When running gpio test on nxp-ls1028 platform with below command
gpiomon --num-events=3 --rising-edge gpiochip1 25
There will be a warning trace as below:
Call trace:
free_irq+0x204/0x360
lineevent_free+0x64/0x70
gpio_ioctl+0x598/0x6a0
__arm64_sys_ioctl+0xb4/0x100
invoke_syscall+0x5c/0x130
......
el0t_64_sync+0x1a0/0x1a4
The reason of this issue is that calling request_threaded_irq()
function failed, and then lineevent_free() is invoked to release
the resource. Since the lineevent_state::irq was already set, so
the subsequent invocation of free_irq() would trigger the above
warning call trace. To fix this issue, set the lineevent_state::irq
after the IRQ register successfully.
Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free")
Cc: [email protected]
Signed-off-by: Meng Li <[email protected]>
---
drivers/gpio/gpiolib-cdev.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index ffa0256cad5a..937e7a8dd8a9 100644
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
ret = -ENODEV;
goto out_free_le;
}
- le->irq = irq;
if (eflags & GPIOEVENT_REQUEST_RISING_EDGE)
irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ?
@@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
init_waitqueue_head(&le->wait);
/* Request a thread to read the events */
- ret = request_threaded_irq(le->irq,
+ ret = request_threaded_irq(irq,
lineevent_irq_handler,
lineevent_irq_thread,
irqflags,
@@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
if (ret)
goto out_free_le;
+ le->irq = irq;
+
fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
if (fd < 0) {
ret = fd;
--
2.36.1
On Wed, Sep 21, 2022 at 11:20:20AM +0800, Meng Li wrote:
> When running gpio test on nxp-ls1028 platform with below command
> gpiomon --num-events=3 --rising-edge gpiochip1 25
> There will be a warning trace as below:
> Call trace:
> free_irq+0x204/0x360
> lineevent_free+0x64/0x70
> gpio_ioctl+0x598/0x6a0
> __arm64_sys_ioctl+0xb4/0x100
> invoke_syscall+0x5c/0x130
> ......
> el0t_64_sync+0x1a0/0x1a4
> The reason of this issue is that calling request_threaded_irq()
> function failed, and then lineevent_free() is invoked to release
> the resource. Since the lineevent_state::irq was already set, so
> the subsequent invocation of free_irq() would trigger the above
> warning call trace. To fix this issue, set the lineevent_state::irq
> after the IRQ register successfully.
>
> Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free")
> Cc: [email protected]
> Signed-off-by: Meng Li <[email protected]>
Good pick up - the IRQ shouldn't be freed if it hasn't been successfully requested.
Signed-off-by: Kent Gibson <[email protected]>
> ---
> drivers/gpio/gpiolib-cdev.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index ffa0256cad5a..937e7a8dd8a9 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> ret = -ENODEV;
> goto out_free_le;
> }
> - le->irq = irq;
>
> if (eflags & GPIOEVENT_REQUEST_RISING_EDGE)
> irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ?
> @@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> init_waitqueue_head(&le->wait);
>
> /* Request a thread to read the events */
> - ret = request_threaded_irq(le->irq,
> + ret = request_threaded_irq(irq,
> lineevent_irq_handler,
> lineevent_irq_thread,
> irqflags,
> @@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> if (ret)
> goto out_free_le;
>
> + le->irq = irq;
> +
> fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
> if (fd < 0) {
> ret = fd;
> --
> 2.36.1
>
On Wed, Sep 21, 2022 at 11:52:31AM +0800, Kent Gibson wrote:
> On Wed, Sep 21, 2022 at 11:20:20AM +0800, Meng Li wrote:
> > When running gpio test on nxp-ls1028 platform with below command
> > gpiomon --num-events=3 --rising-edge gpiochip1 25
> > There will be a warning trace as below:
> > Call trace:
> > free_irq+0x204/0x360
> > lineevent_free+0x64/0x70
> > gpio_ioctl+0x598/0x6a0
> > __arm64_sys_ioctl+0xb4/0x100
> > invoke_syscall+0x5c/0x130
> > ......
> > el0t_64_sync+0x1a0/0x1a4
> > The reason of this issue is that calling request_threaded_irq()
> > function failed, and then lineevent_free() is invoked to release
> > the resource. Since the lineevent_state::irq was already set, so
> > the subsequent invocation of free_irq() would trigger the above
> > warning call trace. To fix this issue, set the lineevent_state::irq
> > after the IRQ register successfully.
> >
> > Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free")
> > Cc: [email protected]
> > Signed-off-by: Meng Li <[email protected]>
>
> Good pick up - the IRQ shouldn't be freed if it hasn't been successfully requested.
>
> Signed-off-by: Kent Gibson <[email protected]>
>
Oops, that should be
Reviewed-by: Kent Gibson <[email protected]>
On Wed, Sep 21, 2022 at 5:23 AM Meng Li <[email protected]> wrote:
>
> When running gpio test on nxp-ls1028 platform with below command
> gpiomon --num-events=3 --rising-edge gpiochip1 25
> There will be a warning trace as below:
> Call trace:
> free_irq+0x204/0x360
> lineevent_free+0x64/0x70
> gpio_ioctl+0x598/0x6a0
> __arm64_sys_ioctl+0xb4/0x100
> invoke_syscall+0x5c/0x130
> ......
> el0t_64_sync+0x1a0/0x1a4
> The reason of this issue is that calling request_threaded_irq()
> function failed, and then lineevent_free() is invoked to release
> the resource. Since the lineevent_state::irq was already set, so
> the subsequent invocation of free_irq() would trigger the above
> warning call trace. To fix this issue, set the lineevent_state::irq
> after the IRQ register successfully.
>
> Fixes: 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into lineevent_free")
> Cc: [email protected]
> Signed-off-by: Meng Li <[email protected]>
> ---
> drivers/gpio/gpiolib-cdev.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index ffa0256cad5a..937e7a8dd8a9 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -1784,7 +1784,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> ret = -ENODEV;
> goto out_free_le;
> }
> - le->irq = irq;
>
> if (eflags & GPIOEVENT_REQUEST_RISING_EDGE)
> irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ?
> @@ -1798,7 +1797,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> init_waitqueue_head(&le->wait);
>
> /* Request a thread to read the events */
> - ret = request_threaded_irq(le->irq,
> + ret = request_threaded_irq(irq,
> lineevent_irq_handler,
> lineevent_irq_thread,
> irqflags,
> @@ -1807,6 +1806,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> if (ret)
> goto out_free_le;
>
> + le->irq = irq;
> +
> fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
> if (fd < 0) {
> ret = fd;
> --
> 2.36.1
>
Applied, thanks!
Bart