[PATCH 2/2] gpio: fix gpio-device list corruption

From: Johan Hovold
Date: Fri Feb 26 2021 - 09:56:10 EST

Next message: J. Bruce Fields: "Re: [PATCH] Repair misuse of sv_lock in 5.10.16-rt30."
Previous message: Johan Hovold: "[PATCH 0/2] gpio: regression fixes"
In reply to: Saravana Kannan: "Re: [PATCH 1/2] gpio: fix NULL-deref-on-deregistration regression"
Next in thread: Saravana Kannan: "Re: [PATCH 2/2] gpio: fix gpio-device list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Make sure to hold the gpio_lock when removing the gpio device from the
gpio_devices list (when dropping the last reference) to avoid corrupting
the list when there are concurrent accesses.

Fixes: ff2b13592299 ("gpio: make the gpiochip a real device")
Cc: stable@xxxxxxxxxxxxxxx # 4.6
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
---
drivers/gpio/gpiolib.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index e1016bc8cf14..42bdc55a15f9 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -475,8 +475,12 @@ EXPORT_SYMBOL_GPL(gpiochip_line_is_valid);
static void gpiodevice_release(struct device *dev)
{
struct gpio_device *gdev = container_of(dev, struct gpio_device, dev);
+ unsigned long flags;

+ spin_lock_irqsave(&gpio_lock, flags);
list_del(&gdev->list);
+ spin_unlock_irqrestore(&gpio_lock, flags);
+
ida_free(&gpio_ida, gdev->id);
kfree_const(gdev->label);
kfree(gdev->descs);
--
2.26.2

Next message: J. Bruce Fields: "Re: [PATCH] Repair misuse of sv_lock in 5.10.16-rt30."
Previous message: Johan Hovold: "[PATCH 0/2] gpio: regression fixes"
In reply to: Saravana Kannan: "Re: [PATCH 1/2] gpio: fix NULL-deref-on-deregistration regression"
Next in thread: Saravana Kannan: "Re: [PATCH 2/2] gpio: fix gpio-device list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]