Re: [PATCH 1/2] gpio: sim: dispose of irq mappings before destroying the irq_sim domain

From: Andy Shevchenko
Date: Tue Aug 22 2023 - 08:12:11 EST

Next message: Kefeng Wang: "Re: [PATCH rfc v2 05/10] powerpc: mm: use try_vma_locked_page_fault()"
Previous message: Yadav, Arvind: "Re: [PATCH v2 3/7] drm/amdgpu: Add new function to put GPU power profile"
In reply to: Andy Shevchenko: "Re: [PATCH 2/2] gpio: sim: pass the GPIO device's software node to irq domain"
Next in thread: Bartosz Golaszewski: "Re: [PATCH 1/2] gpio: sim: dispose of irq mappings before destroying the irq_sim domain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 22, 2023 at 09:51:21AM +0200, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
>
> If a GPIO simulator device is unbound with interrupts still requested,
> we will hit a use-after-free issue in __irq_domain_deactivate_irq(). The
> owner of the irq domain must dispose of all mappings before destroying
> the domain object.

...

> +static void gpio_sim_dispose_mappings(void *data)
> +{
> + struct gpio_sim_chip *chip = data;
> + unsigned int i, irq;
> +
> + for (i = 0; i < chip->gc.ngpio; i++) {
> + irq = irq_find_mapping(chip->irq_sim, i);

> + if (irq)

This duplicates check in the following call.

> + irq_dispose_mapping(irq);
> + }
> +}

--
With Best Regards,
Andy Shevchenko

Next message: Kefeng Wang: "Re: [PATCH rfc v2 05/10] powerpc: mm: use try_vma_locked_page_fault()"
Previous message: Yadav, Arvind: "Re: [PATCH v2 3/7] drm/amdgpu: Add new function to put GPU power profile"
In reply to: Andy Shevchenko: "Re: [PATCH 2/2] gpio: sim: pass the GPIO device's software node to irq domain"
Next in thread: Bartosz Golaszewski: "Re: [PATCH 1/2] gpio: sim: dispose of irq mappings before destroying the irq_sim domain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]