1. Patchew
  2. linux
  3. [PATCH v2 0/5] iio: treewide: rearrange iio trig get/register
  4. View patch

[PATCH v2 1/5] iio:accel:bma180: rearrange iio trigger get and register

Dmitry Rokosov posted 5 patches 3 years, 8 months ago
[PATCH v2 1/5] iio:accel:bma180: rearrange iio trigger get and register
Posted by Dmitry Rokosov 3 years, 8 months ago 
IIO trigger interface function iio_trigger_get() should be called after
iio_trigger_register() (or its devm analogue) strictly, because of
iio_trigger_get() acquires module refcnt based on the trigger->owner
pointer, which is initialized inside iio_trigger_register() to
THIS_MODULE.
If this call order is wrong, the next iio_trigger_put() (from sysfs
callback or "delete module" path) will dereference "default" module
refcnt, which is incorrect behaviour.

Fixes: 0668a4e4d297 ("iio: accel: bma180: Fix indio_dev->trig assignment")
Signed-off-by: Dmitry Rokosov <ddrokosov@sberdevices.ru>
---
 drivers/iio/accel/bma180.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/iio/accel/bma180.c b/drivers/iio/accel/bma180.c
index d8a454c266d5..5d0bd0fc3018 100644
--- a/drivers/iio/accel/bma180.c
+++ b/drivers/iio/accel/bma180.c
@@ -1006,11 +1006,12 @@ static int bma180_probe(struct i2c_client *client,
 
 		data->trig->ops = &bma180_trigger_ops;
 		iio_trigger_set_drvdata(data->trig, indio_dev);
-		indio_dev->trig = iio_trigger_get(data->trig);
 
 		ret = iio_trigger_register(data->trig);
 		if (ret)
 			goto err_trigger_free;
+
+		indio_dev->trig = iio_trigger_get(data->trig);
 	}
 
 	ret = iio_triggered_buffer_setup(indio_dev, NULL,
-- 
2.36.0
Re: [PATCH v2 1/5] iio:accel:bma180: rearrange iio trigger get and register
Posted by Andy Shevchenko 3 years, 8 months ago 
On Tue, May 24, 2022 at 8:14 PM Dmitry Rokosov <DDRokosov@sberdevices.ru> wrote:
>
> IIO trigger interface function iio_trigger_get() should be called after
> iio_trigger_register() (or its devm analogue) strictly, because of
> iio_trigger_get() acquires module refcnt based on the trigger->owner
> pointer, which is initialized inside iio_trigger_register() to
> THIS_MODULE.
> If this call order is wrong, the next iio_trigger_put() (from sysfs
> callback or "delete module" path) will dereference "default" module
> refcnt, which is incorrect behaviour.

Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>

> Fixes: 0668a4e4d297 ("iio: accel: bma180: Fix indio_dev->trig assignment")
> Signed-off-by: Dmitry Rokosov <ddrokosov@sberdevices.ru>
> ---
>  drivers/iio/accel/bma180.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iio/accel/bma180.c b/drivers/iio/accel/bma180.c
> index d8a454c266d5..5d0bd0fc3018 100644
> --- a/drivers/iio/accel/bma180.c
> +++ b/drivers/iio/accel/bma180.c
> @@ -1006,11 +1006,12 @@ static int bma180_probe(struct i2c_client *client,
>
>                 data->trig->ops = &bma180_trigger_ops;
>                 iio_trigger_set_drvdata(data->trig, indio_dev);
> -               indio_dev->trig = iio_trigger_get(data->trig);
>
>                 ret = iio_trigger_register(data->trig);
>                 if (ret)
>                         goto err_trigger_free;
> +
> +               indio_dev->trig = iio_trigger_get(data->trig);
>         }
>
>         ret = iio_triggered_buffer_setup(indio_dev, NULL,
> --
> 2.36.0



-- 
With Best Regards,
Andy Shevchenko

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.