Re: [PATCH 1/3] gpioib: do not free unrequested descriptors

Bjorn Andersson <bjorn.andersson@xxxxxxxxxx> · Wed, 25 Apr 2018 15:58:38 -0700

On Wed 25 Apr 15:43 PDT 2018, Timur Tabi wrote:

> If the main loop in linehandle_create() encounters an error, it
> unwinds completely by freeing all previously requested GPIO
> descriptors.  However, if the error occurs in the beginning of
> the loop before that GPIO is requested, then the exit code
> attempts to free a null descriptor.  If extrachecks is enabled,
> gpiod_free() triggers a WARN_ON.
> 
> Instead, keep a separate count of legitimate GPIOs so that only
> those are freed.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
> Signed-off-by: Timur Tabi <timur@xxxxxxxxxxxxxx>

Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>

Regards,
Bjorn

> ---
>  drivers/gpio/gpiolib.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
> index 43aeb07343ec..d07771797707 100644
> --- a/drivers/gpio/gpiolib.c
> +++ b/drivers/gpio/gpiolib.c
> @@ -497,7 +497,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip)
>  	struct gpiohandle_request handlereq;
>  	struct linehandle_state *lh;
>  	struct file *file;
> -	int fd, i, ret;
> +	int fd, i, count = 0, ret;
>  	u32 lflags;
>  
>  	if (copy_from_user(&handlereq, ip, sizeof(handlereq)))
> @@ -558,6 +558,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip)
>  		if (ret)
>  			goto out_free_descs;
>  		lh->descs[i] = desc;
> +		count = i;
>  
>  		if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW)
>  			set_bit(FLAG_ACTIVE_LOW, &desc->flags);
> @@ -628,7 +629,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip)
>  out_put_unused_fd:
>  	put_unused_fd(fd);
>  out_free_descs:
> -	for (; i >= 0; i--)
> +	for (i = 0; i < count; i++)
>  		gpiod_free(lh->descs[i]);
>  	kfree(lh->label);
>  out_free_lh:
> -- 
> Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
> Technologies, Inc.  Qualcomm Technologies, Inc. is a member of the
> Code Aurora Forum, a Linux Foundation Collaborative Project.
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html