On Fri, Feb 17, 2023 at 09:07:43AM -0500, Asmaa Mnebhi wrote: > BugLink: https://bugs.launchpad.net/bugs/2007581 > > GPIO chip irq members are exposed before they could be completely > initialized and this leads to race conditions. > > One such issue was observed for the gc->irq.domain variable which > was accessed through the I2C interface in gpiochip_to_irq() before > it could be initialized by gpiochip_add_irqchip(). This resulted in > Kernel NULL pointer dereference. > > Following are the logs for reference :- > > kernel: Call Trace: > kernel: gpiod_to_irq+0x53/0x70 > kernel: acpi_dev_gpio_irq_get_by+0x113/0x1f0 > kernel: i2c_acpi_get_irq+0xc0/0xd0 > kernel: i2c_device_probe+0x28a/0x2a0 > kernel: really_probe+0xf2/0x460 > kernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0 > > To avoid such scenarios, restrict usage of GPIO chip irq members before > they are completely initialized. > > Signed-off-by: Shreeya Patel <shreeya.patel@xxxxxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Reviewed-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx> > Reviewed-by: Linus Walleij <linus.walleij@xxxxxxxxxx> > Signed-off-by: Bartosz Golaszewski <brgl@xxxxxxxx> > (backported from commit 5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320) > Signed-off-by: Asmaa Mnebhi <asmaa@xxxxxxxxxx> <formletter> This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly. </formletter>
