| Message ID | 20190228142539.GA7744@mark-devvm |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] gpio: pca953x: Fix dereference of irq data in shutdown | expand |
czw., 28 lut 2019 o 15:27 Mark Walton <mark.walton@serialtek.com> napisaĆ(a): > > If a PCA953x gpio was used as an interrupt and then released, > the shutdown function was trying to extract the pca953x_chip > pointer directly from the irq_data, but in reality was getting > the gpio_chip structure. > > The net effect was that the subsequent writes to the data > structure corrupted data in the gpio_chip structure, which wasn't > immediately obvious until attempting to use the GPIO again in the > future, at which point the kernel panics. > > This fix correctly extracts the pca953x_chip structure via the > gpio_chip structure, as is correctly done in the other irq > functions. > > Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") > Signed-off-by: Mark Walton <mark.walton@serialtek.com> > --- > drivers/gpio/gpio-pca953x.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c > index caf7dd1..6bd55a4 100644 > --- a/drivers/gpio/gpio-pca953x.c > +++ b/drivers/gpio/gpio-pca953x.c > @@ -659,7 +659,8 @@ static int pca953x_irq_set_type(struct irq_data *d, unsigned int type) > > static void pca953x_irq_shutdown(struct irq_data *d) > { > - struct pca953x_chip *chip = irq_data_get_irq_chip_data(d); > + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); > + struct pca953x_chip *chip = gpiochip_get_data(gc); > u8 mask = 1 << (d->hwirq % BANK_SZ); > > chip->irq_trig_raise[d->hwirq / BANK_SZ] &= ~mask; > -- > 2.7.4 > Reviewed-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
On Thu, Feb 28, 2019 at 02:27:33PM +0000, Mark Walton wrote: > If a PCA953x gpio was used as an interrupt and then released, > the shutdown function was trying to extract the pca953x_chip > pointer directly from the irq_data, but in reality was getting > the gpio_chip structure. > > The net effect was that the subsequent writes to the data > structure corrupted data in the gpio_chip structure, which wasn't > immediately obvious until attempting to use the GPIO again in the > future, at which point the kernel panics. > > This fix correctly extracts the pca953x_chip structure via the > gpio_chip structure, as is correctly done in the other irq > functions. > > Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") > Signed-off-by: Mark Walton <mark.walton@serialtek.com> > --- > drivers/gpio/gpio-pca953x.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) <formletter> This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly. </formletter>
> -----Original Message----- > From: Greg KH <gregkh@linuxfoundation.org> > Sent: 28 February 2019 15:16 > To: Mark Walton <mark.walton@serialtek.com> > Cc: Linus Walleij <linus.walleij@linaro.org>; Bartosz Golaszewski > <bgolaszewski@baylibre.com>; Marek Vasut <marek.vasut@gmail.com>; > linux-gpio@vger.kernel.org; stable@vger.kernel.org > Subject: Re: [PATCH v2] gpio: pca953x: Fix dereference of irq data in > shutdown > > On Thu, Feb 28, 2019 at 02:27:33PM +0000, Mark Walton wrote: > > If a PCA953x gpio was used as an interrupt and then released, the > > shutdown function was trying to extract the pca953x_chip pointer > > directly from the irq_data, but in reality was getting the gpio_chip > > structure. > > > > The net effect was that the subsequent writes to the data structure > > corrupted data in the gpio_chip structure, which wasn't immediately > > obvious until attempting to use the GPIO again in the future, at which > > point the kernel panics. > > > > This fix correctly extracts the pca953x_chip structure via the > > gpio_chip structure, as is correctly done in the other irq functions. > > > > Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq > > shutdown") > > Signed-off-by: Mark Walton <mark.walton@serialtek.com> > > --- > > drivers/gpio/gpio-pca953x.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > <formletter> > > This is not the correct way to submit patches for inclusion in the stable kernel > tree. Please read: > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > for how to do this properly. > > </formletter> Hi Greg, Apologies, I'm pretty new to submitting patches to the kernel. Is it just a case of needing to move the CC: stable@vger.kernel.org line to the sign-off area? As far as I can tell it meets all of the other requirements (with the exception of not being in the upstream). Thanks, Mark
On Thu, Feb 28, 2019 at 03:33:47PM +0000, Mark Walton wrote: > > > > -----Original Message----- > > From: Greg KH <gregkh@linuxfoundation.org> > > Sent: 28 February 2019 15:16 > > To: Mark Walton <mark.walton@serialtek.com> > > Cc: Linus Walleij <linus.walleij@linaro.org>; Bartosz Golaszewski > > <bgolaszewski@baylibre.com>; Marek Vasut <marek.vasut@gmail.com>; > > linux-gpio@vger.kernel.org; stable@vger.kernel.org > > Subject: Re: [PATCH v2] gpio: pca953x: Fix dereference of irq data in > > shutdown > > > > On Thu, Feb 28, 2019 at 02:27:33PM +0000, Mark Walton wrote: > > > If a PCA953x gpio was used as an interrupt and then released, the > > > shutdown function was trying to extract the pca953x_chip pointer > > > directly from the irq_data, but in reality was getting the gpio_chip > > > structure. > > > > > > The net effect was that the subsequent writes to the data structure > > > corrupted data in the gpio_chip structure, which wasn't immediately > > > obvious until attempting to use the GPIO again in the future, at which > > > point the kernel panics. > > > > > > This fix correctly extracts the pca953x_chip structure via the > > > gpio_chip structure, as is correctly done in the other irq functions. > > > > > > Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq > > > shutdown") > > > Signed-off-by: Mark Walton <mark.walton@serialtek.com> > > > --- > > > drivers/gpio/gpio-pca953x.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > <formletter> > > > > This is not the correct way to submit patches for inclusion in the stable kernel > > tree. Please read: > > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > > for how to do this properly. > > > > </formletter> > > Hi Greg, > > Apologies, I'm pretty new to submitting patches to the kernel. > > Is it just a case of needing to move the CC: stable@vger.kernel.org > line to the sign-off area? Yes, that's what the documentation says to do, correct? thanks, greg k-h
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index caf7dd1..6bd55a4 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -659,7 +659,8 @@ static int pca953x_irq_set_type(struct irq_data *d, unsigned int type) static void pca953x_irq_shutdown(struct irq_data *d) { - struct pca953x_chip *chip = irq_data_get_irq_chip_data(d); + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct pca953x_chip *chip = gpiochip_get_data(gc); u8 mask = 1 << (d->hwirq % BANK_SZ); chip->irq_trig_raise[d->hwirq / BANK_SZ] &= ~mask;
If a PCA953x gpio was used as an interrupt and then released, the shutdown function was trying to extract the pca953x_chip pointer directly from the irq_data, but in reality was getting the gpio_chip structure. The net effect was that the subsequent writes to the data structure corrupted data in the gpio_chip structure, which wasn't immediately obvious until attempting to use the GPIO again in the future, at which point the kernel panics. This fix correctly extracts the pca953x_chip structure via the gpio_chip structure, as is correctly done in the other irq functions. Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") Signed-off-by: Mark Walton <mark.walton@serialtek.com> --- drivers/gpio/gpio-pca953x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)