Re: [PATCH v2] gpio: pca953x: Fix dereference of irq data in shutdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



czw., 28 lut 2019 o 15:27 Mark Walton <mark.walton@xxxxxxxxxxxxx> napisał(a):
>
> If a PCA953x gpio was used as an interrupt and then released,
> the shutdown function was trying to extract the pca953x_chip
> pointer directly from the irq_data, but in reality was getting
> the gpio_chip structure.
>
> The net effect was that the subsequent writes to the data
> structure corrupted data in the gpio_chip structure, which wasn't
> immediately obvious until attempting to use the GPIO again in the
> future, at which point the kernel panics.
>
> This fix correctly extracts the pca953x_chip structure via the
> gpio_chip structure, as is correctly done in the other irq
> functions.
>
> Fixes: 0a70fe00efea ("gpio: pca953x: Clear irq trigger type on irq shutdown")
> Signed-off-by: Mark Walton <mark.walton@xxxxxxxxxxxxx>
> ---
>  drivers/gpio/gpio-pca953x.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
> index caf7dd1..6bd55a4 100644
> --- a/drivers/gpio/gpio-pca953x.c
> +++ b/drivers/gpio/gpio-pca953x.c
> @@ -659,7 +659,8 @@ static int pca953x_irq_set_type(struct irq_data *d, unsigned int type)
>
>  static void pca953x_irq_shutdown(struct irq_data *d)
>  {
> -       struct pca953x_chip *chip = irq_data_get_irq_chip_data(d);
> +       struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
> +       struct pca953x_chip *chip = gpiochip_get_data(gc);
>         u8 mask = 1 << (d->hwirq % BANK_SZ);
>
>         chip->irq_trig_raise[d->hwirq / BANK_SZ] &= ~mask;
> --
> 2.7.4
>

Reviewed-by: Bartosz Golaszewski <bgolaszewski@xxxxxxxxxxxx>




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux