2022-03-07 22:00:39

by Laurentiu Palcu

[permalink] [raw]
Subject: [PATCH v2] media: i2c: max9286: fix kernel oops when removing module

When removing the max9286 module we get a kernel oops:

Unable to handle kernel paging request at virtual address 000000aa00000094
Mem abort info:
ESR = 0x96000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000
[000000aa00000094] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec
CPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5
Hardware name: Freescale i.MX8QXP MEK (DT)
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i2c_mux_del_adapters+0x24/0xf0
lr : max9286_remove+0x28/0xd0 [max9286]
sp : ffff800013a9bbf0
x29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000
x20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8
x11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098
x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d
x5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000
Call trace:
i2c_mux_del_adapters+0x24/0xf0
max9286_remove+0x28/0xd0 [max9286]
i2c_device_remove+0x40/0x110
__device_release_driver+0x188/0x234
driver_detach+0xc4/0x150
bus_remove_driver+0x60/0xe0
driver_unregister+0x34/0x64
i2c_del_driver+0x58/0xa0
max9286_i2c_driver_exit+0x1c/0x490 [max9286]
__arm64_sys_delete_module+0x194/0x260
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0xd4/0xfc
do_el0_svc+0x2c/0x94
el0_svc+0x28/0x80
el0t_64_sync_handler+0xa8/0x130
el0t_64_sync+0x1a0/0x1a4

The Oops happens because the I2C client data does not point to
max9286_priv anymore but to v4l2_subdev. The change happened in
max9286_init() which calls v4l2_i2c_subdev_init() later on...

Besides fixing the max9286_remove() function, remove the call to
i2c_set_clientdata() in max9286_probe(), to avoid confusion, and make
the necessary changes to max9286_init() so that it doesn't have to use
i2c_get_clientdata() in order to fetch the pointer to priv.

Fixes: 66d8c9d2422d ("media: i2c: Add MAX9286 driver")
Signed-off-by: Laurentiu Palcu <[email protected]>
---
Changes in v2:
* removed i2c_set_clientdata() in max9286_probe();
* refactored max9286_init() so that we pass priv as argument, not dev;

Cheers,
Laurentiu

drivers/media/i2c/max9286.c | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/drivers/media/i2c/max9286.c b/drivers/media/i2c/max9286.c
index d2a4915ed9f7..3684faa72253 100644
--- a/drivers/media/i2c/max9286.c
+++ b/drivers/media/i2c/max9286.c
@@ -1147,22 +1147,18 @@ static int max9286_poc_enable(struct max9286_priv *priv, bool enable)
return ret;
}

-static int max9286_init(struct device *dev)
+static int max9286_init(struct max9286_priv *priv)
{
- struct max9286_priv *priv;
- struct i2c_client *client;
+ struct i2c_client *client = priv->client;
int ret;

- client = to_i2c_client(dev);
- priv = i2c_get_clientdata(client);
-
ret = max9286_poc_enable(priv, true);
if (ret)
return ret;

ret = max9286_setup(priv);
if (ret) {
- dev_err(dev, "Unable to setup max9286\n");
+ dev_err(&client->dev, "Unable to setup max9286\n");
goto err_poc_disable;
}

@@ -1172,13 +1168,13 @@ static int max9286_init(struct device *dev)
*/
ret = max9286_v4l2_register(priv);
if (ret) {
- dev_err(dev, "Failed to register with V4L2\n");
+ dev_err(&client->dev, "Failed to register with V4L2\n");
goto err_poc_disable;
}

ret = max9286_i2c_mux_init(priv);
if (ret) {
- dev_err(dev, "Unable to initialize I2C multiplexer\n");
+ dev_err(&client->dev, "Unable to initialize I2C multiplexer\n");
goto err_v4l2_register;
}

@@ -1333,7 +1329,6 @@ static int max9286_probe(struct i2c_client *client)
mutex_init(&priv->mutex);

priv->client = client;
- i2c_set_clientdata(client, priv);

priv->gpiod_pwdn = devm_gpiod_get_optional(&client->dev, "enable",
GPIOD_OUT_HIGH);
@@ -1369,7 +1364,7 @@ static int max9286_probe(struct i2c_client *client)
if (ret)
goto err_powerdown;

- ret = max9286_init(&client->dev);
+ ret = max9286_init(priv);
if (ret < 0)
goto err_cleanup_dt;

@@ -1385,7 +1380,7 @@ static int max9286_probe(struct i2c_client *client)

static int max9286_remove(struct i2c_client *client)
{
- struct max9286_priv *priv = i2c_get_clientdata(client);
+ struct max9286_priv *priv = sd_to_max9286(i2c_get_clientdata(client));

i2c_mux_del_adapters(priv->mux);

--
2.17.1


2022-03-24 21:04:31

by Kieran Bingham

[permalink] [raw]
Subject: Re: [PATCH v2] media: i2c: max9286: fix kernel oops when removing module

Hi Laurentiu,

Thanks for the updates on the v2, Looks good to me.

Quoting Laurentiu Palcu (2022-03-07 16:46:07)
> When removing the max9286 module we get a kernel oops:
>
> Unable to handle kernel paging request at virtual address 000000aa00000094
> Mem abort info:
> ESR = 0x96000004
> EC = 0x25: DABT (current EL), IL = 32 bits
> SET = 0, FnV = 0
> EA = 0, S1PTW = 0
> FSC = 0x04: level 0 translation fault
> Data abort info:
> ISV = 0, ISS = 0x00000004
> CM = 0, WnR = 0
> user pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000
> [000000aa00000094] pgd=0000000000000000, p4d=0000000000000000
> Internal error: Oops: 96000004 [#1] PREEMPT SMP
> Modules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec
> CPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5
> Hardware name: Freescale i.MX8QXP MEK (DT)
> pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : i2c_mux_del_adapters+0x24/0xf0
> lr : max9286_remove+0x28/0xd0 [max9286]
> sp : ffff800013a9bbf0
> x29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000
> x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
> x23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000
> x20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000
> x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
> x14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8
> x11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098
> x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d
> x5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000
> x2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000
> Call trace:
> i2c_mux_del_adapters+0x24/0xf0
> max9286_remove+0x28/0xd0 [max9286]
> i2c_device_remove+0x40/0x110
> __device_release_driver+0x188/0x234
> driver_detach+0xc4/0x150
> bus_remove_driver+0x60/0xe0
> driver_unregister+0x34/0x64
> i2c_del_driver+0x58/0xa0
> max9286_i2c_driver_exit+0x1c/0x490 [max9286]
> __arm64_sys_delete_module+0x194/0x260
> invoke_syscall+0x48/0x114
> el0_svc_common.constprop.0+0xd4/0xfc
> do_el0_svc+0x2c/0x94
> el0_svc+0x28/0x80
> el0t_64_sync_handler+0xa8/0x130
> el0t_64_sync+0x1a0/0x1a4
>
> The Oops happens because the I2C client data does not point to
> max9286_priv anymore but to v4l2_subdev. The change happened in
> max9286_init() which calls v4l2_i2c_subdev_init() later on...
>
> Besides fixing the max9286_remove() function, remove the call to
> i2c_set_clientdata() in max9286_probe(), to avoid confusion, and make
> the necessary changes to max9286_init() so that it doesn't have to use
> i2c_get_clientdata() in order to fetch the pointer to priv.
>
> Fixes: 66d8c9d2422d ("media: i2c: Add MAX9286 driver")
> Signed-off-by: Laurentiu Palcu <[email protected]>

Reviewed-by: Kieran Bingham <[email protected]>

> ---
> Changes in v2:
> * removed i2c_set_clientdata() in max9286_probe();
> * refactored max9286_init() so that we pass priv as argument, not dev;
>
> Cheers,
> Laurentiu
>
> drivers/media/i2c/max9286.c | 19 +++++++------------
> 1 file changed, 7 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/media/i2c/max9286.c b/drivers/media/i2c/max9286.c
> index d2a4915ed9f7..3684faa72253 100644
> --- a/drivers/media/i2c/max9286.c
> +++ b/drivers/media/i2c/max9286.c
> @@ -1147,22 +1147,18 @@ static int max9286_poc_enable(struct max9286_priv *priv, bool enable)
> return ret;
> }
>
> -static int max9286_init(struct device *dev)
> +static int max9286_init(struct max9286_priv *priv)
> {
> - struct max9286_priv *priv;
> - struct i2c_client *client;
> + struct i2c_client *client = priv->client;
> int ret;
>
> - client = to_i2c_client(dev);
> - priv = i2c_get_clientdata(client);
> -
> ret = max9286_poc_enable(priv, true);
> if (ret)
> return ret;
>
> ret = max9286_setup(priv);
> if (ret) {
> - dev_err(dev, "Unable to setup max9286\n");
> + dev_err(&client->dev, "Unable to setup max9286\n");
> goto err_poc_disable;
> }
>
> @@ -1172,13 +1168,13 @@ static int max9286_init(struct device *dev)
> */
> ret = max9286_v4l2_register(priv);
> if (ret) {
> - dev_err(dev, "Failed to register with V4L2\n");
> + dev_err(&client->dev, "Failed to register with V4L2\n");
> goto err_poc_disable;
> }
>
> ret = max9286_i2c_mux_init(priv);
> if (ret) {
> - dev_err(dev, "Unable to initialize I2C multiplexer\n");
> + dev_err(&client->dev, "Unable to initialize I2C multiplexer\n");
> goto err_v4l2_register;
> }
>
> @@ -1333,7 +1329,6 @@ static int max9286_probe(struct i2c_client *client)
> mutex_init(&priv->mutex);
>
> priv->client = client;
> - i2c_set_clientdata(client, priv);
>
> priv->gpiod_pwdn = devm_gpiod_get_optional(&client->dev, "enable",
> GPIOD_OUT_HIGH);
> @@ -1369,7 +1364,7 @@ static int max9286_probe(struct i2c_client *client)
> if (ret)
> goto err_powerdown;
>
> - ret = max9286_init(&client->dev);
> + ret = max9286_init(priv);
> if (ret < 0)
> goto err_cleanup_dt;
>
> @@ -1385,7 +1380,7 @@ static int max9286_probe(struct i2c_client *client)
>
> static int max9286_remove(struct i2c_client *client)
> {
> - struct max9286_priv *priv = i2c_get_clientdata(client);
> + struct max9286_priv *priv = sd_to_max9286(i2c_get_clientdata(client));
>
> i2c_mux_del_adapters(priv->mux);
>
> --
> 2.17.1
>