The gpiod_direction_input_nonotify() function is supposed to return zero
if the direction for the pin is input. But instead it accidentally
returns GPIO_LINE_DIRECTION_IN (1) which will be cast into an ERR_PTR()
in gpiochip_request_own_desc(). The callers dereference it and it leads
to a crash.
I changed gpiod_direction_output_raw_commit() just for consistency but
returning GPIO_LINE_DIRECTION_OUT (0) is fine.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 9d846b1aebbe ("gpiolib: check the return value of gpio_chip::get_direction()")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
drivers/gpio/gpiolib.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index e8678a6c82ea..d41812468e1c 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -2804,11 +2804,13 @@ int gpiod_direction_input_nonotify(struct gpio_desc *desc)
ret = gpiochip_direction_input(guard.gc,
gpio_chip_hwgpio(desc));
} else if (guard.gc->get_direction) {
- ret = gpiochip_get_direction(guard.gc, gpio_chip_hwgpio(desc));
- if (ret < 0)
- return ret;
+ int dir;
+
+ dir = gpiochip_get_direction(guard.gc, gpio_chip_hwgpio(desc));
+ if (dir < 0)
+ return dir;
- if (ret != GPIO_LINE_DIRECTION_IN) {
+ if (dir != GPIO_LINE_DIRECTION_IN) {
gpiod_warn(desc,
"%s: missing direction_input() operation and line is output\n",
__func__);
@@ -2851,12 +2853,14 @@ static int gpiod_direction_output_raw_commit(struct gpio_desc *desc, int value)
} else {
/* Check that we are in output mode if we can */
if (guard.gc->get_direction) {
- ret = gpiochip_get_direction(guard.gc,
+ int dir;
+
+ dir = gpiochip_get_direction(guard.gc,
gpio_chip_hwgpio(desc));
- if (ret < 0)
- return ret;
+ if (dir < 0)
+ return dir;
- if (ret != GPIO_LINE_DIRECTION_OUT) {
+ if (dir != GPIO_LINE_DIRECTION_OUT) {
gpiod_warn(desc,
"%s: missing direction_output() operation\n",
__func__);
--
2.47.2
[PATCH] [PATCH] gpiolib: Fix Oops in gpiod_direction_input_nonotify()
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [PATCH] [PATCH] gpiolib: Fix Oops in gpiod_direction_input_nonotify()
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- Date: Thu, 27 Feb 2025 11:17:19 +0300
- Prev by Date: Re: Regression on linux-next (next-20250225)
- Next by Date: Re: [PATCH] gpio: Document the 'valid_mask' being internal
- Previous by thread: Regression on linux-next (next-20250225)
- Next by thread: [PATCH 1/2] gpiolib: deprecate gpio_chip::set and gpio_chip::set_multiple
- Index(es):
 |