Message ID | 20231221012040.17763-2-warthog618@gmail.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-7719-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp120072dyi; Wed, 20 Dec 2023 17:21:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IEgMKsVv6pz/KoCa/3N6+4DzdGdt88Xxz1Hm17R9Mr+c0ZJliIFuMwnnFZHSPMdnfcSNMf7 X-Received: by 2002:a05:6a20:e120:b0:194:fd7d:ebcc with SMTP id kr32-20020a056a20e12000b00194fd7debccmr518712pzb.91.1703121690891; Wed, 20 Dec 2023 17:21:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703121690; cv=none; d=google.com; s=arc-20160816; b=L1ft6Izz/CqTWk7rNFZj0yZ5+OPbFA1m2yCU2VXPfUnE17TLS8rN/KXQdTL3JRjQCQ SEihEdF/ZqgZbU12eFp3kZHGXz+3WRjb6a+Zq7EuJnlmR1PcoatQrWOd7fNkHu557Krf bVDjQsm/MtX3qz2BxnTuMt1fDdNs/klM8DEDVZ59xX5Dx9vfT+lZ2FfXLmF476dF910Z cGwvurBaGDTXYVS8QYvtxX3XYaPYks6R5ob4ry2AlzlxgYUuJ7tWqrvkKbJetCPUAl1k 4fX6IXBU65HVjMn/SPz4szRLHDZfpNe7orWUohUSVBCn6CJN6JXlutZ7r6BEVBytKhet EnJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=dLcenJ/GoxU7aCIQv2oBr9pxlEYNKaNvVPdm4SRt55Y=; fh=GNOA1jdeAuH+tfAEzFx15vIukVGFZnqrW9xHApUHjl0=; b=gbVfbSxnkeObsPqQ0nrldyqBwmLWdY8vkh5T1xIoIcPu7bV55NtICEmdtyddqbkBo1 sS4VIF/2m8CG/4xmlCx0ZeV8rlh3dX3m0Q/BJX3G40yMOSwLTgYyt7cQzAg+hbtAawYZ JblL5r8vuUGphitP8R14pZK26tXrPuEVAbPLX24XuB+2W/35M6qNobYu2ZbkDlr2kZBC Lnt5+avmB8W0KslBg2hRl7DJBY9UNvpKbJU6WmTK2mlRoFEHrJUUYy84l6XwzBKyeOXp 00H6Yft9kX0J27zRJn2kB13uIditCqeFIukUNNDlH5cWDKWgsOvGgrQ0RczZwR+RtO07 3W8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GsAZ+dax; spf=pass (google.com: domain of linux-kernel+bounces-7719-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-7719-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id q18-20020a656852000000b0057942bfab4dsi645685pgt.395.2023.12.20.17.21.30 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 17:21:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-7719-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GsAZ+dax; spf=pass (google.com: domain of linux-kernel+bounces-7719-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-7719-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id EB136B23AA1 for <ouuuleilei@gmail.com>; Thu, 21 Dec 2023 01:21:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0AB09291F; Thu, 21 Dec 2023 01:21:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GsAZ+dax" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 142A63C1E; Thu, 21 Dec 2023 01:21:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6d741fb7c8eso295543b3a.2; Wed, 20 Dec 2023 17:21:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703121673; x=1703726473; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dLcenJ/GoxU7aCIQv2oBr9pxlEYNKaNvVPdm4SRt55Y=; b=GsAZ+daxbBZTZMEMcH66YqMkzeelDrlYtZ0dd0+jcDh+X5cuXMzvb8oypy7IyBzrG5 MJV0O1tML/Snl8EytCfYb2NnyWZI2SWEXjGKhzxGCDIpC78kmuZkZJZ7pebFPx3BzR7N EPSzSET7cYNTN5nMDYkChZWyaBWt9ukIosCSTPktXqsEqXgv+Cckizjl34z5KkLYA1ka WOrzVaXZwTYZg+bdlSXN8e/vEzwjn2iDe7YsB8ZemWlbOHDrgJafAalkJfBCSq4ChdLd H//GKNFRaDMm432hUkzPYSo7EeTyvoJAurOQA9WsdHSOu9POKBANwpK+qKCvQcSIInZE QvIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703121673; x=1703726473; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dLcenJ/GoxU7aCIQv2oBr9pxlEYNKaNvVPdm4SRt55Y=; b=cl4C2nZA90GuF3ALYlN9ZFPiKUTzw6Yp5dztFp4oQ/iiD0f5G7Bv4GqVlotcFoFlRi tYNYbPpUD/UxG4wVH9mVYswg2z3Wd48GYXlC9j28yZ93lFCG2e3cUDF7DNy0Ya6HoFCt VyCH83znfbc/3sL5DuEryM1W5IS5Mi4nynopvGraT7GJo/fnVfBtJ8MGeC2kBI0Fai0L hMnJ34aPFA3EVNTraDPmj/xagFcWNDGMOP5OPPiOiZWv6nVhXL8uiXiAfticA4qzX3c+ sccFXz43c6uyPP8l0d3uFV+c9courSO+MFeZU4V30zNPrULBo2gxPVxxGn/oSaoEzgDQ TzvQ== X-Gm-Message-State: AOJu0Yw6n6jdSduVPg/NPr7zu0F2u/+1J5/OBHfjwdntX4LS5sotL5Ed Jp6LN7s72CpyujUEhuag672SP+D53kQ= X-Received: by 2002:a05:6a00:f8e:b0:6d8:cf8e:e627 with SMTP id ct14-20020a056a000f8e00b006d8cf8ee627mr5338333pfb.37.1703121673191; Wed, 20 Dec 2023 17:21:13 -0800 (PST) Received: from rigel.home.arpa (60-241-235-125.tpgi.com.au. [60.241.235.125]) by smtp.gmail.com with ESMTPSA id x1-20020a056a00270100b006d088356541sm375959pfv.104.2023.12.20.17.21.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 17:21:12 -0800 (PST) From: Kent Gibson <warthog618@gmail.com> To: linux-kernel@vger.kernel.org, linux-gpio@vger.kernel.org, brgl@bgdev.pl, linus.walleij@linaro.org, andy@kernel.org Cc: Kent Gibson <warthog618@gmail.com> Subject: [PATCH v2 1/5] gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() Date: Thu, 21 Dec 2023 09:20:36 +0800 Message-Id: <20231221012040.17763-2-warthog618@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231221012040.17763-1-warthog618@gmail.com> References: <20231221012040.17763-1-warthog618@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785852529905532814 X-GMAIL-MSGID: 1785852529905532814 |
Series |
gpiolib: cdev: guard tidying
|
|
Commit Message
Kent Gibson
Dec. 21, 2023, 1:20 a.m. UTC
While the GPIO cdev gpio_ioctl() call is in progress, the kernel can
call gpiochip_remove() which will set gdev->chip to NULL, after which
any subsequent access will cause a crash.
gpio_ioctl() was overlooked by the previous fix to protect syscalls
(bdbbae241a04), so add protection for that.
Fixes: bdbbae241a04 ("gpiolib: protect the GPIO device against being dropped while in use by user-space")
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and GPIO_V2_LINE_GET_VALUES_IOCTL")
Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
Signed-off-by: Kent Gibson <warthog618@gmail.com>
---
drivers/gpio/gpiolib-cdev.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
Comments
On Thu, Dec 21, 2023 at 2:21 AM Kent Gibson <warthog618@gmail.com> wrote: > > While the GPIO cdev gpio_ioctl() call is in progress, the kernel can > call gpiochip_remove() which will set gdev->chip to NULL, after which > any subsequent access will cause a crash. > > gpio_ioctl() was overlooked by the previous fix to protect syscalls > (bdbbae241a04), so add protection for that. > > Fixes: bdbbae241a04 ("gpiolib: protect the GPIO device against being dropped while in use by user-space") > Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines") > Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and GPIO_V2_LINE_GET_VALUES_IOCTL") > Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL") > Signed-off-by: Kent Gibson <warthog618@gmail.com> > --- > drivers/gpio/gpiolib-cdev.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c > index 744734405912..9155c54acc1e 100644 > --- a/drivers/gpio/gpiolib-cdev.c > +++ b/drivers/gpio/gpiolib-cdev.c > @@ -2598,10 +2598,7 @@ static int lineinfo_unwatch(struct gpio_chardev_data *cdev, void __user *ip) > return 0; > } > > -/* > - * gpio_ioctl() - ioctl handler for the GPIO chardev > - */ > -static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > +static long gpio_ioctl_unlocked(struct file *file, unsigned int cmd, unsigned long arg) > { > struct gpio_chardev_data *cdev = file->private_data; > struct gpio_device *gdev = cdev->gdev; > @@ -2638,6 +2635,17 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > } > } > > +/* > + * gpio_ioctl() - ioctl handler for the GPIO chardev > + */ > +static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > +{ > + struct gpio_chardev_data *cdev = file->private_data; > + > + return call_ioctl_locked(file, cmd, arg, cdev->gdev, > + gpio_ioctl_unlocked); > +} > + > #ifdef CONFIG_COMPAT > static long gpio_ioctl_compat(struct file *file, unsigned int cmd, > unsigned long arg) > -- > 2.39.2 > I applied this. I'll send it upstream tomorrow and once it's in master, I'll pick up the rest on Monday. Bart
diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index 744734405912..9155c54acc1e 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -2598,10 +2598,7 @@ static int lineinfo_unwatch(struct gpio_chardev_data *cdev, void __user *ip) return 0; } -/* - * gpio_ioctl() - ioctl handler for the GPIO chardev - */ -static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +static long gpio_ioctl_unlocked(struct file *file, unsigned int cmd, unsigned long arg) { struct gpio_chardev_data *cdev = file->private_data; struct gpio_device *gdev = cdev->gdev; @@ -2638,6 +2635,17 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg) } } +/* + * gpio_ioctl() - ioctl handler for the GPIO chardev + */ +static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + struct gpio_chardev_data *cdev = file->private_data; + + return call_ioctl_locked(file, cmd, arg, cdev->gdev, + gpio_ioctl_unlocked); +} + #ifdef CONFIG_COMPAT static long gpio_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)