This is a note to let you know that I've just added the patch titled
leds: trigger: Call synchronize_rcu() before calling trig->activate()
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
leds-trigger-call-synchronize_rcu-before-calling-tri.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit b7491e79898964a7dd2fce93defd35f1c950fa10
Author: Hans de Goede <hdegoede@xxxxxxxxxx>
Date: Fri May 31 14:01:24 2024 +0200
leds: trigger: Call synchronize_rcu() before calling trig->activate()
[ Upstream commit b1bbd20f35e19774ea01989320495e09ac44fba3 ]
Some triggers call led_trigger_event() from their activate() callback
to initialize the brightness of the LED for which the trigger is being
activated.
In order for the LED's initial state to be set correctly this requires that
the led_trigger_event() call uses the new version of trigger->led_cdevs,
which has the new LED.
AFAICT led_trigger_event() will always use the new version when it is
running on the same CPU as where the list_add_tail_rcu() call was made,
which is why the missing synchronize_rcu() has not lead to bug reports.
But if activate() is pre-empted, sleeps or uses a worker then
the led_trigger_event() call may run on another CPU which may still use
the old trigger->led_cdevs list.
Add a synchronize_rcu() call to ensure that any led_trigger_event() calls
done from activate() always use the new list.
Triggers using led_trigger_event() from their activate() callback are:
net/bluetooth/leds.c, net/rfkill/core.c and drivers/tty/vt/keyboard.c.
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20240531120124.75662-1-hdegoede@xxxxxxxxxx
Signed-off-by: Lee Jones <lee@xxxxxxxxxx>
Stable-dep-of: ab477b766edd ("leds: triggers: Flush pending brightness before activating trigger")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c
index cdb446cb84af2..fe7fb2e7149c5 100644
--- a/drivers/leds/led-triggers.c
+++ b/drivers/leds/led-triggers.c
@@ -193,6 +193,13 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig)
spin_unlock(&trig->leddev_list_lock);
led_cdev->trigger = trig;
+ /*
+ * Some activate() calls use led_trigger_event() to initialize
+ * the brightness of the LED for which the trigger is being set.
+ * Ensure the led_cdev is visible on trig->led_cdevs for this.
+ */
+ synchronize_rcu();
+
ret = 0;
if (trig->activate)
ret = trig->activate(led_cdev);
