On 07/14/16 13:52, Jiri Slaby wrote:
With this command sequence: modprobe plip modprobe pps_parport rmmod pps_parport the partport_pps modules causes this crash:=== BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffffa110301d>] parport_detach+0x1d/0x60 [pps_parport] Oops: 0000 [#1] SMP ... Call Trace: [<ffffffffa036a185>] parport_unregister_driver+0x65/0xc0 [parport] [<ffffffff810ff667>] SyS_delete_module+0x187/0x210 === 1) plip is loaded and takes the parport device for exclusive use: plip0: Parallel port at 0x378, using IRQ 7. 2) pps_parport then fails to grab the device: pps_parport: parallel port PPS client parport0: cannot grant exclusive access for device pps_parport pps_parport: couldn't register with parport0 3) rmmod of pps_parport is then killed because it tries to access pardev->name, but pardev (taken from port->cad) is NULL. So add a check for NULL in the test there too. Signed-off-by: Jiri Slaby <[email protected]> Cc: Rodolfo Giometti <[email protected]> --- drivers/pps/clients/pps_parport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 38a8bbe74810..83797d89c30f 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -195,7 +195,7 @@ static void parport_detach(struct parport *port) struct pps_client_pp *device; /* FIXME: oooh, this is ugly! */ - if (strcmp(pardev->name, KBUILD_MODNAME)) + if (!pardev || strcmp(pardev->name, KBUILD_MODNAME)) /* not our port */ return;
Acked-by: Rodolfo Giometti <[email protected]> -- HCE Engineering e-mail: [email protected] GNU/Linux Solutions [email protected] Linux Device Driver [email protected] Embedded Systems phone: +39 349 2432127 UNIX programming skype: rodolfo.giometti Cosino Project - the quick prototyping embedded system - www.cosino.io Freelance ICT Italia - Consulente ICT Italia - www.consulenti-ict.it
