Patch "gpiolib: cdev: fix uninitialised kfifo" has been added to the 6.8-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 11 May 2024 09:03:23 -0400

This is a note to let you know that I've just added the patch titled

    gpiolib: cdev: fix uninitialised kfifo

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     gpiolib-cdev-fix-uninitialised-kfifo.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 8040c53a25d56ad46b01be1885010ec7d9c85134
Author: Kent Gibson <warthog618@xxxxxxxxx>
Date:   Fri May 10 14:53:42 2024 +0800

    gpiolib: cdev: fix uninitialised kfifo
    
    [ Upstream commit ee0166b637a5e376118e9659e5b4148080f1d27e ]
    
    If a line is requested with debounce, and that results in debouncing
    in software, and the line is subsequently reconfigured to enable edge
    detection then the allocation of the kfifo to contain edge events is
    overlooked.  This results in events being written to and read from an
    uninitialised kfifo.  Read events are returned to userspace.
    
    Initialise the kfifo in the case where the software debounce is
    already active.
    
    Fixes: 65cff7046406 ("gpiolib: cdev: support setting debounce")
    Signed-off-by: Kent Gibson <warthog618@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20240510065342.36191-1-warthog618@xxxxxxxxx
    Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index 0b94c398c0649..5cca9e8803495 100644
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -1199,6 +1199,8 @@ static int edge_detector_update(struct line *line,
 				struct gpio_v2_line_config *lc,
 				unsigned int line_idx, u64 edflags)
 {
+	u64 eflags;
+	int ret;
 	u64 active_edflags = READ_ONCE(line->edflags);
 	unsigned int debounce_period_us =
 			gpio_v2_line_config_debounce_period(lc, line_idx);
@@ -1210,6 +1212,18 @@ static int edge_detector_update(struct line *line,
 	/* sw debounced and still will be...*/
 	if (debounce_period_us && READ_ONCE(line->sw_debounced)) {
 		line_set_debounce_period(line, debounce_period_us);
+		/*
+		 * ensure event fifo is initialised if edge detection
+		 * is now enabled.
+		 */
+		eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS;
+		if (eflags && !kfifo_initialized(&line->req->events)) {
+			ret = kfifo_alloc(&line->req->events,
+					  line->req->event_buffer_size,
+					  GFP_KERNEL);
+			if (ret)
+				return ret;
+		}
 		return 0;
 	}
 







