Re: [PATCH 00/15] atmel_mxt_ts - device tree, bootloader, etc

From: Stephen Warren
Date: Tue Sep 02 2014 - 11:45:30 EST

Next message: Seth Forshee: "[PATCH v2 3/3] fuse: Add support for mounts from user namespaces"
Previous message: Seth Forshee: "[PATCH v2 2/3] fuse: Translate pids passed to userspace into pid namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/29/2014 01:26 PM, Stephen Warren wrote:

On 07/29/2014 11:06 AM, Nick Dyer wrote:

On 29/07/14 17:16, Stephen Warren wrote:

...

I also found that removing the module (even without attempting a FW
update) yields:

After attempted FW update via sysfs:

root@localhost:~# rmmod ./atmel_mxt_ts.ko
[ 81.995672] Unable to handle kernel NULL pointer dereference at
virtual address 00000364

Not good. It's trying to free an input device which isn't registered at
that point. In a later patch in my series I add a guard around that
(mxt_free_input_device):
https://github.com/ndyer/linux/commit/bb4800ff8c185

It looks like 8d01a84b86b0 "Input: atmel_mxt_ts - implement T100 touch
object support" from that branch is what solves the issue.

Ah, in linux-next, it's simply a double-unregister; both mxt_remove()
and mxt_free_object_table() call
input_unregister_device(data->input_dev). I think it would make sense to
send the following patch for 3.17. Do you agree?

Nick, I see the fix below isn't in linux-next as of next-20140829. IIRC, you'd sent the patch below but there had been some comments on it by Dmitry. Unfortunately, I don't recall the patch subject to search for it. Anyway, are you planning on re-spinning the patch so it can be applied?

diff --git a/drivers/input/touchscreen/atmel_mxt_ts.c
b/drivers/input/touchscreen/atmel_mxt_ts.c
index 03b85711cb70..da497dbf9735 100644
--- a/drivers/input/touchscreen/atmel_mxt_ts.c
+++ b/drivers/input/touchscreen/atmel_mxt_ts.c
@@ -1353,8 +1353,10 @@ static int mxt_get_info(struct mxt_data *data)

static void mxt_free_object_table(struct mxt_data *data)
{
- input_unregister_device(data->input_dev);
- data->input_dev = NULL;
+ if (data->input_dev) {
+ input_unregister_device(data->input_dev);
+ data->input_dev = NULL;
+ }

kfree(data->object_table);
data->object_table = NULL;
@@ -2194,7 +2196,6 @@ static int mxt_remove(struct i2c_client *client)

sysfs_remove_group(&client->dev.kobj, &mxt_attr_group);
free_irq(data->irq, data);
- input_unregister_device(data->input_dev);
mxt_free_object_table(data);
kfree(data);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Seth Forshee: "[PATCH v2 3/3] fuse: Add support for mounts from user namespaces"
Previous message: Seth Forshee: "[PATCH v2 2/3] fuse: Translate pids passed to userspace into pid namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]