Re: [PATCH -resend] pps: do not crash when failed to register

From: Rodolfo Giometti
Date: Thu Jul 14 2016 - 08:47:17 EST

On 07/14/16 13:52, Jiri Slaby wrote:
With this command sequence:
modprobe plip
modprobe pps_parport
rmmod pps_parport
the partport_pps modules causes this crash:


BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffffa110301d>] parport_detach+0x1d/0x60 [pps_parport]
Oops: 0000 [#1] SMP
Call Trace:
[<ffffffffa036a185>] parport_unregister_driver+0x65/0xc0 [parport]
[<ffffffff810ff667>] SyS_delete_module+0x187/0x210


1) plip is loaded and takes the parport device for exclusive use:
plip0: Parallel port at 0x378, using IRQ 7.

2) pps_parport then fails to grab the device:
pps_parport: parallel port PPS client
parport0: cannot grant exclusive access for device pps_parport
pps_parport: couldn't register with parport0

3) rmmod of pps_parport is then killed because it tries to access
pardev->name, but pardev (taken from port->cad) is NULL.

So add a check for NULL in the test there too.

Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
Cc: Rodolfo Giometti <giometti@xxxxxxxxxxxx>
drivers/pps/clients/pps_parport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index 38a8bbe74810..83797d89c30f 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -195,7 +195,7 @@ static void parport_detach(struct parport *port)
struct pps_client_pp *device;

/* FIXME: oooh, this is ugly! */
- if (strcmp(pardev->name, KBUILD_MODNAME))
+ if (!pardev || strcmp(pardev->name, KBUILD_MODNAME))
/* not our port */

Acked-by: Rodolfo Giometti <giometti@xxxxxxxxxxxx>


