gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_remove()
authorJia-Ju Bai <baijiaju1990@gmail.com>
Thu, 19 Dec 2019 13:14:59 +0000 (21:14 +0800)
committerLinus Walleij <linus.walleij@linaro.org>
Tue, 7 Jan 2020 12:37:10 +0000 (13:37 +0100)
drivers/gpio/gpiolib-sysfs.c, 796:
mutex_lock in gpiochip_sysfs_unregister
drivers/gpio/gpiolib.c, 1455:
gpiochip_sysfs_unregister in gpiochip_remove
drivers/gpio/gpio-grgpio.c, 460:
gpiochip_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
_raw_spin_lock_irqsave in grgpio_remove

kernel/irq/irqdomain.c, 243:
mutex_lock in irq_domain_remove
drivers/gpio/gpio-grgpio.c, 463:
irq_domain_remove in grgpio_remove
drivers/gpio/gpio-grgpio.c, 449:
_raw_spin_lock_irqsave in grgpio_remove

mutex_lock() can sleep at runtime.

To fix these bugs, the lock is dropped in grgpio_remove(), because there
is no need for locking in remove() callbacks.

These bugs are found by a static analysis tool STCheck written by
myself.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20191219131459.18640-1-baijiaju1990@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
drivers/gpio/gpio-grgpio.c

index 08234e64993a951879d21bfc22b8f3debe1a1e74..a49f0711ca944db5fa54291b23cea277805c80c2 100644 (file)
@@ -437,8 +437,6 @@ static int grgpio_remove(struct platform_device *ofdev)
        int i;
        int ret = 0;
 
-       spin_lock_irqsave(&priv->gc.bgpio_lock, flags);
-
        if (priv->domain) {
                for (i = 0; i < GRGPIO_MAX_NGPIO; i++) {
                        if (priv->uirqs[i].refcnt != 0) {
@@ -454,8 +452,6 @@ static int grgpio_remove(struct platform_device *ofdev)
                irq_domain_remove(priv->domain);
 
 out:
-       spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags);
-
        return ret;
 }