Skip to content

Commit

Permalink
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpi…
Browse files Browse the repository at this point in the history 
…o_remove()

drivers/gpio/gpiolib-sysfs.c, 796:
	mutex_lock in gpiochip_sysfs_unregister
drivers/gpio/gpiolib.c, 1455:
	gpiochip_sysfs_unregister in gpiochip_remove
drivers/gpio/gpio-grgpio.c, 460:
	gpiochip_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
	_raw_spin_lock_irqsave in grgpio_remove

kernel/irq/irqdomain.c, 243:
	mutex_lock in irq_domain_remove
drivers/gpio/gpio-grgpio.c, 463:
	irq_domain_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
	_raw_spin_lock_irqsave in grgpio_remove

mutex_lock() can sleep at runtime.

To fix these bugs, the lock is dropped in grgpio_remove(), because there
is no need for locking in remove() callbacks.

These bugs are found by a static analysis tool STCheck written by
myself.

Signed-off-by: Jia-Ju Bai <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Linus Walleij <[email protected]>
  • Loading branch information
@XidianGeneral @linusw
XidianGeneral authored and linusw committed Jan 7, 2020
1 parent 048ae7e commit 25d071b
Showing 1 changed file with 0 additions and 4 deletions.
4 changes: 0 additions & 4 deletions drivers/gpio/gpio-grgpio.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,8 +437,6 @@ static int grgpio_remove(struct platform_device *ofdev)
int i;
int ret = 0;

spin_lock_irqsave(&priv->gc.bgpio_lock, flags);

if (priv->domain) {
for (i = 0; i < GRGPIO_MAX_NGPIO; i++) {
if (priv->uirqs[i].refcnt != 0) {
Expand All @@ -454,8 +452,6 @@ static int grgpio_remove(struct platform_device *ofdev)
irq_domain_remove(priv->domain);

out:
spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags);

return ret;
}

Expand Down

0 comments on commit 25d071b

Please sign in to comment.