leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
06b8b00b33
linux/drivers/platform/x86
History
João Paulo Rechi Vita 06b8b00b33 platform/x86: asus-wireless: Fix NULL pointer dereference 
When the module is removed the led workqueue is destroyed in the remove
callback, before the led device is unregistered from the led subsystem.

This leads to a NULL pointer derefence when the led device is
unregistered automatically later as part of the module removal cleanup.
Bellow is the backtrace showing the problem.

  BUG: unable to handle kernel NULL pointer dereference at           (null)
  IP: __queue_work+0x8c/0x410
  PGD 0 P4D 0
  Oops: 0000 [#1] SMP NOPTI
  Modules linked in: ccm edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 joydev crypto_simd asus_nb_wmi glue_helper uvcvideo snd_hda_codec_conexant snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel asus_wmi snd_hda_codec cryptd snd_hda_core sparse_keymap videobuf2_vmalloc arc4 videobuf2_memops snd_hwdep input_leds videobuf2_v4l2 ath9k psmouse videobuf2_core videodev ath9k_common snd_pcm ath9k_hw media fam15h_power ath k10temp snd_timer mac80211 i2c_piix4 r8169 mii mac_hid cfg80211 asus_wireless(-) snd soundcore wmi shpchp 8250_dw ip_tables x_tables amdkfd amd_iommu_v2 amdgpu radeon chash i2c_algo_bit drm_kms_helper syscopyarea serio_raw sysfillrect sysimgblt fb_sys_fops ahci ttm libahci drm video
  CPU: 3 PID: 2177 Comm: rmmod Not tainted 4.15.0-5-generic #6+dev94.b4287e5bem1-Endless
  Hardware name: ASUSTeK COMPUTER INC. X555DG/X555DG, BIOS 5.011 05/05/2015
  RIP: 0010:__queue_work+0x8c/0x410
  RSP: 0018:ffffbe8cc249fcd8 EFLAGS: 00010086
  RAX: ffff992ac6810800 RBX: 0000000000000000 RCX: 0000000000000008
  RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff992ac6400e18
  RBP: ffffbe8cc249fd18 R08: ffff992ac6400db0 R09: 0000000000000000
  R10: 0000000000000040 R11: ffff992ac6400dd8 R12: 0000000000002000
  R13: ffff992abd762e00 R14: ffff992abd763e38 R15: 000000000001ebe0
  FS:  00007f318203e700(0000) GS:ffff992aced80000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000000 CR3: 00000001c720e000 CR4: 00000000001406e0
  Call Trace:
   queue_work_on+0x38/0x40
   led_state_set+0x2c/0x40 [asus_wireless]
   led_set_brightness_nopm+0x14/0x40
   led_set_brightness+0x37/0x60
   led_trigger_set+0xfc/0x1d0
   led_classdev_unregister+0x32/0xd0
   devm_led_classdev_release+0x11/0x20
   release_nodes+0x109/0x1f0
   devres_release_all+0x3c/0x50
   device_release_driver_internal+0x16d/0x220
   driver_detach+0x3f/0x80
   bus_remove_driver+0x55/0xd0
   driver_unregister+0x2c/0x40
   acpi_bus_unregister_driver+0x15/0x20
   asus_wireless_driver_exit+0x10/0xb7c [asus_wireless]
   SyS_delete_module+0x1da/0x2b0
   entry_SYSCALL_64_fastpath+0x24/0x87
  RIP: 0033:0x7f3181b65fd7
  RSP: 002b:00007ffe74bcbe18 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
  RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3181b65fd7
  RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000555ea2559258
  RBP: 0000555ea25591f0 R08: 00007ffe74bcad91 R09: 000000000000000a
  R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
  R13: 00007ffe74bcae00 R14: 0000000000000000 R15: 0000555ea25591f0
  Code: 01 00 00 02 0f 85 7d 01 00 00 48 63 45 d4 48 c7 c6 00 f4 fa 87 49 8b 9d 08 01 00 00 48 03 1c c6 4c 89 f7 e8 87 fb ff ff 48 85 c0 <48> 8b 3b 0f 84 c5 01 00 00 48 39 f8 0f 84 bc 01 00 00 48 89 c7
  RIP: __queue_work+0x8c/0x410 RSP: ffffbe8cc249fcd8
  CR2: 0000000000000000
  ---[ end trace 7aa4f4a232e9c39c ]---

Unregistering the led device on the remove callback before destroying the
workqueue avoids this problem.

https://bugzilla.kernel.org/show_bug.cgi?id=196097

Reported-by: Dun Hum <bitter.taste@gmx.com>
Cc: stable@vger.kernel.org
Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
2018-04-23 08:52:59 -07:00
..
acer-wireless.c platform/x86: Add Acer Wireless Radio Control driver 2017-11-27 13:39:11 +02:00
acer-wmi.c platform/x86: acer-wmi: Using zero as first WMI instance number 2017-06-20 20:23:17 +03:00
acerhdf.c platform/x86: acerhdf: Add const to thermal_cooling_device_ops structure 2017-06-21 14:12:46 -07:00
alienware-wmi.c platform/x86: alienware-wmi: lightbar LED support for Dell Inspiron 5675 2017-11-27 13:39:11 +02:00
amilo-rfkill.c
apple-gmux.c Revert "apple-gmux: lock iGP IO to protect from vgaarb changes" 2018-01-31 10:35:35 -08:00
asus-laptop.c platform/x86: asus-laptop: remove sparse_keymap_free() calls 2017-03-14 22:58:02 -07:00
asus-nb-wmi.c platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ 2017-11-27 13:39:11 +02:00
asus-wireless.c platform/x86: asus-wireless: Fix NULL pointer dereference 2018-04-23 08:52:59 -07:00
asus-wmi.c platform/x86: asus-wmi: Add lightbar led support 2017-09-27 00:26:54 -07:00
asus-wmi.h platform/x86: asus-wmi: try to set als by default 2017-04-28 21:52:24 +03:00
classmate-laptop.c
compal-laptop.c treewide: Use DEVICE_ATTR_RW 2018-01-09 16:33:31 +01:00
dell-laptop.c platform/x86: dell-laptop: Removed duplicates in DMI whitelist 2018-02-15 12:18:33 +02:00
dell-rbtn.c platform/x86: dell-rbtn: constify rfkill_ops structures 2017-06-13 11:00:21 -07:00
dell-rbtn.h
dell-smbios-base.c platform/x86: dell-smbios: Match on www.dell.com in OEM strings too 2018-04-23 08:52:59 -07:00
dell-smbios-smm.c platform/x86: dell-smbios: Link all dell-smbios-* modules together 2018-03-09 09:35:42 -08:00
dell-smbios-wmi.c platform/x86: dell-smbios: Link all dell-smbios-* modules together 2018-03-09 09:35:42 -08:00
dell-smbios.h platform/x86: dell-smbios: Link all dell-smbios-* modules together 2018-03-09 09:35:42 -08:00
dell-smo8800.c platform/x86: dell-smo8800: remove redundant assignments to byte_data 2017-11-05 13:53:14 +02:00
dell-wmi-aio.c platform/x86: dell-wmi-aio: remove sparse_keymap_free() calls 2017-03-14 22:58:04 -07:00
dell-wmi-descriptor.c platform/x86: dell-smbios-wmi: Disable userspace interface if missing hotfix 2017-11-20 12:38:43 -08:00
dell-wmi-descriptor.h platform/x86: dell-smbios-wmi: Disable userspace interface if missing hotfix 2017-11-20 12:38:43 -08:00
dell-wmi-led.c platform/x86: dell-wmi-led: Adjust instance of wmi_evaluate_method calls to 0 2017-06-28 09:01:36 -07:00
dell-wmi.c platform/x86: Fix dell driver init order 2018-03-14 11:05:53 -07:00
eeepc-laptop.c treewide: Align function definition open/close braces 2018-03-26 11:13:09 +02:00
eeepc-wmi.c eeepc-wmi: Use acpi_dev_found() 2016-04-09 03:12:58 +02:00
fujitsu-laptop.c platform/x86: fujitsu-laptop: Simplify soft key handling 2018-04-19 16:25:54 -07:00
fujitsu-tablet.c
gpd-pocket-fan.c platform/x86: GPD pocket fan: fix spelling mistake: "Mill-celcius" -> "millicelsius" 2018-02-15 12:21:48 +02:00
hdaps.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
hp_accel.c platform/x86: hp_accel: Add quirk for HP ProBook 440 G4 2017-10-27 20:54:01 +03:00
hp-wireless.c platform/x86: hp-wireless: reuse module_acpi_driver 2017-04-28 21:51:25 +03:00
hp-wmi.c platform/x86: hp-wmi: Fix tablet mode detection for convertibles 2017-11-05 13:53:14 +02:00
ibm_rtl.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
ideapad-laptop.c platform/x86: ideapad-laptop: Increase timeout to wait for EC answer 2018-02-15 12:18:32 +02:00
intel_bxtwc_tmu.c platform/x86: intel_bxtwc_tmu: Remove first level IRQ unmask 2017-06-19 15:45:30 +01:00
intel_cht_int33fe.c platform/x86: intel_cht_int33fe: Add device connections for the Type-C port 2018-03-22 13:49:28 +01:00
intel_chtdc_ti_pwrbtn.c platform/x86: Add support for Dollar Cove TI power button 2017-11-27 13:39:11 +02:00
intel_int0002_vgpio.c platform/x86: intel_int0002_vgpio: Remove IRQF_NO_THREAD irq flag 2017-11-27 13:39:11 +02:00
intel_ips.c platform/x86: intel_ips: Convert timers to use timer_setup() 2017-11-05 13:53:14 +02:00
intel_ips.h platform/x86: intel_ips: Remove FSF address from GPL notice 2017-10-08 21:07:15 +03:00
intel_menlow.c platform/x86: intel_menlow: Add const to thermal_cooling_device_ops structure 2017-06-21 14:13:10 -07:00
intel_mid_powerbtn.c platform/x86: intel_mid_powerbtn: make mid_pb_ddata const 2017-08-13 15:27:10 +03:00
intel_mid_thermal.c platform/x86: intel_mid_thermal: Fix module autoload 2017-02-03 14:04:53 +02:00
intel_oaktrail.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
intel_pmc_core.c platform/x86: intel_pmc_core: Special case for Coffeelake 2018-02-04 15:55:53 +02:00
intel_pmc_core.h platform/x86: intel_pmc_core: Special case for Coffeelake 2018-02-04 15:55:53 +02:00
intel_pmc_ipc.c platform/x86: intel_pmc_ipc: Add read64 API 2017-11-27 13:39:11 +02:00
intel_punit_ipc.c platform/x86: intel_punit_ipc: Fix resource ioremap warning 2017-11-05 13:53:14 +02:00
intel_scu_ipc.c platform: x86: intel_scu_ipc: Replace mdelay with usleep_range in intel_scu_ipc_i2c_cntrl 2018-04-23 17:24:23 +03:00
intel_scu_ipcutil.c intel_scu_ipcutil: underflow in scu_reg_access() 2016-01-30 09:40:35 -08:00
intel_telemetry_core.c platform/x86: intel_telemetry: cleanup redundant headers 2017-10-23 20:01:52 +03:00
intel_telemetry_debugfs.c platform/x86: intel_telemetry: Remove redundancies 2017-11-27 13:39:11 +02:00
intel_telemetry_pltdrv.c platform/x86: intel_telemetry: Add needed inclusion 2017-10-27 19:18:43 +03:00
intel_turbo_max_3.c platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms 2018-02-15 12:21:48 +02:00
intel-hid.c intel-hid: support KEY_ROTATE_LOCK_TOGGLE 2018-04-02 18:26:59 +03:00
intel-rst.c
intel-smartconnect.c platform/x86: Use ACPI_FAILURE at appropriate places 2016-12-13 09:29:01 -08:00
intel-vbtn.c platform/x86: intel-vbtn: Reset wakeup capable flag on removal 2018-03-01 13:08:25 +02:00
intel-wmi-thunderbolt.c platform/x86: intel-wmi-thunderbolt: Silence error cases 2017-09-22 15:08:19 -07:00
Kconfig platform-drivers-x86 for v4.17-1 2018-04-10 12:18:50 -07:00
Makefile platform/x86: dell-smbios: Link all dell-smbios-* modules together 2018-03-09 09:35:42 -08:00
mlx-platform.c platform/x86: mlx-platform: Add physical bus number auto detection 2018-03-23 16:14:29 -07:00
msi-laptop.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
msi-wmi.c platform/x86: msi-wmi: remove unnecessary static in msi_wmi_notify() 2017-07-25 09:56:38 -07:00
mxm-wmi.c platform/x86: mxm-wmi: Evaluate wmi method with instance number 0x0 2017-08-13 15:55:05 +03:00
panasonic-laptop.c platform/x86: panasonic-laptop: constify attribute_group structures. 2017-07-11 09:22:53 -07:00
peaq-wmi.c platform/x86: peaq-wmi: Remove unnecessary checks from peaq_wmi_exit 2017-11-03 13:32:09 +02:00
pmc_atom.c seq_file: Introduce DEFINE_SHOW_ATTRIBUTE() helper macro 2018-02-07 12:50:21 +02:00
pvpanic.c
samsung-laptop.c platform/x86: samsung-laptop: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-02-07 12:50:23 +02:00
samsung-q10.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
silead_dmi.c platform/x86: silead_dmi: Add entry for the Yours Y8W81 tablet 2018-04-02 17:31:50 +03:00
sony-laptop.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
surface3_button.c platform/x86: surface3_button: Propagate error from gpiod_count() 2017-03-16 21:52:12 +01:00
surface3-wmi.c platform/x86: surface3-wmi: fix uninitialized symbol 2017-01-21 01:43:42 +02:00
surfacepro3_button.c platform/x86: surfacepro3: Support for wakeup from suspend-to-idle 2018-01-11 18:54:50 +01:00
tc1100-wmi.c tc1100-wmi: fix build warning when CONFIG_PM not enabled 2016-01-19 17:35:47 -08:00
thinkpad_acpi.c platform-drivers-x86 for v4.17-1 2018-04-10 12:18:50 -07:00
topstar-laptop.c platform/x86: topstar-laptop: replace licence text with SPDX tag 2018-02-23 18:43:42 +02:00
toshiba_acpi.c platform/x86: toshiba_acpi: drop assignment of iio_info.driver_module 2017-08-22 22:14:59 +01:00
toshiba_bluetooth.c platform/x86: toshiba_bluetooth: Decouple an error checking status code 2016-09-23 16:21:06 -07:00
toshiba_haps.c platform/x86: toshiba_haps: constify haps_attr_group 2017-06-28 09:01:37 -07:00
toshiba-wmi.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
wmi-bmof.c platform/x86: wmi*: Add recent copyright statements 2017-06-13 11:00:18 -07:00
wmi.c platform/x86: wmi: Fix misuse of vsprintf extension %pULL 2018-03-01 10:01:39 -08:00
xo1-rfkill.c
xo15-ebook.c