linux/drivers/video
Stanislaw Gruszka 34a35bddb9 atmel_lcdfb: fix oops in rmmod when framebuffer fails to register
If framebuffer registration failed in platform driver ->probe() callback,
dev_get_drvdata() points to freed memory region, but ->remove() function
try to use it and the following oops occurs:

Unable to handle kernel NULL pointer dereference at virtual address 00000228
pgd = c3a20000
[00000228] *pgd=23a2b031, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1]
Modules linked in: atmel_lcdfb(-) cfbcopyarea cfbimgblt cfbfillrect [last unloaded: atmel_lcdfb]
CPU: 0    Not tainted  (2.6.27-rc2 #116)
PC is at atmel_lcdfb_remove+0x14/0xf8 [atmel_lcdfb]
LR is at platform_drv_remove+0x20/0x24
pc : [<bf006bc4>]    lr : [<c0157d28>]    psr: a0000013
sp : c3a45e84  ip : c3a45ea0  fp : c3a45e9c
r10: 00000002  r9 : c3a44000  r8 : c0026c04
r7 : 00000880  r6 : c02bb228  r5 : 00000000  r4 : c02bb230
r3 : bf007e3c  r2 : c02bb230  r1 : 00000004  r0 : c02bb228
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0005317f  Table: 23a20000  DAC: 00000015
Process rmmod (pid: 6799, stack limit = 0xc3a44260)
Stack: (0xc3a45e84 to 0xc3a46000)
5e80:          c02bb230 bf007e3c bf007e3c c3a45eac c3a45ea0 c0157d28 bf006bc0
5ea0: c3a45ec4 c3a45eb0 c0156d20 c0157d18 c02bb230 c02bb2d8 c3a45ee0 c3a45ec8
5ec0: c0156da8 c0156cb8 bf007e3c bf007ee0 c02c8e14 c3a45efc c3a45ee4 c0156018
5ee0: c0156d50 bf007e3c bf007ee0 00000000 c3a45f18 c3a45f00 c0157220 c0155f9c
5f00: 00000000 bf007ee0 bf008000 c3a45f28 c3a45f1c c0157e34 c01571ec c3a45f38
5f20: c3a45f2c bf006ba8 c0157e30 c3a45fa4 c3a45f3c c005772c bf006ba4 656d7461
5f40: 636c5f6c 00626664 c004c988 c3a45f80 c3a45f5c 00000000 c3a45fb0 00000000
5f60: ffffffff becaccd8 00000880 00000000 000a5e80 00000001 bf007ee0 00000880
5f80: c3a45f84 00000000 becaccd4 00000002 000003df 00000081 00000000 c3a45fa8
5fa0: c0026a60 c0057584 00000002 000003df 00900081 000a5e80 00000880 00000000
5fc0: becaccd4 00000002 000003df 00000000 000a5e80 00000001 00000002 0000005f
5fe0: 4004f5ec becacbe8 0001a158 4004f5fc 20000010 00900081 f9ffbadf 7bbfb2bb
Backtrace:
[<bf006bb0>] (atmel_lcdfb_remove+0x0/0xf8 [atmel_lcdfb]) from [<c0157d28>] (platform_drv_remove+0x20/0x24)
 r6:bf007e3c r5:bf007e3c r4:c02bb230
[<c0157d08>] (platform_drv_remove+0x0/0x24) from [<c0156d20>] (__device_release_driver+0x78/0x98)
[<c0156ca8>] (__device_release_driver+0x0/0x98) from [<c0156da8>] (driver_detach+0x68/0x90)
 r5:c02bb2d8 r4:c02bb230
[<c0156d40>] (driver_detach+0x0/0x90) from [<c0156018>] (bus_remove_driver+0x8c/0xb4)
 r6:c02c8e14 r5:bf007ee0 r4:bf007e3c
[<c0155f8c>] (bus_remove_driver+0x0/0xb4) from [<c0157220>] (driver_unregister+0x44/0x48)
 r6:00000000 r5:bf007ee0 r4:bf007e3c
[<c01571dc>] (driver_unregister+0x0/0x48) from [<c0157e34>] (platform_driver_unregister+0x14/0x18)
 r6:bf008000 r5:bf007ee0 r4:00000000
[<c0157e20>] (platform_driver_unregister+0x0/0x18) from [<bf006ba8>] (atmel_lcdfb_exit+0x14/0x1c [atmel_lcdfb])
[<bf006b94>] (atmel_lcdfb_exit+0x0/0x1c [atmel_lcdfb]) from [<c005772c>] (sys_delete_module+0x1b8/0x22c)
[<c0057574>] (sys_delete_module+0x0/0x22c) from [<c0026a60>] (ret_fast_syscall+0x0/0x2c)
 r7:00000081 r6:000003df r5:00000002 r4:becaccd4
Code: e92dd870 e24cb004 e59050c4 e1a06000 (e5954228)
---[ end trace 85476b184d9e68d8 ]---

This patch fixes the oops.

Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-05 14:39:38 -07:00
..
aty radeonfb: fix accel engine hangs 2008-08-12 16:07:28 -07:00
backlight [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
console fbcon: prevent cursor disappearance after switching to 512 character font 2008-08-12 16:07:29 -07:00
display
geode lxfb: fix console blanking 2008-07-24 10:47:40 -07:00
i810
intelfb i2c: Let framebuffer drivers set their I2C bus class to DDC 2008-07-14 22:38:28 +02:00
kyro
logo
matrox matrox maven: convert to a new-style i2c driver 2008-08-12 16:07:29 -07:00
mbx
nvidia
omap [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
pnx4008 [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
riva
savage
sis video/sis/: remove compat code 2008-07-24 10:47:37 -07:00
vermilion removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
68328fb.c
acornfb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
acornfb.h
am200epd.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
amba-clcd.c
amifb.c drivers/video/amifb.c cleanups 2008-07-24 10:47:40 -07:00
arcfb.c
arkfb.c removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
asiliantfb.c
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atafb.c atafb: test virtual screen range before subtraction on unsigned 2008-07-24 10:47:37 -07:00
atafb.h
atmel_lcdfb.c atmel_lcdfb: fix oops in rmmod when framebuffer fails to register 2008-09-05 14:39:38 -07:00
au1100fb.c
au1100fb.h
au1200fb.c
au1200fb.h
bf54x-lq043fb.c Blackfin arch: move include/asm-blackfin header files to arch/blackfin 2008-08-27 10:51:02 +08:00
bfin-t350mcqb-fb.c lcd: add lcd_device to check_fb() entry in lcd_ops 2008-07-24 10:47:40 -07:00
bt431.h
bt455.h
bw2.c
c2p.c export c2p 2008-07-20 17:24:39 -07:00
c2p.h
carminefb_regs.h fbdev: add the carmine FB driver 2008-07-24 10:47:34 -07:00
carminefb.c fbdev: add the carmine FB driver 2008-07-24 10:47:34 -07:00
carminefb.h fbdev: add the carmine FB driver 2008-07-24 10:47:34 -07:00
cfbcopyarea.c
cfbfillrect.c
cfbimgblt.c
cg3.c
cg6.c
cg14.c
chipsfb.c
cirrusfb.c cirrusfb: check_par fixes 2008-09-02 19:21:38 -07:00
clps711xfb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
cobalt_lcdfb.c fbdev: add new Cobalt LCD framebuffer driver 2008-07-24 10:47:40 -07:00
controlfb.c
controlfb.h
cyber2000fb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
cyber2000fb.h
cyblafb.c
dnfb.c
edid.h
efifb.c
epson1355fb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
fb_ddc.c i2c: Let framebuffer drivers set their I2C bus class to DDC 2008-07-14 22:38:28 +02:00
fb_defio.c fbdefio: add set_page_dirty handler to deferred IO FB 2008-08-20 15:40:32 -07:00
fb_draw.h
fb_notify.c
fb_sys_fops.c
fbcmap.c
fbcvt.c
fbmem.c fbdefio: add set_page_dirty handler to deferred IO FB 2008-08-20 15:40:32 -07:00
fbmon.c fbdev: width and height are unsigned 2008-07-24 10:47:39 -07:00
fbsysfs.c
ffb.c
fm2fb.c
fsl-diu-fb.c freescale DIU: bug fix: add sanity check for AOI position 2008-08-15 08:35:43 -07:00
fsl-diu-fb.h
g364fb.c
gbefb.c gbefb: cmap FIFO timeout 2008-07-30 09:41:47 -07:00
gxt4500.c
hecubafb.c
hgafb.c hgafb: convert to new platform driver API 2008-07-24 10:47:39 -07:00
hitfb.c video: Fix up hp6xx driver build regressions. 2008-07-30 02:16:12 +09:00
hpfb.c
igafb.c
imacfb.c
imsttfb.c
imxfb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
imxfb.h
Kconfig video: sh7760fb: SH7760/SH7763 LCDC framebuffer driver 2008-07-24 10:47:41 -07:00
leo.c
macfb.c make macfb_setup() static 2008-07-26 12:00:12 -07:00
macmodes.c
macmodes.h
Makefile video: Kill off leaked CONFIG_FB_SH7343VOU reference. 2008-07-29 06:39:26 +09:00
maxinefb.c
metronomefb.c
modedb.c
n411.c
neofb.c neofb: drop the xtimings structure 2008-07-24 10:47:41 -07:00
offb.c fbdev: Teaches offb about palette on radeon r5xx/r6xx 2008-07-22 10:39:36 +10:00
output.c
p9100.c
platinumfb.c
platinumfb.h
pm2fb.c pm2fb: free cmap memory on module remove 2008-08-20 15:40:31 -07:00
pm3fb.c
pmag-aa-fb.c
pmag-ba-fb.c
pmagb-b-fb.c
ps3fb.c powerpc/ps3: Add a sub-match id to ps3_system_bus 2008-07-22 10:39:33 +10:00
pvr2fb.c sh: More header path fixups for mach dir refactoring. 2008-07-29 22:10:01 +09:00
pxafb.c [ARM] pxafb: fix the warning of incorrect lccr when lcd_conn is specified 2008-08-16 16:39:16 +01:00
pxafb.h pxafb: convert ctrlr_sem in a mutex 2008-07-24 10:47:37 -07:00
q40fb.c
s1d13xxxfb.c
s3c2410fb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
s3c2410fb.h
s3fb.c removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
sa1100fb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
sa1100fb.h sa1100fb: convert ctrlr_sem in a mutex 2008-07-24 10:47:37 -07:00
sbuslib.c
sbuslib.h
sgivwfb.c
sh7760fb.c sh7760fb: write colormap value to hardware 2008-07-28 16:30:21 -07:00
sh_mobile_lcdcfb.c video: export sh_mobile_lcdc panel size 2008-08-11 20:17:55 +09:00
skeletonfb.c skeletonfb: update to correct platform driver usage 2008-07-24 10:47:39 -07:00
sm501fb.c sm501: fixup allocation code to be 64bit resource compliant 2008-07-24 10:47:40 -07:00
sstfb.c
sticore.h video/console/stico{n,re}.c: make code static 2008-07-26 12:00:12 -07:00
stifb.c video/stifb.c: make 2 functions static 2008-07-26 12:00:12 -07:00
sunxvr500.c
sunxvr2500.c
svgalib.c
syscopyarea.c
sysfillrect.c
sysimgblt.c
tcx.c
tdfxfb.c tdfxfb: fix frame buffer name overrun 2008-09-02 19:21:39 -07:00
tgafb.c
tridentfb.c tridentfb: remove warning message that cyblafb driver should be used 2008-07-24 10:47:36 -07:00
uvesafb.c uvesafb: change mode parameter to mode_option 2008-07-24 10:47:37 -07:00
valkyriefb.c
valkyriefb.h
vesafb.c
vfb.c vfb: only enable if explicitly requested when compiled in 2008-07-24 10:47:39 -07:00
vga16fb.c vga16fb: source code improvement 2008-07-24 10:47:38 -07:00
vgastate.c
vt8623fb.c removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
w100fb.c
w100fb.h
xen-fbfront.c
xilinxfb.c removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00