34a35bddb9
If framebuffer registration failed in platform driver ->probe() callback, dev_get_drvdata() points to freed memory region, but ->remove() function try to use it and the following oops occurs: Unable to handle kernel NULL pointer dereference at virtual address 00000228 pgd = c3a20000 [00000228] *pgd=23a2b031, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] Modules linked in: atmel_lcdfb(-) cfbcopyarea cfbimgblt cfbfillrect [last unloaded: atmel_lcdfb] CPU: 0 Not tainted (2.6.27-rc2 #116) PC is at atmel_lcdfb_remove+0x14/0xf8 [atmel_lcdfb] LR is at platform_drv_remove+0x20/0x24 pc : [<bf006bc4>] lr : [<c0157d28>] psr: a0000013 sp : c3a45e84 ip : c3a45ea0 fp : c3a45e9c r10: 00000002 r9 : c3a44000 r8 : c0026c04 r7 : 00000880 r6 : c02bb228 r5 : 00000000 r4 : c02bb230 r3 : bf007e3c r2 : c02bb230 r1 : 00000004 r0 : c02bb228 Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 0005317f Table: 23a20000 DAC: 00000015 Process rmmod (pid: 6799, stack limit = 0xc3a44260) Stack: (0xc3a45e84 to 0xc3a46000) 5e80: c02bb230 bf007e3c bf007e3c c3a45eac c3a45ea0 c0157d28 bf006bc0 5ea0: c3a45ec4 c3a45eb0 c0156d20 c0157d18 c02bb230 c02bb2d8 c3a45ee0 c3a45ec8 5ec0: c0156da8 c0156cb8 bf007e3c bf007ee0 c02c8e14 c3a45efc c3a45ee4 c0156018 5ee0: c0156d50 bf007e3c bf007ee0 00000000 c3a45f18 c3a45f00 c0157220 c0155f9c 5f00: 00000000 bf007ee0 bf008000 c3a45f28 c3a45f1c c0157e34 c01571ec c3a45f38 5f20: c3a45f2c bf006ba8 c0157e30 c3a45fa4 c3a45f3c c005772c bf006ba4 656d7461 5f40: 636c5f6c 00626664 c004c988 c3a45f80 c3a45f5c 00000000 c3a45fb0 00000000 5f60: ffffffff becaccd8 00000880 00000000 000a5e80 00000001 bf007ee0 00000880 5f80: c3a45f84 00000000 becaccd4 00000002 000003df 00000081 00000000 c3a45fa8 5fa0: c0026a60 c0057584 00000002 000003df 00900081 000a5e80 00000880 00000000 5fc0: becaccd4 00000002 000003df 00000000 000a5e80 00000001 00000002 0000005f 5fe0: 4004f5ec becacbe8 0001a158 4004f5fc 20000010 00900081 f9ffbadf 7bbfb2bb Backtrace: [<bf006bb0>] (atmel_lcdfb_remove+0x0/0xf8 [atmel_lcdfb]) from [<c0157d28>] (platform_drv_remove+0x20/0x24) r6:bf007e3c r5:bf007e3c r4:c02bb230 [<c0157d08>] (platform_drv_remove+0x0/0x24) from [<c0156d20>] (__device_release_driver+0x78/0x98) [<c0156ca8>] (__device_release_driver+0x0/0x98) from [<c0156da8>] (driver_detach+0x68/0x90) r5:c02bb2d8 r4:c02bb230 [<c0156d40>] (driver_detach+0x0/0x90) from [<c0156018>] (bus_remove_driver+0x8c/0xb4) r6:c02c8e14 r5:bf007ee0 r4:bf007e3c [<c0155f8c>] (bus_remove_driver+0x0/0xb4) from [<c0157220>] (driver_unregister+0x44/0x48) r6:00000000 r5:bf007ee0 r4:bf007e3c [<c01571dc>] (driver_unregister+0x0/0x48) from [<c0157e34>] (platform_driver_unregister+0x14/0x18) r6:bf008000 r5:bf007ee0 r4:00000000 [<c0157e20>] (platform_driver_unregister+0x0/0x18) from [<bf006ba8>] (atmel_lcdfb_exit+0x14/0x1c [atmel_lcdfb]) [<bf006b94>] (atmel_lcdfb_exit+0x0/0x1c [atmel_lcdfb]) from [<c005772c>] (sys_delete_module+0x1b8/0x22c) [<c0057574>] (sys_delete_module+0x0/0x22c) from [<c0026a60>] (ret_fast_syscall+0x0/0x2c) r7:00000081 r6:000003df r5:00000002 r4:becaccd4 Code: e92dd870 e24cb004 e59050c4 e1a06000 (e5954228) ---[ end trace 85476b184d9e68d8 ]--- This patch fixes the oops. Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com> Acked-by: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: Haavard Skinnemoen <hskinnemoen@atmel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
aty | ||
backlight | ||
console | ||
display | ||
geode | ||
i810 | ||
intelfb | ||
kyro | ||
logo | ||
matrox | ||
mbx | ||
nvidia | ||
omap | ||
pnx4008 | ||
riva | ||
savage | ||
sis | ||
vermilion | ||
68328fb.c | ||
acornfb.c | ||
acornfb.h | ||
am200epd.c | ||
amba-clcd.c | ||
amifb.c | ||
arcfb.c | ||
arkfb.c | ||
asiliantfb.c | ||
atafb_iplan2p2.c | ||
atafb_iplan2p4.c | ||
atafb_iplan2p8.c | ||
atafb_mfb.c | ||
atafb_utils.h | ||
atafb.c | ||
atafb.h | ||
atmel_lcdfb.c | ||
au1100fb.c | ||
au1100fb.h | ||
au1200fb.c | ||
au1200fb.h | ||
bf54x-lq043fb.c | ||
bfin-t350mcqb-fb.c | ||
bt431.h | ||
bt455.h | ||
bw2.c | ||
c2p.c | ||
c2p.h | ||
carminefb_regs.h | ||
carminefb.c | ||
carminefb.h | ||
cfbcopyarea.c | ||
cfbfillrect.c | ||
cfbimgblt.c | ||
cg3.c | ||
cg6.c | ||
cg14.c | ||
chipsfb.c | ||
cirrusfb.c | ||
clps711xfb.c | ||
cobalt_lcdfb.c | ||
controlfb.c | ||
controlfb.h | ||
cyber2000fb.c | ||
cyber2000fb.h | ||
cyblafb.c | ||
dnfb.c | ||
edid.h | ||
efifb.c | ||
epson1355fb.c | ||
fb_ddc.c | ||
fb_defio.c | ||
fb_draw.h | ||
fb_notify.c | ||
fb_sys_fops.c | ||
fbcmap.c | ||
fbcvt.c | ||
fbmem.c | ||
fbmon.c | ||
fbsysfs.c | ||
ffb.c | ||
fm2fb.c | ||
fsl-diu-fb.c | ||
fsl-diu-fb.h | ||
g364fb.c | ||
gbefb.c | ||
gxt4500.c | ||
hecubafb.c | ||
hgafb.c | ||
hitfb.c | ||
hpfb.c | ||
igafb.c | ||
imacfb.c | ||
imsttfb.c | ||
imxfb.c | ||
imxfb.h | ||
Kconfig | ||
leo.c | ||
macfb.c | ||
macmodes.c | ||
macmodes.h | ||
Makefile | ||
maxinefb.c | ||
metronomefb.c | ||
modedb.c | ||
n411.c | ||
neofb.c | ||
offb.c | ||
output.c | ||
p9100.c | ||
platinumfb.c | ||
platinumfb.h | ||
pm2fb.c | ||
pm3fb.c | ||
pmag-aa-fb.c | ||
pmag-ba-fb.c | ||
pmagb-b-fb.c | ||
ps3fb.c | ||
pvr2fb.c | ||
pxafb.c | ||
pxafb.h | ||
q40fb.c | ||
s1d13xxxfb.c | ||
s3c2410fb.c | ||
s3c2410fb.h | ||
s3fb.c | ||
sa1100fb.c | ||
sa1100fb.h | ||
sbuslib.c | ||
sbuslib.h | ||
sgivwfb.c | ||
sh7760fb.c | ||
sh_mobile_lcdcfb.c | ||
skeletonfb.c | ||
sm501fb.c | ||
sstfb.c | ||
sticore.h | ||
stifb.c | ||
sunxvr500.c | ||
sunxvr2500.c | ||
svgalib.c | ||
syscopyarea.c | ||
sysfillrect.c | ||
sysimgblt.c | ||
tcx.c | ||
tdfxfb.c | ||
tgafb.c | ||
tridentfb.c | ||
uvesafb.c | ||
valkyriefb.c | ||
valkyriefb.h | ||
vesafb.c | ||
vfb.c | ||
vga16fb.c | ||
vgastate.c | ||
vt8623fb.c | ||
w100fb.c | ||
w100fb.h | ||
xen-fbfront.c | ||
xilinxfb.c |