From: Lars Poeschel <[email protected]>
In case request_threaded_irq inside adnp_irq_setup fails, the driver
segfaults. This is because irq_domain_remove is called twice with
the same pointer. First time in adnp_irq_setup and then a second time
after leaving adnp_irq_setup in the error path of adnp_i2c_probe
inside adnp_teardown.
This fixes this by removing the call to irq_domain_remove from
adnp_irq_setup.
Signed-off-by: Lars Poeschel <[email protected]>
---
drivers/gpio/gpio-adnp.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpio/gpio-adnp.c b/drivers/gpio/gpio-adnp.c
index e60567f..c0f3fc4 100644
--- a/drivers/gpio/gpio-adnp.c
+++ b/drivers/gpio/gpio-adnp.c
@@ -490,15 +490,11 @@ static int adnp_irq_setup(struct adnp *adnp)
if (err != 0) {
dev_err(chip->dev, "can't request IRQ#%d: %d\n",
adnp->client->irq, err);
- goto error;
+ return err;
}
chip->to_irq = adnp_gpio_to_irq;
return 0;
-
-error:
- irq_domain_remove(adnp->domain);
- return err;
}
static void adnp_irq_teardown(struct adnp *adnp)
--
1.7.10.4
On Wed, Aug 7, 2013 at 5:23 PM, Lars Poeschel <[email protected]> wrote:
> From: Lars Poeschel <[email protected]>
>
> In case request_threaded_irq inside adnp_irq_setup fails, the driver
> segfaults. This is because irq_domain_remove is called twice with
> the same pointer. First time in adnp_irq_setup and then a second time
> after leaving adnp_irq_setup in the error path of adnp_i2c_probe
> inside adnp_teardown.
> This fixes this by removing the call to irq_domain_remove from
> adnp_irq_setup.
>
> Signed-off-by: Lars Poeschel <[email protected]>
Patch applied.
Yours,
Linus Walleij