On Thu, 2016-04-28 at 11:09 +0300, Jarkko Sakkinen wrote:
> On Wed, 2016-04-27 at 10:58 -0600, Jason Gunthorpe wrote:
> >
> > The devm for the IRQ was placed on the chip, not the pdev. This can
> > cause the irq to be still callable after the pdev has been cleaned up
> > (eg priv kfree'd).
> >
> > Found by CONFIG_DEBUG_SHIRQ=y
> >
> > Reported-by: Stefan Berger <stef...@linux.vnet.ibm.com>
> > Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev")
> > Signed-off-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> > Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
And applied and merged to next.
/Jarkko
> /Jarkko
>
> >
> > ---
> > drivers/char/tpm/tpm_tis.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
> > index a6b2d460bfc0..d88827046a42 100644
> > --- a/drivers/char/tpm/tpm_tis.c
> > +++ b/drivers/char/tpm/tpm_tis.c
> > @@ -387,7 +387,7 @@ static void disable_interrupts(struct tpm_chip *chip)
> > intmask &= ~TPM_GLOBAL_INT_ENABLE;
> > iowrite32(intmask,
> > priv->iobase + TPM_INT_ENABLE(priv->locality));
> > - devm_free_irq(&chip->dev, priv->irq, chip);
> > + devm_free_irq(chip->dev.parent, priv->irq, chip);
> > priv->irq = 0;
> > chip->flags &= ~TPM_CHIP_FLAG_IRQ;
> > }
> > @@ -604,7 +604,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip
> > *chip, u32
> > intmask,
> > struct priv_data *priv = dev_get_drvdata(&chip->dev);
> > u8 original_int_vec;
> >
> > - if (devm_request_irq(&chip->dev, irq, tis_int_handler, flags,
> > + if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
> > dev_name(&chip->dev), chip) != 0) {
> > dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
> > irq);
