Re: [PATCH v3] gpio: Restrict usage of GPIO chip irq members before initialization

[Linus Walleij <linus.walleij@xxxxxxxxxx>]

On Mon, Mar 21, 2022 at 2:33 PM Shreeya Patel
<shreeya.patel@xxxxxxxxxxxxx> wrote:

> GPIO chip irq members are exposed before they could be completely
> initialized and this leads to race conditions.
>
> One such issue was observed for the gc->irq.domain variable which
> was accessed through the I2C interface in gpiochip_to_irq() before
> it could be initialized by gpiochip_add_irqchip(). This resulted in
> Kernel NULL pointer dereference.
>
> Following are the logs for reference :-
>
> kernel: Call Trace:
> kernel:  gpiod_to_irq+0x53/0x70
> kernel:  acpi_dev_gpio_irq_get_by+0x113/0x1f0
> kernel:  i2c_acpi_get_irq+0xc0/0xd0
> kernel:  i2c_device_probe+0x28a/0x2a0
> kernel:  really_probe+0xf2/0x460
> kernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0
>
> To avoid such scenarios, restrict usage of GPIO chip irq members before
> they are completely initialized.
>
> Signed-off-by: Shreeya Patel <shreeya.patel@xxxxxxxxxxxxx>

Reviewed-by: Linus Walleij <linus.walleij@xxxxxxxxxx>

Yours,
Linus Walleij