Commit 25d071b3 authored Dec 19, 2019 by Jia-Ju Bai Committed by Linus Walleij Jan 07, 2020

gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_remove()



drivers/gpio/gpiolib-sysfs.c, 796:
	mutex_lock in gpiochip_sysfs_unregister
drivers/gpio/gpiolib.c, 1455:
	gpiochip_sysfs_unregister in gpiochip_remove
drivers/gpio/gpio-grgpio.c, 460:
	gpiochip_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
	_raw_spin_lock_irqsave in grgpio_remove

kernel/irq/irqdomain.c, 243:
	mutex_lock in irq_domain_remove
drivers/gpio/gpio-grgpio.c, 463:
	irq_domain_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
	_raw_spin_lock_irqsave in grgpio_remove

mutex_lock() can sleep at runtime.

To fix these bugs, the lock is dropped in grgpio_remove(), because there
is no need for locking in remove() callbacks.

These bugs are found by a static analysis tool STCheck written by
myself.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20191219131459.18640-1-baijiaju1990@gmail.com


Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

parent 048ae7e8

drivers/gpio/gpio-grgpio.c

+0 −4

Original line number	Diff line number	Diff line
		@@ -437,8 +437,6 @@ static int grgpio_remove(struct platform_device *ofdev)
		int i;
		int ret = 0;

		spin_lock_irqsave(&priv->gc.bgpio_lock, flags);

		if (priv->domain) {
		for (i = 0; i < GRGPIO_MAX_NGPIO; i++) {
		if (priv->uirqs[i].refcnt != 0) {
		@@ -454,8 +452,6 @@ static int grgpio_remove(struct platform_device *ofdev)
		irq_domain_remove(priv->domain);

		out:
		spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags);

		return ret;
		}

Admin message