Patch "gpiolib: remove the GPIO device from the list when it's unregistered" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 20 Jan 2024 20:07:10 -0500

This is a note to let you know that I've just added the patch titled

    gpiolib: remove the GPIO device from the list when it's unregistered

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     gpiolib-remove-the-gpio-device-from-the-list-when-it.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 50b3f1e0bb835b98de62f79e2463147dd6683e60
Author: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
Date:   Tue Jan 2 16:59:47 2024 +0100

    gpiolib: remove the GPIO device from the list when it's unregistered
    
    [ Upstream commit 48e1b4d369cfe2729138a128afa6b8a55d093eaf ]
    
    If we wait until the GPIO device's .release() callback gets invoked
    before we remove it from the global device list, then we risk that
    someone will look it up using gpio_device_find() between where we
    dropped the last reference and before .release() is done taking a
    reference again to an object that's being released.
    
    The device must be removed when it's being unregistered - just like how
    we remove it from the GPIO bus.
    
    Fixes: ff2b13592299 ("gpio: make the gpiochip a real device")
    Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
    Reviewed-by: Linus Walleij <linus.walleij@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 1a53e1e5379b..0bb28867cb32 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -572,9 +572,6 @@ static void gpiodev_release(struct device *dev)
 {
 	struct gpio_device *gdev = to_gpio_device(dev);
 
-	scoped_guard(mutex, &gpio_devices_lock)
-		list_del(&gdev->list);
-
 	ida_free(&gpio_ida, gdev->id);
 	kfree_const(gdev->label);
 	kfree(gdev->descs);
@@ -989,6 +986,9 @@ void gpiochip_remove(struct gpio_chip *gc)
 		dev_crit(&gdev->dev,
 			 "REMOVING GPIOCHIP WITH GPIOS STILL REQUESTED\n");
 
+	scoped_guard(mutex, &gpio_devices_lock)
+		list_del(&gdev->list);
+
 	/*
 	 * The gpiochip side puts its use of the device to rest here:
 	 * if there are no userspace clients, the chardev and device will







