| Message ID | 20220921032020.25398-1-Meng.Li@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully | expand |
On Wed, Sep 21, 2022 at 11:20:20AM +0800, Meng Li wrote: > When running gpio test on nxp-ls1028 platform with below command > gpiomon --num-events=3 --rising-edge gpiochip1 25 > There will be a warning trace as below: > Call trace: > free_irq+0x204/0x360 > lineevent_free+0x64/0x70 > gpio_ioctl+0x598/0x6a0 > __arm64_sys_ioctl+0xb4/0x100 > invoke_syscall+0x5c/0x130 > ...... > el0t_64_sync+0x1a0/0x1a4 > The reason of this issue is that calling request_threaded_irq() > function failed, and then lineevent_free() is invoked to release > the resource. Since the lineevent_state::irq was already set, so > the subsequent invocation of free_irq() would trigger the above > warning call trace. To fix this issue, set the lineevent_state::irq > after the IRQ register successfully. > > Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free") > Cc: stable@vger.kernel.org > Signed-off-by: Meng Li <Meng.Li@windriver.com> Good pick up - the IRQ shouldn't be freed if it hasn't been successfully requested. Signed-off-by: Kent Gibson <warthog618@gmail.com> > --- > drivers/gpio/gpiolib-cdev.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c > index ffa0256cad5a..937e7a8dd8a9 100644 > --- a/drivers/gpio/gpiolib-cdev.c > +++ b/drivers/gpio/gpiolib-cdev.c > @@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) > ret = -ENODEV; > goto out_free_le; > } > - le->irq = irq; > > if (eflags & GPIOEVENT_REQUEST_RISING_EDGE) > irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? > @@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) > init_waitqueue_head(&le->wait); > > /* Request a thread to read the events */ > - ret = request_threaded_irq(le->irq, > + ret = request_threaded_irq(irq, > lineevent_irq_handler, > lineevent_irq_thread, > irqflags, > @@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) > if (ret) > goto out_free_le; > > + le->irq = irq; > + > fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC); > if (fd < 0) { > ret = fd; > -- > 2.36.1 >
On Wed, Sep 21, 2022 at 11:52:31AM +0800, Kent Gibson wrote: > On Wed, Sep 21, 2022 at 11:20:20AM +0800, Meng Li wrote: > > When running gpio test on nxp-ls1028 platform with below command > > gpiomon --num-events=3 --rising-edge gpiochip1 25 > > There will be a warning trace as below: > > Call trace: > > free_irq+0x204/0x360 > > lineevent_free+0x64/0x70 > > gpio_ioctl+0x598/0x6a0 > > __arm64_sys_ioctl+0xb4/0x100 > > invoke_syscall+0x5c/0x130 > > ...... > > el0t_64_sync+0x1a0/0x1a4 > > The reason of this issue is that calling request_threaded_irq() > > function failed, and then lineevent_free() is invoked to release > > the resource. Since the lineevent_state::irq was already set, so > > the subsequent invocation of free_irq() would trigger the above > > warning call trace. To fix this issue, set the lineevent_state::irq > > after the IRQ register successfully. > > > > Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free") > > Cc: stable@vger.kernel.org > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > > Good pick up - the IRQ shouldn't be freed if it hasn't been successfully requested. > > Signed-off-by: Kent Gibson <warthog618@gmail.com> > Oops, that should be Reviewed-by: Kent Gibson <warthog618@gmail.com>
On Wed, Sep 21, 2022 at 5:23 AM Meng Li <Meng.Li@windriver.com> wrote: > > When running gpio test on nxp-ls1028 platform with below command > gpiomon --num-events=3 --rising-edge gpiochip1 25 > There will be a warning trace as below: > Call trace: > free_irq+0x204/0x360 > lineevent_free+0x64/0x70 > gpio_ioctl+0x598/0x6a0 > __arm64_sys_ioctl+0xb4/0x100 > invoke_syscall+0x5c/0x130 > ...... > el0t_64_sync+0x1a0/0x1a4 > The reason of this issue is that calling request_threaded_irq() > function failed, and then lineevent_free() is invoked to release > the resource. Since the lineevent_state::irq was already set, so > the subsequent invocation of free_irq() would trigger the above > warning call trace. To fix this issue, set the lineevent_state::irq > after the IRQ register successfully. > > Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free") > Cc: stable@vger.kernel.org > Signed-off-by: Meng Li <Meng.Li@windriver.com> > --- > drivers/gpio/gpiolib-cdev.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c > index ffa0256cad5a..937e7a8dd8a9 100644 > --- a/drivers/gpio/gpiolib-cdev.c > +++ b/drivers/gpio/gpiolib-cdev.c > @@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) > ret = -ENODEV; > goto out_free_le; > } > - le->irq = irq; > > if (eflags & GPIOEVENT_REQUEST_RISING_EDGE) > irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? > @@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) > init_waitqueue_head(&le->wait); > > /* Request a thread to read the events */ > - ret = request_threaded_irq(le->irq, > + ret = request_threaded_irq(irq, > lineevent_irq_handler, > lineevent_irq_thread, > irqflags, > @@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) > if (ret) > goto out_free_le; > > + le->irq = irq; > + > fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC); > if (fd < 0) { > ret = fd; > -- > 2.36.1 > Applied, thanks! Bart
diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index ffa0256cad5a..937e7a8dd8a9 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) ret = -ENODEV; goto out_free_le; } - le->irq = irq; if (eflags & GPIOEVENT_REQUEST_RISING_EDGE) irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? @@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) init_waitqueue_head(&le->wait); /* Request a thread to read the events */ - ret = request_threaded_irq(le->irq, + ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, @@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + le->irq = irq; + fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC); if (fd < 0) { ret = fd;
When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpiochip1 25 There will be a warning trace as below: Call trace: free_irq+0x204/0x360 lineevent_free+0x64/0x70 gpio_ioctl+0x598/0x6a0 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x5c/0x130 ...... el0t_64_sync+0x1a0/0x1a4 The reason of this issue is that calling request_threaded_irq() function failed, and then lineevent_free() is invoked to release the resource. Since the lineevent_state::irq was already set, so the subsequent invocation of free_irq() would trigger the above warning call trace. To fix this issue, set the lineevent_state::irq after the IRQ register successfully. Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free") Cc: stable@vger.kernel.org Signed-off-by: Meng Li <Meng.Li@windriver.com> --- drivers/gpio/gpiolib-cdev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)