From bd203bd56d12401398faa7428c81c1d76c91611e Mon Sep 17 00:00:00 2001 From: Bamvor Jian Zhang Date: Sat, 20 Feb 2016 13:13:19 +0800 Subject: gpiolib: fix crash when gpiochip removed Commit cb464a88e1ed ("gpio: make the gpiochip a real device") call gpiochip_sysfs_unregister after the gpiochip is empty. It lead to the following crash: [ 163.503994] Unable to handle kernel NULL pointer dereference at virtual address 0000007c [...] [ 163.525394] [] gpiochip_sysfs_unregister+0x44/0xa4 [ 163.525611] [] gpiochip_remove+0x24/0x154 [ 163.525861] [] mockup_gpio_remove+0x38/0x64 [gpio_mockup] [ 163.526101] [] platform_drv_remove+0x24/0x64 [ 163.526313] [] __device_release_driver+0x7c/0xfc [ 163.526525] [] driver_detach+0xbc/0xc0 [ 163.526700] [] bus_remove_driver+0x58/0xac [ 163.526883] [] driver_unregister+0x2c/0x4c [ 163.527067] [] platform_driver_unregister+0x10/0x18 [ 163.527284] [] mock_device_exit+0x10/0x38 [gpio_mockup] [ 163.527593] [] SyS_delete_module+0x1b8/0x1fc [ 163.527799] [] __sys_trace_return+0x0/0x4 [ 163.528049] Code: 940d74b4 f9019abf aa1303e0 940d7439 (7940fac0) [ 163.536273] ---[ end trace 3d1329be504af609 ]--- This patch fix this by changing the code back. Signed-off-by: Bamvor Jian Zhang Signed-off-by: Linus Walleij --- drivers/gpio/gpiolib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 3580c0de9d5a..b81646982375 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -684,11 +684,10 @@ void gpiochip_remove(struct gpio_chip *chip) unsigned i; bool requested = false; - /* Numb the device, cancelling all outstanding operations */ - gdev->chip = NULL; - /* FIXME: should the legacy sysfs handling be moved to gpio_device? */ gpiochip_sysfs_unregister(gdev); + /* Numb the device, cancelling all outstanding operations */ + gdev->chip = NULL; gpiochip_irqchip_remove(chip); acpi_gpiochip_remove(chip); gpiochip_remove_pin_ranges(chip); -- cgit v1.2.3