[PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[Zheng Wang]

In at91_adc_probe, &st->touch_st.workq is bound with
at91_adc_workq_handler. Then it will be started by irq
handler at91_adc_touch_data_handler

If we remove the driver which will call at91_adc_remove
  to make cleanup, there may be a unfinished work.

The possible sequence is as follows:

Fix it by finishing the work before cleanup in the at91_adc_remove

CPU0                  CPU1

                    |at91_adc_workq_handler
at91_adc_remove     |
iio_device_unregister|
iio_dev_release     |
kfree(iio_dev_opaque);|
                    |
                    |iio_push_to_buffers
                    |&iio_dev_opaque->buffer_list
                    |//use
Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
---
 drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index 50d02e5fc6fc..1b95d18d9e0b 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
 	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
 	struct at91_adc_state *st = iio_priv(indio_dev);
 
+	disable_irq_nosync(st->irq);
+	cancel_work_sync(&st->touch_st.workq);
 	iio_device_unregister(indio_dev);
 
 	at91_adc_dma_disable(st);
-- 
2.25.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[Lars-Peter Clausen]

On 3/18/23 10:39, Jonathan Cameron wrote:
> On Fri, 10 Mar 2023 17:12:39 +0800
> Zheng Wang <zyytlz.wz@163.com> wrote:
>
>> In at91_adc_probe, &st->touch_st.workq is bound with
>> at91_adc_workq_handler. Then it will be started by irq
>> handler at91_adc_touch_data_handler
>>
>> If we remove the driver which will call at91_adc_remove
>>    to make cleanup, there may be a unfinished work.
>>
>> The possible sequence is as follows:
>>
>> Fix it by finishing the work before cleanup in the at91_adc_remove
>>
>> CPU0                  CPU1
>>
>>                      |at91_adc_workq_handler
>> at91_adc_remove     |
>> iio_device_unregister|
>> iio_dev_release     |
>> kfree(iio_dev_opaque);|
>>                      |
>>                      |iio_push_to_buffers
>>                      |&iio_dev_opaque->buffer_list
>>                      |//use
>> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
>> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
>> ---
>>   drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
>> index 50d02e5fc6fc..1b95d18d9e0b 100644
>> --- a/drivers/iio/adc/at91-sama5d2_adc.c
>> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
>> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>>   	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>>   	struct at91_adc_state *st = iio_priv(indio_dev);
>>   
>> +	disable_irq_nosync(st->irq);
>> +	cancel_work_sync(&st->touch_st.workq);
> I'd like some input form someone more familiar with this driver than I am.
>
> In particular, whilst it fixes the bug seen I'm not sure what the most
> logical ordering for the disable is or the best way to do it.
>
> I'd prefer to see the irq cut off at source by disabling it at the device
> feature that is generating the irq followed by cancelling or waiting for
> completion of any in flight work.
The usually way you'd do this by calling free_irq() before the 
cancel_work_sync().



_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[Jonathan Cameron]

On Fri, 10 Mar 2023 17:12:39 +0800
Zheng Wang <zyytlz.wz@163.com> wrote:

> In at91_adc_probe, &st->touch_st.workq is bound with
> at91_adc_workq_handler. Then it will be started by irq
> handler at91_adc_touch_data_handler
> 
> If we remove the driver which will call at91_adc_remove
>   to make cleanup, there may be a unfinished work.
> 
> The possible sequence is as follows:
> 
> Fix it by finishing the work before cleanup in the at91_adc_remove
> 
> CPU0                  CPU1
> 
>                     |at91_adc_workq_handler
> at91_adc_remove     |
> iio_device_unregister|
> iio_dev_release     |
> kfree(iio_dev_opaque);|
>                     |
>                     |iio_push_to_buffers
>                     |&iio_dev_opaque->buffer_list
>                     |//use
> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
> ---
>  drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
> index 50d02e5fc6fc..1b95d18d9e0b 100644
> --- a/drivers/iio/adc/at91-sama5d2_adc.c
> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>  	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>  	struct at91_adc_state *st = iio_priv(indio_dev);
>  
> +	disable_irq_nosync(st->irq);
> +	cancel_work_sync(&st->touch_st.workq);

I'd like some input form someone more familiar with this driver than I am.

In particular, whilst it fixes the bug seen I'm not sure what the most
logical ordering for the disable is or the best way to do it.

I'd prefer to see the irq cut off at source by disabling it at the device
feature that is generating the irq followed by cancelling or waiting for
completion of any in flight work.

>  	iio_device_unregister(indio_dev);
>  
>  	at91_adc_dma_disable(st);


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[Jonathan Cameron]

On Sat, 18 Mar 2023 10:36:04 -0700
Lars-Peter Clausen <lars@metafoo.de> wrote:

> On 3/18/23 10:39, Jonathan Cameron wrote:
> > On Fri, 10 Mar 2023 17:12:39 +0800
> > Zheng Wang <zyytlz.wz@163.com> wrote:
> >  
> >> In at91_adc_probe, &st->touch_st.workq is bound with
> >> at91_adc_workq_handler. Then it will be started by irq
> >> handler at91_adc_touch_data_handler
> >>
> >> If we remove the driver which will call at91_adc_remove
> >>    to make cleanup, there may be a unfinished work.
> >>
> >> The possible sequence is as follows:
> >>
> >> Fix it by finishing the work before cleanup in the at91_adc_remove
> >>
> >> CPU0                  CPU1
> >>
> >>                      |at91_adc_workq_handler
> >> at91_adc_remove     |
> >> iio_device_unregister|
> >> iio_dev_release     |
> >> kfree(iio_dev_opaque);|
> >>                      |
> >>                      |iio_push_to_buffers
> >>                      |&iio_dev_opaque->buffer_list
> >>                      |//use
> >> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
> >> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
> >> ---
> >>   drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
> >>   1 file changed, 2 insertions(+)
> >>
> >> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
> >> index 50d02e5fc6fc..1b95d18d9e0b 100644
> >> --- a/drivers/iio/adc/at91-sama5d2_adc.c
> >> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
> >> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
> >>   	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
> >>   	struct at91_adc_state *st = iio_priv(indio_dev);
> >>   
> >> +	disable_irq_nosync(st->irq);
> >> +	cancel_work_sync(&st->touch_st.workq);  
> > I'd like some input form someone more familiar with this driver than I am.
> >
> > In particular, whilst it fixes the bug seen I'm not sure what the most
> > logical ordering for the disable is or the best way to do it.
> >
> > I'd prefer to see the irq cut off at source by disabling it at the device
> > feature that is generating the irq followed by cancelling or waiting for
> > completion of any in flight work.  
> The usually way you'd do this by calling free_irq() before the 
> cancel_work_sync().

I'd go a little further than that and disable the interrupt source at the
device (if possible) then call free_irq() then cancel_work_sync()

Otherwise the device is merrily monitoring something and generating interrupts
that we don't care about.  Might well be wasting power doing that, though I haven't
checked the flow in this particular case.

Jonathan


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re:Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[王征]

At 2023-03-19 00:39:13, "Jonathan Cameron" <jic23@kernel.org> wrote:
>On Fri, 10 Mar 2023 17:12:39 +0800
>Zheng Wang <zyytlz.wz@163.com> wrote:
>
>> In at91_adc_probe, &st->touch_st.workq is bound with
>> at91_adc_workq_handler. Then it will be started by irq
>> handler at91_adc_touch_data_handler
>> 
>> If we remove the driver which will call at91_adc_remove
>>   to make cleanup, there may be a unfinished work.
>> 
>> The possible sequence is as follows:
>> 
>> Fix it by finishing the work before cleanup in the at91_adc_remove
>> 
>> CPU0                  CPU1
>> 
>>                     |at91_adc_workq_handler
>> at91_adc_remove     |
>> iio_device_unregister|
>> iio_dev_release     |
>> kfree(iio_dev_opaque);|
>>                     |
>>                     |iio_push_to_buffers
>>                     |&iio_dev_opaque->buffer_list
>>                     |//use
>> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
>> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
>> ---
>>  drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>>  1 file changed, 2 insertions(+)
>> 
>> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
>> index 50d02e5fc6fc..1b95d18d9e0b 100644
>> --- a/drivers/iio/adc/at91-sama5d2_adc.c
>> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
>> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>>  	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>>  	struct at91_adc_state *st = iio_priv(indio_dev);
>>  
>> +	disable_irq_nosync(st->irq);
>> +	cancel_work_sync(&st->touch_st.workq);
>
>I'd like some input form someone more familiar with this driver than I am.
>
>In particular, whilst it fixes the bug seen I'm not sure what the most
>logical ordering for the disable is or the best way to do it.
>
>I'd prefer to see the irq cut off at source by disabling it at the device
>feature that is generating the irq followed by cancelling or waiting for
>completion of any in flight work.

Hi,

Sorry for my late reply. I think we need to replace disable_irq_nosync with free_irq.

Thanks,
Zheng

>
>>  	iio_device_unregister(indio_dev);
>>  
>>  	at91_adc_dma_disable(st);
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re:Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[王征]

At 2023-03-19 00:36:04, "Lars-Peter Clausen" <lars@metafoo.de> wrote:
>On 3/18/23 10:39, Jonathan Cameron wrote:
>> On Fri, 10 Mar 2023 17:12:39 +0800
>> Zheng Wang <zyytlz.wz@163.com> wrote:
>>
>>> In at91_adc_probe, &st->touch_st.workq is bound with
>>> at91_adc_workq_handler. Then it will be started by irq
>>> handler at91_adc_touch_data_handler
>>>
>>> If we remove the driver which will call at91_adc_remove
>>>    to make cleanup, there may be a unfinished work.
>>>
>>> The possible sequence is as follows:
>>>
>>> Fix it by finishing the work before cleanup in the at91_adc_remove
>>>
>>> CPU0                  CPU1
>>>
>>>                      |at91_adc_workq_handler
>>> at91_adc_remove     |
>>> iio_device_unregister|
>>> iio_dev_release     |
>>> kfree(iio_dev_opaque);|
>>>                      |
>>>                      |iio_push_to_buffers
>>>                      |&iio_dev_opaque->buffer_list
>>>                      |//use
>>> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
>>> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
>>> ---
>>>   drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>>>   1 file changed, 2 insertions(+)
>>>
>>> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
>>> index 50d02e5fc6fc..1b95d18d9e0b 100644
>>> --- a/drivers/iio/adc/at91-sama5d2_adc.c
>>> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
>>> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>>>   	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>>>   	struct at91_adc_state *st = iio_priv(indio_dev);
>>>   
>>> +	disable_irq_nosync(st->irq);
>>> +	cancel_work_sync(&st->touch_st.workq);
>> I'd like some input form someone more familiar with this driver than I am.
>>
>> In particular, whilst it fixes the bug seen I'm not sure what the most
>> logical ordering for the disable is or the best way to do it.
>>
>> I'd prefer to see the irq cut off at source by disabling it at the device
>> feature that is generating the irq followed by cancelling or waiting for
>> completion of any in flight work.
>The usually way you'd do this by calling free_irq() before the 
>cancel_work_sync().

Hi,

Thank you for your response and feedback on my patch. I appreciate your input and would like to address your concerns.

Regarding the best way to disable the IRQ, I agree that calling free_irq() before cancel_work_sync() would be a better approach. This ensures that the IRQ is completely disabled at the source, and any in-flight work is finished before removing the driver. I will make this change in the patch.

Best regards,
Zheng Wang

>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re:Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[王征]

At 2023-03-19 22:22:22, "Jonathan Cameron" <jic23@kernel.org> wrote:
>On Sat, 18 Mar 2023 10:36:04 -0700
>Lars-Peter Clausen <lars@metafoo.de> wrote:
>
>> On 3/18/23 10:39, Jonathan Cameron wrote:
>> > On Fri, 10 Mar 2023 17:12:39 +0800
>> > Zheng Wang <zyytlz.wz@163.com> wrote:
>> >  
>> >> In at91_adc_probe, &st->touch_st.workq is bound with
>> >> at91_adc_workq_handler. Then it will be started by irq
>> >> handler at91_adc_touch_data_handler
>> >>
>> >> If we remove the driver which will call at91_adc_remove
>> >>    to make cleanup, there may be a unfinished work.
>> >>
>> >> The possible sequence is as follows:
>> >>
>> >> Fix it by finishing the work before cleanup in the at91_adc_remove
>> >>
>> >> CPU0                  CPU1
>> >>
>> >>                      |at91_adc_workq_handler
>> >> at91_adc_remove     |
>> >> iio_device_unregister|
>> >> iio_dev_release     |
>> >> kfree(iio_dev_opaque);|
>> >>                      |
>> >>                      |iio_push_to_buffers
>> >>                      |&iio_dev_opaque->buffer_list
>> >>                      |//use
>> >> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
>> >> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
>> >> ---
>> >>   drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>> >>   1 file changed, 2 insertions(+)
>> >>
>> >> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
>> >> index 50d02e5fc6fc..1b95d18d9e0b 100644
>> >> --- a/drivers/iio/adc/at91-sama5d2_adc.c
>> >> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
>> >> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>> >>   	struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>> >>   	struct at91_adc_state *st = iio_priv(indio_dev);
>> >>   
>> >> +	disable_irq_nosync(st->irq);
>> >> +	cancel_work_sync(&st->touch_st.workq);  
>> > I'd like some input form someone more familiar with this driver than I am.
>> >
>> > In particular, whilst it fixes the bug seen I'm not sure what the most
>> > logical ordering for the disable is or the best way to do it.
>> >
>> > I'd prefer to see the irq cut off at source by disabling it at the device
>> > feature that is generating the irq followed by cancelling or waiting for
>> > completion of any in flight work.  
>> The usually way you'd do this by calling free_irq() before the 
>> cancel_work_sync().
>
>I'd go a little further than that and disable the interrupt source at the
>device (if possible) then call free_irq() then cancel_work_sync()
>
>Otherwise the device is merrily monitoring something and generating interrupts
>that we don't care about.  Might well be wasting power doing that, though I haven't
>checked the flow in this particular case.

>



Dear Lars-Peter Clausen,
Thank you for your response to my question. I appreciate your suggestion to disable the interrupt source at the device before calling free_irq() and cancel_work_sync(). 
However, I am not sure which specific function to use in order to achieve this. 
Can you please provide more information on which function to use and how to use it?

Thank you very much for your help.

Best regards,
Zheng Wang

>Jonathan
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[Nicolas Ferre]

On 10/03/2023 at 10:12, Zheng Wang wrote:
> In at91_adc_probe, &st->touch_st.workq is bound with
> at91_adc_workq_handler. Then it will be started by irq
> handler at91_adc_touch_data_handler
> 
> If we remove the driver which will call at91_adc_remove
>    to make cleanup, there may be a unfinished work.
> 
> The possible sequence is as follows:
> 
> Fix it by finishing the work before cleanup in the at91_adc_remove
> 
> CPU0                  CPU1
> 
>                      |at91_adc_workq_handler
> at91_adc_remove     |
> iio_device_unregister|
> iio_dev_release     |
> kfree(iio_dev_opaque);|
>                      |
>                      |iio_push_to_buffers
>                      |&iio_dev_opaque->buffer_list
>                      |//use

There is no such thing as a SMP platform using this driver (yet?), so we 
agree that this fix is purely theoretical, cannot be reproduced nor its 
fix validated.

That being said, I'm happy that enhancements are provided to this 
driver, no doubt about that.


> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
> ---
>   drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
> index 50d02e5fc6fc..1b95d18d9e0b 100644
> --- a/drivers/iio/adc/at91-sama5d2_adc.c
> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>          struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>          struct at91_adc_state *st = iio_priv(indio_dev);
> 
> +       disable_irq_nosync(st->irq);
> +       cancel_work_sync(&st->touch_st.workq);

About stopping the source of interrupt, I would recommend using a 
sequence already exposed in at91_adc_hw_init (and possibly make it 
common), like:

    if (st->soc_info.platform->layout->EOC_IDR)
            at91_adc_writel(st, EOC_IDR, 0xffffffff);
    at91_adc_writel(st, IDR, 0xffffffff);

Regards,
   Nicolas

>          iio_device_unregister(indio_dev);
> 
>          at91_adc_dma_disable(st);
> --
> 2.25.1
> 

-- 
Nicolas Ferre


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re:Re: [PATCH] iio: at91-sama5d2_adc: Fix use after free bug in at91_adc_remove due to race condition

[王征]

At 2023-03-20 16:35:24, "Nicolas Ferre" <nicolas.ferre@microchip.com> wrote:
>On 10/03/2023 at 10:12, Zheng Wang wrote:
>> In at91_adc_probe, &st->touch_st.workq is bound with
>> at91_adc_workq_handler. Then it will be started by irq
>> handler at91_adc_touch_data_handler
>> 
>> If we remove the driver which will call at91_adc_remove
>>    to make cleanup, there may be a unfinished work.
>> 
>> The possible sequence is as follows:
>> 
>> Fix it by finishing the work before cleanup in the at91_adc_remove
>> 
>> CPU0                  CPU1
>> 
>>                      |at91_adc_workq_handler
>> at91_adc_remove     |
>> iio_device_unregister|
>> iio_dev_release     |
>> kfree(iio_dev_opaque);|
>>                      |
>>                      |iio_push_to_buffers
>>                      |&iio_dev_opaque->buffer_list
>>                      |//use
>
>There is no such thing as a SMP platform using this driver (yet?), so we 
>agree that this fix is purely theoretical, cannot be reproduced nor its 
>fix validated.
>
>That being said, I'm happy that enhancements are provided to this 
>driver, no doubt about that.
>

Hi Nicolas,

Thanks for your reply. I'm not familiar with the module and I think you're right.

>
>> Fixes: 23ec2774f1cc ("iio: adc: at91-sama5d2_adc: add support for position and pressure channels")
>> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
>> ---
>>   drivers/iio/adc/at91-sama5d2_adc.c | 2 ++
>>   1 file changed, 2 insertions(+)
>> 
>> diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
>> index 50d02e5fc6fc..1b95d18d9e0b 100644
>> --- a/drivers/iio/adc/at91-sama5d2_adc.c
>> +++ b/drivers/iio/adc/at91-sama5d2_adc.c
>> @@ -2495,6 +2495,8 @@ static int at91_adc_remove(struct platform_device *pdev)
>>          struct iio_dev *indio_dev = platform_get_drvdata(pdev);
>>          struct at91_adc_state *st = iio_priv(indio_dev);
>> 
>> +       disable_irq_nosync(st->irq);
>> +       cancel_work_sync(&st->touch_st.workq);
>
>About stopping the source of interrupt, I would recommend using a 
>sequence already exposed in at91_adc_hw_init (and possibly make it 
>common), like:
>
>    if (st->soc_info.platform->layout->EOC_IDR)
>            at91_adc_writel(st, EOC_IDR, 0xffffffff);
>    at91_adc_writel(st, IDR, 0xffffffff);
>

Thanks fou your advice. I'll apply it in the next version.

Best regards,
Zheng

>Regards,
>   Nicolas
>
>>          iio_device_unregister(indio_dev);
>> 
>>          at91_adc_dma_disable(st);
>> --
>> 2.25.1
>> 
>
>-- 
>Nicolas Ferre
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel