gpiolib: fix bitmap operations related to line event watching

When operating on the bits of watched_lines bitmap, we're using
desc_to_gpio() which returns the GPIO number from the global numberspace.
This leads to all sorts of memory corruptions and invalid behavior. We
should switch to using gpio_chip_hwgpio() instead.

Fixes: 51c1064e82e7 ("gpiolib: add new ioctl() for monitoring changes in line info")
Reported-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Tested-by: Kent Gibson <warthog618@gmail.com>

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 20683695c5983d97394f48830523e08bae2fc01a..bc71f05d51933727adf41c7af668df92a4ab6dbf 100644 (file)
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -1261,7 +1261,7 @@ static long gpio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
                        return -EFAULT;
 
                if (cmd == GPIO_GET_LINEINFO_WATCH_IOCTL)
-                       set_bit(desc_to_gpio(desc), priv->watched_lines);
+                       set_bit(gpio_chip_hwgpio(desc), priv->watched_lines);
 
                return 0;
        } else if (cmd == GPIO_GET_LINEHANDLE_IOCTL) {
@@ -1276,7 +1276,7 @@ static long gpio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
                if (IS_ERR(desc))
                        return PTR_ERR(desc);
 
-               clear_bit(desc_to_gpio(desc), priv->watched_lines);
+               clear_bit(gpio_chip_hwgpio(desc), priv->watched_lines);
                return 0;
        }
        return -EINVAL;
@@ -1304,7 +1304,7 @@ static int lineinfo_changed_notify(struct notifier_block *nb,
        struct gpio_desc *desc = data;
        int ret;
 
-       if (!test_bit(desc_to_gpio(desc), priv->watched_lines))
+       if (!test_bit(gpio_chip_hwgpio(desc), priv->watched_lines))
                return NOTIFY_DONE;
 
        memset(&chg, 0, sizeof(chg));