lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YyqKfxpAjdSU9r+2@sol>
Date:   Wed, 21 Sep 2022 11:52:31 +0800
From:   Kent Gibson <warthog618@...il.com>
To:     Meng Li <Meng.Li@...driver.com>
Cc:     linus.walleij@...aro.org, brgl@...ev.pl,
        linux-gpio@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] gpiolib: cdev: Set lineevent_state::irq after IRQ
 register successfully

On Wed, Sep 21, 2022 at 11:20:20AM +0800, Meng Li wrote:
> When running gpio test on nxp-ls1028 platform with below command
> gpiomon --num-events=3 --rising-edge gpiochip1 25
> There will be a warning trace as below:
> Call trace:
> free_irq+0x204/0x360
> lineevent_free+0x64/0x70
> gpio_ioctl+0x598/0x6a0
> __arm64_sys_ioctl+0xb4/0x100
> invoke_syscall+0x5c/0x130
> ......
> el0t_64_sync+0x1a0/0x1a4
> The reason of this issue is that calling request_threaded_irq()
> function failed, and then lineevent_free() is invoked to release
> the resource. Since the lineevent_state::irq was already set, so
> the subsequent invocation of free_irq() would trigger the above
> warning call trace. To fix this issue, set the lineevent_state::irq
> after the IRQ register successfully.
> 
> Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free")
> Cc: stable@...r.kernel.org
> Signed-off-by: Meng Li <Meng.Li@...driver.com>

Good pick up - the IRQ shouldn't be freed if it hasn't been successfully requested.

Signed-off-by: Kent Gibson <warthog618@...il.com>

> ---
>  drivers/gpio/gpiolib-cdev.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index ffa0256cad5a..937e7a8dd8a9 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
>  		ret = -ENODEV;
>  		goto out_free_le;
>  	}
> -	le->irq = irq;
>  
>  	if (eflags & GPIOEVENT_REQUEST_RISING_EDGE)
>  		irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ?
> @@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
>  	init_waitqueue_head(&le->wait);
>  
>  	/* Request a thread to read the events */
> -	ret = request_threaded_irq(le->irq,
> +	ret = request_threaded_irq(irq,
>  				   lineevent_irq_handler,
>  				   lineevent_irq_thread,
>  				   irqflags,
> @@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
>  	if (ret)
>  		goto out_free_le;
>  
> +	le->irq = irq;
> +
>  	fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
>  	if (fd < 0) {
>  		ret = fd;
> -- 
> 2.36.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ