 8b 9d 08 01 00 00 48 03 1c c6 4c 89 f7 e8 87 fb ff ff 48 85 c0 <48> 8b 3b 0f 84 c5 01 00 00 48 39 f8 0f 84 bc 01 00 00 48 89 c7
  RIP: __queue_work+0x8c/0x410 RSP: ffffbe8cc249fcd8
  CR2: 0000000000000000
  ---[ end trace 7aa4f4a232e9c39c ]---

Unregistering the led device on the remove callback before destroying the
workqueue avoids this problem.

https://bugzilla.kernel.org/show_bug.cgi?id=196097

Reported-by: Dun Hum <bitter.taste@gmx.com>
Cc: stable@vger.kernel.org
Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-09 09:51:55 +02:00
..
acer-wmi.c platform/x86: acer-wmi: Using zero as first WMI instance number 2017-06-20 20:23:17 +03:00
acerhdf.c platform/x86: acerhdf: Add const to thermal_cooling_device_ops structure 2017-06-21 14:12:46 -07:00
alienware-wmi.c platform/x86: alienware-wmi: fix format string overflow warning 2017-07-25 20:54:03 +03:00
amilo-rfkill.c
apple-gmux.c Revert "apple-gmux: lock iGP IO to protect from vgaarb changes" 2018-02-22 15:42:26 +01:00
asus-laptop.c platform/x86: asus-laptop: remove sparse_keymap_free() calls 2017-03-14 22:58:02 -07:00
asus-nb-wmi.c platform/x86: asus-wmi: try to set als by default 2017-04-28 21:52:24 +03:00
asus-wireless.c platform/x86: asus-wireless: Fix NULL pointer dereference 2018-05-09 09:51:55 +02:00
asus-wmi.c platform/x86: asus-wmi: Evaluate wmi method with instance number 0x0 2017-08-13 15:55:05 +03:00
asus-wmi.h platform/x86: asus-wmi: try to set als by default 2017-04-28 21:52:24 +03:00
classmate-laptop.c
compal-laptop.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
dell-laptop.c platform/x86: dell-laptop: Filter out spurious keyboard backlight change events 2018-04-26 11:02:04 +02:00
dell-rbtn.c platform/x86: dell-rbtn: constify rfkill_ops structures 2017-06-13 11:00:21 -07:00
dell-rbtn.h
dell-smbios.c platform/x86: dell-*: Add a generic dell-laptop notifier chain 2017-04-13 10:12:19 -07:00
dell-smbios.h platform/x86: dell-*: Add a generic dell-laptop notifier chain 2017-04-13 10:12:19 -07:00
dell-smo8800.c x86: separate extable.h, switch sections.h to it 2016-09-27 21:15:23 -04:00
dell-wmi-aio.c platform/x86: dell-wmi-aio: remove sparse_keymap_free() calls 2017-03-14 22:58:04 -07:00
dell-wmi-led.c platform/x86: dell-wmi-led: Adjust instance of wmi_evaluate_method calls to 0 2017-06-28 09:01:36 -07:00
dell-wmi.c platform/x86: dell-wmi: Update dell_wmi_check_descriptor_buffer() to new model 2017-08-18 17:06:32 -07:00
eeepc-laptop.c platform/x86: eeepc-laptop: constify platform_attribute_group 2017-06-30 20:13:01 -07:00
eeepc-wmi.c eeepc-wmi: Use acpi_dev_found() 2016-04-09 03:12:58 +02:00
fujitsu-laptop.c platform/x86: fujitsu-laptop: Don't oops when FUJ02E3 is not presnt 2017-09-27 00:04:43 -07:00
fujitsu-tablet.c
hdaps.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
hp-wireless.c platform/x86: hp-wireless: reuse module_acpi_driver 2017-04-28 21:51:25 +03:00
hp-wmi.c platform/x86: hp-wmi: Fix tablet mode detection for convertibles 2017-12-05 11:26:27 +01:00
hp_accel.c platform/x86: hp_accel: Add quirk for HP ProBook 440 G4 2017-12-20 10:10:31 +01:00
ibm_rtl.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
ideapad-laptop.c platform/x86: ideapad-laptop: Expose conservation mode switch 2017-08-14 23:27:12 +03:00
intel-hid.c platform-drivers-x86 for v4.14-1 2017-09-08 16:04:50 -07:00
intel-rst.c
intel-smartconnect.c platform/x86: Use ACPI_FAILURE at appropriate places 2016-12-13 09:29:01 -08:00
intel-vbtn.c platform/x86: intel-vbtn: reduce unnecessary messages for normal users 2017-08-18 16:23:15 -07:00
intel_bxtwc_tmu.c platform/x86: intel_bxtwc_tmu: Remove first level IRQ unmask 2017-06-19 15:45:30 +01:00
intel_cht_int33fe.c platform/x86: intel_cht_int33fe: Set supplied-from property on max17047 dev 2017-05-31 13:21:00 +03:00
intel_int0002_vgpio.c platform/x86: Add driver for ACPI INT0002 Virtual GPIO device 2017-06-15 00:55:44 +02:00
intel_ips.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h> 2017-03-02 08:42:27 +01:00
intel_ips.h
intel_menlow.c platform/x86: intel_menlow: Add const to thermal_cooling_device_ops structure 2017-06-21 14:13:10 -07:00
intel_mid_powerbtn.c platform/x86: intel_mid_powerbtn: make mid_pb_ddata const 2017-08-13 15:27:10 +03:00
intel_mid_thermal.c platform/x86: intel_mid_thermal: Fix module autoload 2017-02-03 14:04:53 +02:00
intel_oaktrail.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
intel_pmc_core.c platform/x86: intel_pmc_core: Make the driver PCH family agnostic 2017-08-13 16:01:22 +03:00
intel_pmc_core.h platform/x86: intel_pmc_core: Make the driver PCH family agnostic 2017-08-13 16:01:22 +03:00
intel_pmc_ipc.c platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR updates 2017-10-23 20:16:36 +03:00
intel_punit_ipc.c platform/x86: intel_punit_ipc: Fix resource ioremap warning 2017-12-20 10:10:25 +01:00
intel_scu_ipc.c platform/x86: intel_scu_ipc: make intel_scu_ipc_pdata_t const 2017-08-13 15:27:10 +03:00
intel_scu_ipcutil.c
intel_telemetry_core.c intel_telemetry: Constify telemetry_core_ops structures 2016-05-05 13:58:55 -07:00
intel_telemetry_debugfs.c platform/x86: intel_telemetry: Add GLK PSS Event Table 2017-07-25 20:54:03 +03:00
intel_telemetry_pltdrv.c platform/x86: intel_telemetry: remove redundant macro definition 2017-07-25 20:54:04 +03:00
intel_turbo_max_3.c platform/x86: intel_turbo_max_3: make it explicitly non-modular 2017-02-24 23:48:54 -08:00
Kconfig platform/x86: peaq-wmi: select INPUT_POLLDEV 2017-07-20 16:57:51 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mlx-platform.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
mlxcpld-hotplug.c platform/x86: Introduce support for Mellanox hotplug driver 2016-10-23 07:52:57 -07:00
msi-laptop.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
msi-wmi.c platform/x86: msi-wmi: remove unnecessary static in msi_wmi_notify() 2017-07-25 09:56:38 -07:00
mxm-wmi.c platform/x86: mxm-wmi: Evaluate wmi method with instance number 0x0 2017-08-13 15:55:05 +03:00
panasonic-laptop.c platform/x86: panasonic-laptop: constify attribute_group structures. 2017-07-11 09:22:53 -07:00
peaq-wmi.c platform/x86: peaq_wmi: Fix missing terminating entry for peaq_dmi_table 2017-11-21 09:49:23 +01:00
pmc_atom.c platform/x86: Enable Atom PMC platform clocks 2017-01-26 16:21:59 -08:00
pvpanic.c
samsung-laptop.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
samsung-q10.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
silead_dmi.c platform/x86: silead_dmi: Add entry for Ployer Momo7w tablet touchscreen 2017-07-12 13:57:42 -07:00
sony-laptop.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
surface3-wmi.c platform/x86: surface3-wmi: fix uninitialized symbol 2017-01-21 01:43:42 +02:00
surface3_button.c platform/x86: surface3_button: Propagate error from gpiod_count() 2017-03-16 21:52:12 +01:00
surfacepro3_button.c surfacepro3_button: Add a warning when switching to tablet mode 2016-05-27 11:47:53 -07:00
tc1100-wmi.c
thinkpad_acpi.c platform/x86: thinkpad_acpi: suppress warning about palm detection 2018-04-26 11:02:11 +02:00
topstar-laptop.c platform/x86: topstar-laptop: Add new device id 2017-05-15 16:15:50 -07:00
toshiba-wmi.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
toshiba_acpi.c platform/x86: toshiba_acpi: constify attribute_group structures. 2017-07-11 09:22:55 -07:00
toshiba_bluetooth.c platform/x86: toshiba_bluetooth: Decouple an error checking status code 2016-09-23 16:21:06 -07:00
toshiba_haps.c platform/x86: toshiba_haps: constify haps_attr_group 2017-06-28 09:01:37 -07:00
wmi-bmof.c platform/x86: wmi*: Add recent copyright statements 2017-06-13 11:00:18 -07:00
wmi.c platform/x86: wmi: Call acpi_wmi_init() later 2018-01-17 09:45:18 +01:00
xo1-rfkill.c
xo15-ebook.c