f07b60b7c3
When hid sensor hub is unplugged, there is a crash in iio_device_unregister_trigger_consumer. In a typical IIO driver when remove is called, it will unregister and free trigger and then it will call iio_device_free. The function iio_trigger_free() will free the allocated memory for trigger. If this trigger was assigned to iio_dev->trig, then it should be set to NULL. Othewise when iio_device_free() is called later, it finally calls iio_device_unregsister_trigger(), which checks for if (indio_dev->trig) iio_trigger_put(indio_dev->trig); If indio_dev->trig is not set to NULL, it calls iio_trigger_put on a bad pointer causing crash. This scenerio can happen in any driver, which is storing trigger pointer in iio_dev structure and following current procedure during remove. Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
103 lines
2.8 KiB
C
103 lines
2.8 KiB
C
/*
|
|
* HID Sensors Driver
|
|
* Copyright (c) 2012, Intel Corporation.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms and conditions of the GNU General Public License,
|
|
* version 2, as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
* more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with
|
|
* this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
*/
|
|
#include <linux/device.h>
|
|
#include <linux/platform_device.h>
|
|
#include <linux/module.h>
|
|
#include <linux/interrupt.h>
|
|
#include <linux/irq.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/hid-sensor-hub.h>
|
|
#include <linux/iio/iio.h>
|
|
#include <linux/iio/trigger.h>
|
|
#include <linux/iio/sysfs.h>
|
|
#include "hid-sensor-attributes.h"
|
|
#include "hid-sensor-trigger.h"
|
|
|
|
static int hid_sensor_data_rdy_trigger_set_state(struct iio_trigger *trig,
|
|
bool state)
|
|
{
|
|
struct hid_sensor_iio_common *st = trig->private_data;
|
|
int state_val;
|
|
|
|
state_val = state ? 1 : 0;
|
|
#if (defined CONFIG_HID_SENSOR_ENUM_BASE_QUIRKS) || \
|
|
(defined CONFIG_HID_SENSOR_ENUM_BASE_QUIRKS_MODULE)
|
|
++state_val;
|
|
#endif
|
|
st->data_ready = state;
|
|
sensor_hub_set_feature(st->hsdev, st->power_state.report_id,
|
|
st->power_state.index,
|
|
(s32)state_val);
|
|
|
|
sensor_hub_set_feature(st->hsdev, st->report_state.report_id,
|
|
st->report_state.index,
|
|
(s32)state_val);
|
|
|
|
return 0;
|
|
}
|
|
|
|
void hid_sensor_remove_trigger(struct iio_dev *indio_dev)
|
|
{
|
|
iio_trigger_unregister(indio_dev->trig);
|
|
iio_trigger_free(indio_dev->trig);
|
|
indio_dev->trig = NULL;
|
|
}
|
|
EXPORT_SYMBOL(hid_sensor_remove_trigger);
|
|
|
|
static const struct iio_trigger_ops hid_sensor_trigger_ops = {
|
|
.owner = THIS_MODULE,
|
|
.set_trigger_state = &hid_sensor_data_rdy_trigger_set_state,
|
|
};
|
|
|
|
int hid_sensor_setup_trigger(struct iio_dev *indio_dev, const char *name,
|
|
struct hid_sensor_iio_common *attrb)
|
|
{
|
|
int ret;
|
|
struct iio_trigger *trig;
|
|
|
|
trig = iio_trigger_alloc("%s-dev%d", name, indio_dev->id);
|
|
if (trig == NULL) {
|
|
dev_err(&indio_dev->dev, "Trigger Allocate Failed\n");
|
|
ret = -ENOMEM;
|
|
goto error_ret;
|
|
}
|
|
|
|
trig->dev.parent = indio_dev->dev.parent;
|
|
trig->private_data = attrb;
|
|
trig->ops = &hid_sensor_trigger_ops;
|
|
ret = iio_trigger_register(trig);
|
|
|
|
if (ret) {
|
|
dev_err(&indio_dev->dev, "Trigger Register Failed\n");
|
|
goto error_free_trig;
|
|
}
|
|
indio_dev->trig = trig;
|
|
|
|
return ret;
|
|
|
|
error_free_trig:
|
|
iio_trigger_free(trig);
|
|
error_ret:
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL(hid_sensor_setup_trigger);
|
|
|
|
MODULE_AUTHOR("Srinivas Pandruvada <srinivas.pandruvada@intel.com>");
|
|
MODULE_DESCRIPTION("HID Sensor trigger processing");
|
|
MODULE_LICENSE("GPL");
|