Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp28409rdb;
        Thu, 21 Dec 2023 01:37:48 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEOrmycDyRUa9qZSxAkTnrNAv2CsEqcMBehLpg4oyAzjMYUiiKjv+mvUDa5/taOK8HzSf0k
X-Received: by 2002:a05:620a:31a2:b0:77d:992f:857e with SMTP id bi34-20020a05620a31a200b0077d992f857emr20068913qkb.61.1703151467776;
        Thu, 21 Dec 2023 01:37:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1703151467; cv=none;
        d=google.com; s=arc-20160816;
        b=txeDN686EJiMsJU/txvhumYPkGMrZlQ9oRktHzPOjW1rrxBAcgkjTCxy2fCMy49dO+
         sOoZxtxlsbOBqXl9R0klLQ7E2/m70GFNqhKDaRKfzdTgEpokd8CeDYBlARtFI40x+LmD
         JiTylwrvMOY295Vyqpb2p9IkXW4K43Fdme1Ff9TXQjrQcPjj/+gxMxkgQMMKiF2rusUb
         SzzEyeBIWZc8BXOCqrXtYPe1nCwIH+hMPPjUiCN097zIFnzbmYM0F81xLyPQvoB07EK0
         jq3kw8UFLVzzN8otUvmnyOVLVNr0CEWNQeQvXMHZ9zscro6QjjD7t9XSDhVjjhISbcVk
         OX8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=OyY4mdyAupWFIlLPs9X7YkxcEJUGvfcgSLNoWs9Uhs4=;
        fh=erCAZt8TqRv2/z+YQ9HTYE4a5f7Y9g1zasafOXpHI3M=;
        b=R78Rb7IOeubpV3apqzvmj8QQ4/9XxVg2+xWIbxpn784Q1IuWIUPsYGyupUSYQQxBht
         bPGrD+5OfXACc6IL6BUADjT6ntms/BQadj5HDD/Eezt3mJN0mO06Jwd3P2j6rDeSanGn
         xLM5vLhx5wxctpGymqInOZHd5fDlnHWH2hz1jXRLYSAuoEmyR0ELSr2RSrT3zCm8g1Ts
         hbfgAWieAvBMnEFhNKJo7aR8kKzHqUtH0dusRy/SHII9Tia04wu98D8vCQHqzmEZZ6uk
         5Sg2sZlQOnNIEyJRhZwjdBXmlpBRElCuiGTeuSQ0+raQphu8ZoRn4bNdCpYfz83GXoCP
         bMxA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@bgdev-pl.20230601.gappssmtp.com header.s=20230601 header.b=wPttn67a;
       spf=pass (google.com: domain of linux-kernel+bounces-8140-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8140-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-8140-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id x5-20020a05620a448500b0078110b0a184si1845815qkp.526.2023.12.21.01.37.47
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 Dec 2023 01:37:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-8140-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@bgdev-pl.20230601.gappssmtp.com header.s=20230601 header.b=wPttn67a;
       spf=pass (google.com: domain of linux-kernel+bounces-8140-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8140-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 842231C23829
	for <linux.lists.archive@gmail.com>; Thu, 21 Dec 2023 09:37:47 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id EC6BF4C624;
	Thu, 21 Dec 2023 09:32:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=bgdev-pl.20230601.gappssmtp.com header.i=@bgdev-pl.20230601.gappssmtp.com header.b="wPttn67a"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-vs1-f48.google.com (mail-vs1-f48.google.com [209.85.217.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E37B54C609
	for <linux-kernel@vger.kernel.org>; Thu, 21 Dec 2023 09:32:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=bgdev.pl
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=bgdev.pl
Received: by mail-vs1-f48.google.com with SMTP id ada2fe7eead31-4669c751e52so27358137.0
        for <linux-kernel@vger.kernel.org>; Thu, 21 Dec 2023 01:32:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bgdev-pl.20230601.gappssmtp.com; s=20230601; t=1703151147; x=1703755947; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=OyY4mdyAupWFIlLPs9X7YkxcEJUGvfcgSLNoWs9Uhs4=;
        b=wPttn67aQ4F6f373BIdfEdYCMa5QlhAaSxS+ymj7z0QVQVuzteToTcJz8gc+aZiPWn
         +9C3titwRmRKk+vocLX/4PKbyQlf6q/oz1D3Egrc6Bdzha5kJ/MIBW/a/CEze3PcY99+
         OSdH26W6HxoC7yEjh5esph7dYdR+mkEUQ7cifoWqmDrq/Ry6YcWBeMGHbTlY2sFmEZWq
         jXkfsgMlwDWbmUcrCWCvxdTZ/F13qdwBi9Lzc/dlzInrOznt7+dpGaVzMliPiOI/cjkh
         TH/ccxFjL7H7RpiSH9G+Lfl/UZPNhGoOAiEa7R7WJ1+k3gmepW0mP2tGOKhJvLR0Isx6
         MrnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703151147; x=1703755947;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OyY4mdyAupWFIlLPs9X7YkxcEJUGvfcgSLNoWs9Uhs4=;
        b=EgvAZLGFc6SO//tzpDyGt/mtl1bspoauAW4M3qMdCFu7Z4Ll14/BWQapBebFMQpCRQ
         PlMKtS0sgAfaIeUwf54sQ6QF7bwA4CbqYJtbZEF8nbSD2bhnMgJuBgmZVMeiFlRK74HH
         pwffXeiriyD4IAkuL1Yf71qE+Qizbq2U55Jm5pvMu5zbYZzKLbc3Wpo9XwN5JK74dPKr
         30JBdyEVNNGpgxZRKihaPDaBenYToKMl3d7qzDMCuYKYaB0H9eAT0QebkuVYtbN5XSWC
         1cxy19hffT/FbDKthqUKu/QLMoQ7OROJyvYlsrEtuZtxgppG4chUWIAueZvsLEX6kOye
         P1Tg==
X-Gm-Message-State: AOJu0YyO9nsAiiPQ8ZHz9Aa1+nAqZHYelWF+d1sKI8C8m0oEhU1qyeEF
	gl7MAl3N/gHbULY3wV1Dc+6cZhgd4VOvzw/uYtqxPA==
X-Received: by 2002:a05:6102:441d:b0:466:3496:b66f with SMTP id
 df29-20020a056102441d00b004663496b66fmr310132vsb.35.1703151146804; Thu, 21
 Dec 2023 01:32:26 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20231221012040.17763-1-warthog618@gmail.com> <20231221012040.17763-2-warthog618@gmail.com>
In-Reply-To: <20231221012040.17763-2-warthog618@gmail.com>
From: Bartosz Golaszewski <brgl@bgdev.pl>
Date: Thu, 21 Dec 2023 10:32:15 +0100
Message-ID: <CAMRc=McSOij2kChZh-zCLBP75cxmnnHSqKg2=uk9dEDJquKZhg@mail.gmail.com>
Subject: Re: [PATCH v2 1/5] gpiolib: cdev: add gpio_device locking wrapper
 around gpio_ioctl()
To: Kent Gibson <warthog618@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-gpio@vger.kernel.org, 
	linus.walleij@linaro.org, andy@kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 21, 2023 at 2:21=E2=80=AFAM Kent Gibson <warthog618@gmail.com> =
wrote:
>
> While the GPIO cdev gpio_ioctl() call is in progress, the kernel can
> call gpiochip_remove() which will set gdev->chip to NULL, after which
> any subsequent access will cause a crash.
>
> gpio_ioctl() was overlooked by the previous fix to protect syscalls
> (bdbbae241a04), so add protection for that.
>
> Fixes: bdbbae241a04 ("gpiolib: protect the GPIO device against being drop=
ped while in use by user-space")
> Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines"=
)
> Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and G=
PIO_V2_LINE_GET_VALUES_IOCTL")
> Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL a=
nd GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
> Signed-off-by: Kent Gibson <warthog618@gmail.com>
> ---
>  drivers/gpio/gpiolib-cdev.c | 16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index 744734405912..9155c54acc1e 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -2598,10 +2598,7 @@ static int lineinfo_unwatch(struct gpio_chardev_da=
ta *cdev, void __user *ip)
>         return 0;
>  }
>
> -/*
> - * gpio_ioctl() - ioctl handler for the GPIO chardev
> - */
> -static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned lon=
g arg)
> +static long gpio_ioctl_unlocked(struct file *file, unsigned int cmd, uns=
igned long arg)
>  {
>         struct gpio_chardev_data *cdev =3D file->private_data;
>         struct gpio_device *gdev =3D cdev->gdev;
> @@ -2638,6 +2635,17 @@ static long gpio_ioctl(struct file *file, unsigned=
 int cmd, unsigned long arg)
>         }
>  }
>
> +/*
> + * gpio_ioctl() - ioctl handler for the GPIO chardev
> + */
> +static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned lon=
g arg)
> +{
> +       struct gpio_chardev_data *cdev =3D file->private_data;
> +
> +       return call_ioctl_locked(file, cmd, arg, cdev->gdev,
> +                                gpio_ioctl_unlocked);
> +}
> +
>  #ifdef CONFIG_COMPAT
>  static long gpio_ioctl_compat(struct file *file, unsigned int cmd,
>                               unsigned long arg)
> --
> 2.39.2
>

I applied this. I'll send it upstream tomorrow and once it's in
master, I'll pick up the rest on Monday.

Bart