Skip to content

L
linux
Commit 25d071b3 authored by Jia-Ju Bai's avatar Jia-Ju Bai Committed by Linus Walleij
Browse files
Options

gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_remove() 

drivers/gpio/gpiolib-sysfs.c, 796:
	mutex_lock in gpiochip_sysfs_unregister
drivers/gpio/gpiolib.c, 1455:
	gpiochip_sysfs_unregister in gpiochip_remove
drivers/gpio/gpio-grgpio.c, 460:
	gpiochip_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
	_raw_spin_lock_irqsave in grgpio_remove

kernel/irq/irqdomain.c, 243:
	mutex_lock in irq_domain_remove
drivers/gpio/gpio-grgpio.c, 463:
	irq_domain_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
	_raw_spin_lock_irqsave in grgpio_remove

mutex_lock() can sleep at runtime.

To fix these bugs, the lock is dropped in grgpio_remove(), because there
is no need for locking in remove() callbacks.

These bugs are found by a static analysis tool STCheck written by
myself.
Signed-off-by: default avatarJia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20191219131459.18640-1-baijiaju1990@gmail.comSigned-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
parent 048ae7e8
Hide whitespace changes
Inline Side-by-side
Showing with 0 additions and 4 deletions
drivers/gpio/gpio-grgpio.c
View file @ 25d071b3
......@@ -437,8 +437,6 @@ static int grgpio_remove(struct platform_device *ofdev)
int i;
int ret = 0;
spin_lock_irqsave(&priv->gc.bgpio_lock, flags);
if (priv->domain) {
for (i = 0; i < GRGPIO_MAX_NGPIO; i++) {
if (priv->uirqs[i].refcnt != 0) {
......@@ -454,8 +452,6 @@ static int grgpio_remove(struct platform_device *ofdev)
irq_domain_remove(priv->domain);
out:
spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags);
return ret;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7