From 213fa10db2f9c6725946cfa682990277eb9cd565 Mon Sep 17 00:00:00 2001 From: Grygorii Strashko Date: Thu, 28 Jul 2016 20:50:37 +0300 Subject: [PATCH] ARM: OMAP2+: omap_device: fix crash on omap_device removal Below call chain causes system crash when OMAP device is removed by calling of_platform_depopulate()/device_del(): device_del() - blocking_notifier_call_chain(&dev->bus->p->bus_notifier, BUS_NOTIFY_DEL_DEVICE, dev); - _omap_device_notifier_call() - omap_device_delete() - od->pdev->archdata.od = NULL; kfree(od->hwmods); kfree(od); - bus_remove_device() - device_release_driver() - __device_release_driver() - pm_runtime_get_sync() - _od_runtime_resume() - omap_hwmod_enable() <- OOPS od's delted already Backtrace: Unable to handle kernel NULL pointer dereference at virtual address 0000000d pgd = eb100000 [0000000d] *pgd=ad6e1831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] PREEMPT SMP ARM CPU: 1 PID: 1273 Comm: modprobe Not tainted 4.4.15-rt19-00115-ge4d3cd3-dirty #68 Hardware name: Generic DRA74X (Flattened Device Tree) task: eb1ee800 ti: ec962000 task.ti: ec962000 PC is at omap_device_enable+0x10/0x90 LR is at _od_runtime_resume+0x10/0x24 [...] [] (omap_device_enable) from [] (_od_runtime_resume+0x10/0x24) [] (_od_runtime_resume) from [] (__rpm_callback+0x20/0x34) [] (__rpm_callback) from [] (rpm_callback+0x20/0x80) [] (rpm_callback) from [] (rpm_resume+0x48c/0x964) [] (rpm_resume) from [] (__pm_runtime_resume+0x60/0x88) [] (__pm_runtime_resume) from [] (__device_release_driver+0x30/0x100) [] (__device_release_driver) from [] (device_release_driver+0x1c/0x28) [] (device_release_driver) from [] (bus_remove_device+0xec/0x144) [] (bus_remove_device) from [] (device_del+0x10c/0x210) [] (device_del) from [] (platform_device_del+0x18/0x84) [] (platform_device_del) from [] (platform_device_unregister+0xc/0x20) [] (platform_device_unregister) from [] (of_platform_device_destroy+0x8c/0x90) [] (of_platform_device_destroy) from [] (device_for_each_child+0x4c/0x78) [] (device_for_each_child) from [] (of_platform_depopulate+0x30/0x44) [] (of_platform_depopulate) from [] (cpsw_remove+0x68/0xf4 [ti_cpsw]) [] (cpsw_remove [ti_cpsw]) from [] (platform_drv_remove+0x24/0x3c) [] (platform_drv_remove) from [] (__device_release_driver+0x84/0x100) [] (__device_release_driver) from [] (driver_detach+0xac/0xb0) [] (driver_detach) from [] (bus_remove_driver+0x60/0xd4) [] (bus_remove_driver) from [] (SyS_delete_module+0x184/0x20c) [] (SyS_delete_module) from [] (ret_fast_syscall+0x0/0x1c) Code: e3500000 e92d4070 1590630c 01a06000 (e5d6300d) Hence, fix it by using BUS_NOTIFY_REMOVED_DEVICE event for OMAP device deletion which is sent when DD has finished processing of device deletion. Cc: Tony Lindgren Cc: Tero Kristo Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller --- arch/arm/mach-omap2/omap_device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c index f7ff3b9dad87..208f11563036 100644 --- a/arch/arm/mach-omap2/omap_device.c +++ b/arch/arm/mach-omap2/omap_device.c @@ -194,7 +194,7 @@ static int _omap_device_notifier_call(struct notifier_block *nb, int err; switch (event) { - case BUS_NOTIFY_DEL_DEVICE: + case BUS_NOTIFY_REMOVED_DEVICE: if (pdev->archdata.od) omap_device_delete(pdev->archdata.od); break;