[PATCH v2 1/5] gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kent Gibson <warthog618@gmail.com>
To: linux-kernel@vger.kernel.org, linux-gpio@vger.kernel.org,
	brgl@bgdev.pl, linus.walleij@linaro.org, andy@kernel.org
Cc: Kent Gibson <warthog618@gmail.com>
Subject: [PATCH v2 1/5] gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl()
Date: Thu, 21 Dec 2023 09:20:36 +0800	[thread overview]
Message-ID: <20231221012040.17763-2-warthog618@gmail.com> (raw)
In-Reply-To: <20231221012040.17763-1-warthog618@gmail.com>

While the GPIO cdev gpio_ioctl() call is in progress, the kernel can
call gpiochip_remove() which will set gdev->chip to NULL, after which
any subsequent access will cause a crash.

gpio_ioctl() was overlooked by the previous fix to protect syscalls
(bdbbae241a04), so add protection for that.

Fixes: bdbbae241a04 ("gpiolib: protect the GPIO device against being dropped while in use by user-space")
Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
Fixes: 3c0d9c635ae2 ("gpiolib: cdev: support GPIO_V2_GET_LINE_IOCTL and GPIO_V2_LINE_GET_VALUES_IOCTL")
Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
Signed-off-by: Kent Gibson <warthog618@gmail.com>
---
 drivers/gpio/gpiolib-cdev.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index 744734405912..9155c54acc1e 100644
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -2598,10 +2598,7 @@ static int lineinfo_unwatch(struct gpio_chardev_data *cdev, void __user *ip)
 	return 0;
 }
 
-/*
- * gpio_ioctl() - ioctl handler for the GPIO chardev
- */
-static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+static long gpio_ioctl_unlocked(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	struct gpio_chardev_data *cdev = file->private_data;
 	struct gpio_device *gdev = cdev->gdev;
@@ -2638,6 +2635,17 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	}
 }
 
+/*
+ * gpio_ioctl() - ioctl handler for the GPIO chardev
+ */
+static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+	struct gpio_chardev_data *cdev = file->private_data;
+
+	return call_ioctl_locked(file, cmd, arg, cdev->gdev,
+				 gpio_ioctl_unlocked);
+}
+
 #ifdef CONFIG_COMPAT
 static long gpio_ioctl_compat(struct file *file, unsigned int cmd,
 			      unsigned long arg)
-- 
2.39.2

next prev parent reply	other threads:[~2023-12-21  1:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-21  1:20 [PATCH v2 0/5] gpiolib: cdev: guard tidying Kent Gibson
2023-12-21  1:20 ` Kent Gibson [this message]
2023-12-21  9:32   ` [PATCH v2 1/5] gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() Bartosz Golaszewski
2023-12-21  1:20 ` [PATCH v2 2/5] gpiolib: cdev: include overflow.h Kent Gibson
2023-12-21  1:20 ` [PATCH v2 3/5] gpiolib: cdev: allocate linereq using kvzalloc() Kent Gibson
2023-12-21  1:20 ` [PATCH v2 4/5] gpiolib: cdev: replace locking wrappers for config_mutex with guards Kent Gibson
2023-12-21  1:20 ` [PATCH v2 5/5] gpiolib: cdev: replace locking wrappers for gpio_device " Kent Gibson
2023-12-21 15:48   ` Andy Shevchenko
2023-12-22  0:47     ` Kent Gibson
2023-12-22 14:05       ` Bartosz Golaszewski
2023-12-22 14:12         ` Kent Gibson
2023-12-27 14:46 ` [PATCH v2 0/5] gpiolib: cdev: guard tidying Bartosz Golaszewski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:74473440591 dfblob:9155c54acc1 )
 OR (
bs:"[PATCH v2 1/5] gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231221012040.17763-2-warthog618@gmail.com \
    --to=warthog618@gmail.com \
    --cc=andy@kernel.org \
    --cc=brgl@bgdev.pl \
    --cc=linus.walleij@linaro.org \
    --cc=linux-gpio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.