iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In iio_register_sw_trigger_type(), configfs_register_default_group() is
possible to fail, but the entry add to iio_trigger_types_list is not
deleted.

This leaves wild in iio_trigger_types_list, which can cause page fault
when module is loading again. So fix this by list_del(&t->list) in error
path.

BUG: unable to handle page fault for address: fffffbfff81d7400
Call Trace:
<TASK>
iio_register_sw_trigger_type
do_one_initcall
do_init_module
load_module
...

Fixes: b662f809d410 ("iio: core: Introduce IIO software triggers")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221108032802.168623-1-chenzhongjin@huawei.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>

authored by

Chen Zhongjin and committed by

Jonathan Cameron 3 years ago 4ad09d95 20690cd5

+5 -1

1 changed file

expand all

drivers

iio

industrialio-sw-trigger.c

+5 -1

drivers/iio/industrialio-sw-trigger.c

··· 58 58 59 59 t->group = configfs_register_default_group(iio_triggers_group, t->name, 60 60 &iio_trigger_type_group_type); 61 - if (IS_ERR(t->group)) 61 + if (IS_ERR(t->group)) { 62 + mutex_lock(&iio_trigger_types_lock); 63 + list_del(&t->list); 64 + mutex_unlock(&iio_trigger_types_lock); 62 65 ret = PTR_ERR(t->group); 66 + } 63 67 64 68 return ret; 65 69 }