If a PCA953x gpio was used as an interrupt and then released, the shutdown function was trying to extract the pca953x_chip pointer directly from the irq_data, but in reality was getting the gpio_chip structure.
The net effect was that the subsequent writes to the data structure corrupted data in the gpio_chip structure, which wasn't immediately obvious until attempting to use the GPIO again in the future, at which point the kernel panics.
This fix correctly extracts the pca953x_chip structure via the gpio_chip structure, as is correctly done in the other irq functions.
Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") Signed-off-by: Mark Walton mark.walton@serialtek.com --- drivers/gpio/gpio-pca953x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index caf7dd1..6bd55a4 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -659,7 +659,8 @@ static int pca953x_irq_set_type(struct irq_data *d, unsigned int type)
static void pca953x_irq_shutdown(struct irq_data *d) { - struct pca953x_chip *chip = irq_data_get_irq_chip_data(d); + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct pca953x_chip *chip = gpiochip_get_data(gc); u8 mask = 1 << (d->hwirq % BANK_SZ);
chip->irq_trig_raise[d->hwirq / BANK_SZ] &= ~mask;
czw., 28 lut 2019 o 15:27 Mark Walton mark.walton@serialtek.com napisaĆ(a):
If a PCA953x gpio was used as an interrupt and then released, the shutdown function was trying to extract the pca953x_chip pointer directly from the irq_data, but in reality was getting the gpio_chip structure.
The net effect was that the subsequent writes to the data structure corrupted data in the gpio_chip structure, which wasn't immediately obvious until attempting to use the GPIO again in the future, at which point the kernel panics.
This fix correctly extracts the pca953x_chip structure via the gpio_chip structure, as is correctly done in the other irq functions.
Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") Signed-off-by: Mark Walton mark.walton@serialtek.com
drivers/gpio/gpio-pca953x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index caf7dd1..6bd55a4 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -659,7 +659,8 @@ static int pca953x_irq_set_type(struct irq_data *d, unsigned int type)
static void pca953x_irq_shutdown(struct irq_data *d) {
struct pca953x_chip *chip = irq_data_get_irq_chip_data(d);
struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
struct pca953x_chip *chip = gpiochip_get_data(gc); u8 mask = 1 << (d->hwirq % BANK_SZ); chip->irq_trig_raise[d->hwirq / BANK_SZ] &= ~mask;
-- 2.7.4
Reviewed-by: Bartosz Golaszewski bgolaszewski@baylibre.com
On Thu, Feb 28, 2019 at 02:27:33PM +0000, Mark Walton wrote:
If a PCA953x gpio was used as an interrupt and then released, the shutdown function was trying to extract the pca953x_chip pointer directly from the irq_data, but in reality was getting the gpio_chip structure.
The net effect was that the subsequent writes to the data structure corrupted data in the gpio_chip structure, which wasn't immediately obvious until attempting to use the GPIO again in the future, at which point the kernel panics.
This fix correctly extracts the pca953x_chip structure via the gpio_chip structure, as is correctly done in the other irq functions.
Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") Signed-off-by: Mark Walton mark.walton@serialtek.com
drivers/gpio/gpio-pca953x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
<formletter>
This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.
</formletter>
-----Original Message----- From: Greg KH gregkh@linuxfoundation.org Sent: 28 February 2019 15:16 To: Mark Walton mark.walton@serialtek.com Cc: Linus Walleij linus.walleij@linaro.org; Bartosz Golaszewski bgolaszewski@baylibre.com; Marek Vasut marek.vasut@gmail.com; linux-gpio@vger.kernel.org; stable@vger.kernel.org Subject: Re: [PATCH v2] gpio: pca953x: Fix dereference of irq data in shutdown
On Thu, Feb 28, 2019 at 02:27:33PM +0000, Mark Walton wrote:
If a PCA953x gpio was used as an interrupt and then released, the shutdown function was trying to extract the pca953x_chip pointer directly from the irq_data, but in reality was getting the gpio_chip structure.
The net effect was that the subsequent writes to the data structure corrupted data in the gpio_chip structure, which wasn't immediately obvious until attempting to use the GPIO again in the future, at which point the kernel panics.
This fix correctly extracts the pca953x_chip structure via the gpio_chip structure, as is correctly done in the other irq functions.
Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") Signed-off-by: Mark Walton mark.walton@serialtek.com
drivers/gpio/gpio-pca953x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
<formletter>
This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.
</formletter>
Hi Greg,
Apologies, I'm pretty new to submitting patches to the kernel.
Is it just a case of needing to move the CC: stable@vger.kernel.org line to the sign-off area?
As far as I can tell it meets all of the other requirements (with the exception of not being in the upstream).
Thanks,
Mark
On Thu, Feb 28, 2019 at 03:33:47PM +0000, Mark Walton wrote:
-----Original Message----- From: Greg KH gregkh@linuxfoundation.org Sent: 28 February 2019 15:16 To: Mark Walton mark.walton@serialtek.com Cc: Linus Walleij linus.walleij@linaro.org; Bartosz Golaszewski bgolaszewski@baylibre.com; Marek Vasut marek.vasut@gmail.com; linux-gpio@vger.kernel.org; stable@vger.kernel.org Subject: Re: [PATCH v2] gpio: pca953x: Fix dereference of irq data in shutdown
On Thu, Feb 28, 2019 at 02:27:33PM +0000, Mark Walton wrote:
If a PCA953x gpio was used as an interrupt and then released, the shutdown function was trying to extract the pca953x_chip pointer directly from the irq_data, but in reality was getting the gpio_chip structure.
The net effect was that the subsequent writes to the data structure corrupted data in the gpio_chip structure, which wasn't immediately obvious until attempting to use the GPIO again in the future, at which point the kernel panics.
This fix correctly extracts the pca953x_chip structure via the gpio_chip structure, as is correctly done in the other irq functions.
Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown") Signed-off-by: Mark Walton mark.walton@serialtek.com
drivers/gpio/gpio-pca953x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
<formletter>
This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.
</formletter>
Hi Greg,
Apologies, I'm pretty new to submitting patches to the kernel.
Is it just a case of needing to move the CC: stable@vger.kernel.org line to the sign-off area?
Yes, that's what the documentation says to do, correct?
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org