Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1257364ybv; Sun, 23 Feb 2020 02:43:21 -0800 (PST) X-Google-Smtp-Source: APXvYqxQafIXbdwFkdwqHo4lgSrYT+3kgBHIzNA+Z5HDzGdHOsXF+0Q/2iyMo9+AN9xqLfMNyjw6 X-Received: by 2002:aca:b187:: with SMTP id a129mr9037231oif.175.1582454601309; Sun, 23 Feb 2020 02:43:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582454601; cv=none; d=google.com; s=arc-20160816; b=g4m1EG2V2vDpFJDY/ic37xY2hd5XugcowdQV57JOEjXBkpAPzrw5cCbc0ptcj6y6aA tMU12kJNb1Q8ywLMDX+8btXfYqSnojcAfin5Jf0kRt9XzMlHqZmmh8w+aYzqIr8CCVVj rDvcH18gZLGBwuzQLgg7dH2qYU2wzcp8rRBbdD8HCp2elCcRkUavGFmpbAZUZ8j5B7kD oGjhShnUMGEcahY1NjVzhXnbqyODIpJChqpXQW4mD7tMbZgmDOgl5aQn+pPSkiNdb2pd 2WIOBfConx3Oqo+H4iq9IIvIDyGTtZ61Fz4kztNnYe2KoC8a0BE7jHtkzfcyhRV1PpGG AnJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=O9KKH8BVJKy30YOcWcNWIYu/8qOG+segn1nJZL8WEeI=; b=mnY9IMuiWbVwBt0ofbeC6Om/qiykmDT671j7ZdK+gtu0Y1VNK6Rhwhe3RqYauK54IO 6hXdzDrq8E6vANGdoAxjy7R6xZl5CtZj9YZKuWXU+ZQpthrJ5lJlWiui7Nn4X9u7Z7s3 xOzvjGHNuI666KcGTp1Nf71rTZRdaFTgjn1A8zMYVy+9YXMgG2kA6snQDt60gabZYMw0 zFjeyzStOb853ZM3Fw2UAn0z1rAnhi04OUiKJFmm9lnk75/x6rsxgL0uFLMVmat6R1I9 2UfnvHQDCKLhnwldfBv1xTrwaKb7yMLixE92B1AEHDI2TtYgKPOgdpg/4FSgltfD7kfU 4OjA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m26si4591948otr.159.2020.02.23.02.43.08; Sun, 23 Feb 2020 02:43:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726806AbgBWKnC (ORCPT + 99 others); Sun, 23 Feb 2020 05:43:02 -0500 Received: from jabberwock.ucw.cz ([46.255.230.98]:59134 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725980AbgBWKnC (ORCPT ); Sun, 23 Feb 2020 05:43:02 -0500 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 57D831C036E; Sun, 23 Feb 2020 11:43:00 +0100 (CET) Date: Sun, 23 Feb 2020 11:42:59 +0100 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Jia-Ju Bai , Linus Walleij , Sasha Levin Subject: Re: [PATCH 4.19 023/191] gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() Message-ID: <20200223104259.GE14067@amd> References: <20200221072250.732482588@linuxfoundation.org> <20200221072253.959264040@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="so9zsI5B81VjUb/o" Content-Disposition: inline In-Reply-To: <20200221072253.959264040@linuxfoundation.org> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --so9zsI5B81VjUb/o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > From: Jia-Ju Bai >=20 > [ Upstream commit e36eaf94be8f7bc4e686246eed3cf92d845e2ef8 ] >=20 > The driver may sleep while holding a spinlock. True. But you can't fix the bug by simply removing the locking, as now nothing prevents grgpio_irq_unmap() from running while grgpio_irq_map() is proceeding. grgpio_irq_map() lirq->irq =3D irq; (drops the lock) grgpio_irq_unmap() (gets the lock) if (lirq->irq =3D=3D irq) { ... (proceeds to work with half-initialized structure) Best regards, Pavel > index 60a1556c570a4..c1be299e5567b 100644 > --- a/drivers/gpio/gpio-grgpio.c > +++ b/drivers/gpio/gpio-grgpio.c > @@ -258,17 +258,16 @@ static int grgpio_irq_map(struct irq_domain *d, uns= igned int irq, > lirq->irq =3D irq; > uirq =3D &priv->uirqs[lirq->index]; > if (uirq->refcnt =3D=3D 0) { > + spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); > ret =3D request_irq(uirq->uirq, grgpio_irq_handler, 0, > dev_name(priv->dev), priv); > if (ret) { > dev_err(priv->dev, > "Could not request underlying irq %d\n", > uirq->uirq); > - > - spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); > - > return ret; > } > + spin_lock_irqsave(&priv->gc.bgpio_lock, flags); > } > uirq->refcnt++; > =20 > @@ -314,8 +313,11 @@ static void grgpio_irq_unmap(struct irq_domain *d, u= nsigned int irq) > if (index >=3D 0) { > uirq =3D &priv->uirqs[lirq->index]; > uirq->refcnt--; > - if (uirq->refcnt =3D=3D 0) > + if (uirq->refcnt =3D=3D 0) { > + spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); > free_irq(uirq->uirq, priv); > + return; > + } > } > =20 > spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --so9zsI5B81VjUb/o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl5SVzMACgkQMOfwapXb+vL+JwCdEwe6zEdEsetf589qzMa8M06F Z70AoKi1JX4soqRIs0+AhB6rVkdNjadx =xN3n -----END PGP SIGNATURE----- --so9zsI5B81VjUb/o--