* [PATCH 0/3] gpiolib: fix bugs in retval sanitization
@ 2025-02-25 11:56 Bartosz Golaszewski
2025-02-25 11:56 ` [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip Bartosz Golaszewski
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Bartosz Golaszewski @ 2025-02-25 11:56 UTC (permalink / raw)
To: Linus Walleij, Bartosz Golaszewski, Marek Szyprowski,
Andy Shevchenko
Cc: linux-gpio, linux-kernel, Bartosz Golaszewski
Here's a set of fixes to issues spotted in next after queuing the series
adding return value sanitization to GPIO core.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
Bartosz Golaszewski (3):
gpiolib: don't use gpiochip_get_direction() when registering a chip
gpiolib: use a more explicit retval logic in gpiochip_get_direction()
gpiolib: don't double-check the gc->get callback's existence
drivers/gpio/gpiolib.c | 29 ++++++++---------------------
1 file changed, 8 insertions(+), 21 deletions(-)
---
base-commit: 0226d0ce98a477937ed295fb7df4cc30b46fc304
change-id: 20250225-retval-fixes-a1a09a1e3a08
Best regards,
--
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip
2025-02-25 11:56 [PATCH 0/3] gpiolib: fix bugs in retval sanitization Bartosz Golaszewski
@ 2025-02-25 11:56 ` Bartosz Golaszewski
2025-02-25 13:22 ` Marek Szyprowski
2025-02-25 13:22 ` Andy Shevchenko
2025-02-25 11:56 ` [PATCH 2/3] gpiolib: use a more explicit retval logic in gpiochip_get_direction() Bartosz Golaszewski
2025-02-25 11:56 ` [PATCH 3/3] gpiolib: don't double-check the gc->get callback's existence Bartosz Golaszewski
2 siblings, 2 replies; 10+ messages in thread
From: Bartosz Golaszewski @ 2025-02-25 11:56 UTC (permalink / raw)
To: Linus Walleij, Bartosz Golaszewski, Marek Szyprowski,
Andy Shevchenko
Cc: linux-gpio, linux-kernel, Bartosz Golaszewski
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
During chip registration we should neither check the return value of
gc->get_direction() nor hold the SRCU lock when calling it. The former
is because pin controllers may have pins set to alternate functions and
return errors from their get_direction() callbacks. That's alright - we
should default to the safe INPUT state and not bail-out. The latter is
not needed because we haven't registered the chip yet so there's nothing
to protect against dynamic removal. In fact: we currently hit a lockdep
splat. Revert to calling the gc->get_direction() callback directly not
not checking its value.
Fixes: 9d846b1aebbe ("gpiolib: check the return value of gpio_chip::get_direction()")
Fixes: e623c4303ed1 ("gpiolib: sanitize the return value of gpio_chip::get_direction()")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Closes: https://lore.kernel.org/all/81f890fc-6688-42f0-9756-567efc8bb97a@samsung.com/
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
drivers/gpio/gpiolib.c | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index e8678a6c82ea..31d400b10167 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -1082,24 +1082,12 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
desc->gdev = gdev;
- if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index)) {
- ret = gpiochip_get_direction(gc, desc_index);
- if (ret < 0)
- /*
- * FIXME: Bail-out here once all GPIO drivers
- * are updated to not return errors in
- * situations that can be considered normal
- * operation.
- */
- dev_warn(&gdev->dev,
- "%s: get_direction failed: %d\n",
- __func__, ret);
-
- assign_bit(FLAG_IS_OUT, &desc->flags, !ret);
- } else {
+ if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index))
+ assign_bit(FLAG_IS_OUT, &desc->flags,
+ !gc->get_direction(gc, desc_index));
+ else
assign_bit(FLAG_IS_OUT,
&desc->flags, !gc->direction_input);
- }
}
ret = of_gpiochip_add(gc);
--
2.45.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/3] gpiolib: use a more explicit retval logic in gpiochip_get_direction()
2025-02-25 11:56 [PATCH 0/3] gpiolib: fix bugs in retval sanitization Bartosz Golaszewski
2025-02-25 11:56 ` [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip Bartosz Golaszewski
@ 2025-02-25 11:56 ` Bartosz Golaszewski
2025-02-25 13:19 ` Andy Shevchenko
2025-02-25 11:56 ` [PATCH 3/3] gpiolib: don't double-check the gc->get callback's existence Bartosz Golaszewski
2 siblings, 1 reply; 10+ messages in thread
From: Bartosz Golaszewski @ 2025-02-25 11:56 UTC (permalink / raw)
To: Linus Walleij, Bartosz Golaszewski, Marek Szyprowski,
Andy Shevchenko
Cc: linux-gpio, linux-kernel, Bartosz Golaszewski
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
We have existing macros for direction settings so we don't need to rely
on the magic value of 1 in the retval check. Use readable logic that
explicitly says we expect INPUT, OUTPUT or a negative errno and nothing
else in gpiochip_get_direction().
Fixes: e623c4303ed1 ("gpiolib: sanitize the return value of gpio_chip::get_direction()")
Suggested-by: Andy Shevchenko <andriy.shevchenko@intel.com>
Closes: https://lore.kernel.org/all/Z7yfTggRrk3K6srs@black.fi.intel.com/
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
drivers/gpio/gpiolib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 31d400b10167..d076b2ec633f 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -352,7 +352,8 @@ static int gpiochip_get_direction(struct gpio_chip *gc, unsigned int offset)
return -EOPNOTSUPP;
ret = gc->get_direction(gc, offset);
- if (ret > 1)
+ if (!(ret == GPIO_LINE_DIRECTION_OUT ||
+ ret == GPIO_LINE_DIRECTION_IN || ret < 0))
ret = -EBADE;
return ret;
--
2.45.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/3] gpiolib: don't double-check the gc->get callback's existence
2025-02-25 11:56 [PATCH 0/3] gpiolib: fix bugs in retval sanitization Bartosz Golaszewski
2025-02-25 11:56 ` [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip Bartosz Golaszewski
2025-02-25 11:56 ` [PATCH 2/3] gpiolib: use a more explicit retval logic in gpiochip_get_direction() Bartosz Golaszewski
@ 2025-02-25 11:56 ` Bartosz Golaszewski
2025-02-25 13:20 ` Andy Shevchenko
2 siblings, 1 reply; 10+ messages in thread
From: Bartosz Golaszewski @ 2025-02-25 11:56 UTC (permalink / raw)
To: Linus Walleij, Bartosz Golaszewski, Marek Szyprowski,
Andy Shevchenko
Cc: linux-gpio, linux-kernel, Bartosz Golaszewski
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
gpiochip_get() is called only in two places: in gpio_chip_get_value()
and in gpiochip_get_multiple() where the existence of the gc->get()
callback is already checked. It makes sense to unduplicate the check by
moving it one level up the stack.
Fixes: 86ef402d805d ("gpiolib: sanitize the return value of gpio_chip::get()")
Suggested-by: Andy Shevchenko <andriy.shevchenko@intel.com>
Closes: https://lore.kernel.org/all/Z7yekJ8uRh8dphKn@black.fi.intel.com/
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
drivers/gpio/gpiolib.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index d076b2ec633f..b8f10192f27e 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -3158,9 +3158,7 @@ static int gpiochip_get(struct gpio_chip *gc, unsigned int offset)
lockdep_assert_held(&gc->gpiodev->srcu);
- if (!gc->get)
- return -EIO;
-
+ /* Make sure this is called after checking for gc->get(). */
ret = gc->get(gc, offset);
if (ret > 1)
ret = -EBADE;
@@ -3170,7 +3168,7 @@ static int gpiochip_get(struct gpio_chip *gc, unsigned int offset)
static int gpio_chip_get_value(struct gpio_chip *gc, const struct gpio_desc *desc)
{
- return gpiochip_get(gc, gpio_chip_hwgpio(desc));
+ return gc->get ? gpiochip_get(gc, gpio_chip_hwgpio(desc)) : -EIO;
}
/* I/O calls are only valid after configuration completed; the relevant
--
2.45.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 2/3] gpiolib: use a more explicit retval logic in gpiochip_get_direction()
2025-02-25 11:56 ` [PATCH 2/3] gpiolib: use a more explicit retval logic in gpiochip_get_direction() Bartosz Golaszewski
@ 2025-02-25 13:19 ` Andy Shevchenko
0 siblings, 0 replies; 10+ messages in thread
From: Andy Shevchenko @ 2025-02-25 13:19 UTC (permalink / raw)
To: Bartosz Golaszewski
Cc: Linus Walleij, Marek Szyprowski, linux-gpio, linux-kernel,
Bartosz Golaszewski
On Tue, Feb 25, 2025 at 12:56:24PM +0100, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
>
> We have existing macros for direction settings so we don't need to rely
> on the magic value of 1 in the retval check. Use readable logic that
> explicitly says we expect INPUT, OUTPUT or a negative errno and nothing
> else in gpiochip_get_direction().
...
> ret = gc->get_direction(gc, offset);
> - if (ret > 1)
> + if (!(ret == GPIO_LINE_DIRECTION_OUT ||
> + ret == GPIO_LINE_DIRECTION_IN || ret < 0))
> ret = -EBADE;
Wouldn't be better to write it as
if (ret < 0)
return ret;
if (ret != GPIO_LINE_DIRECTION_OUT && ret != GPIO_LINE_DIRECTION_IN)
ret = -EBADE;
return ret;
Otherwise LGTM,
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
after addressing the above.
--
With Best Regards,
Andy Shevchenko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 3/3] gpiolib: don't double-check the gc->get callback's existence
2025-02-25 11:56 ` [PATCH 3/3] gpiolib: don't double-check the gc->get callback's existence Bartosz Golaszewski
@ 2025-02-25 13:20 ` Andy Shevchenko
0 siblings, 0 replies; 10+ messages in thread
From: Andy Shevchenko @ 2025-02-25 13:20 UTC (permalink / raw)
To: Bartosz Golaszewski
Cc: Linus Walleij, Marek Szyprowski, linux-gpio, linux-kernel,
Bartosz Golaszewski
On Tue, Feb 25, 2025 at 12:56:25PM +0100, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
>
> gpiochip_get() is called only in two places: in gpio_chip_get_value()
> and in gpiochip_get_multiple() where the existence of the gc->get()
> callback is already checked. It makes sense to unduplicate the check by
> moving it one level up the stack.
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
--
With Best Regards,
Andy Shevchenko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip
2025-02-25 11:56 ` [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip Bartosz Golaszewski
@ 2025-02-25 13:22 ` Marek Szyprowski
2025-02-25 13:22 ` Andy Shevchenko
1 sibling, 0 replies; 10+ messages in thread
From: Marek Szyprowski @ 2025-02-25 13:22 UTC (permalink / raw)
To: Bartosz Golaszewski, Linus Walleij, Andy Shevchenko
Cc: linux-gpio, linux-kernel, Bartosz Golaszewski
On 25.02.2025 12:56, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
>
> During chip registration we should neither check the return value of
> gc->get_direction() nor hold the SRCU lock when calling it. The former
> is because pin controllers may have pins set to alternate functions and
> return errors from their get_direction() callbacks. That's alright - we
> should default to the safe INPUT state and not bail-out. The latter is
> not needed because we haven't registered the chip yet so there's nothing
> to protect against dynamic removal. In fact: we currently hit a lockdep
> splat. Revert to calling the gc->get_direction() callback directly not
> not checking its value.
>
> Fixes: 9d846b1aebbe ("gpiolib: check the return value of gpio_chip::get_direction()")
> Fixes: e623c4303ed1 ("gpiolib: sanitize the return value of gpio_chip::get_direction()")
> Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
> Closes: https://lore.kernel.org/all/81f890fc-6688-42f0-9756-567efc8bb97a@samsung.com/
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
> ---
> drivers/gpio/gpiolib.c | 20 ++++----------------
> 1 file changed, 4 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
> index e8678a6c82ea..31d400b10167 100644
> --- a/drivers/gpio/gpiolib.c
> +++ b/drivers/gpio/gpiolib.c
> @@ -1082,24 +1082,12 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
>
> desc->gdev = gdev;
>
> - if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index)) {
> - ret = gpiochip_get_direction(gc, desc_index);
> - if (ret < 0)
> - /*
> - * FIXME: Bail-out here once all GPIO drivers
> - * are updated to not return errors in
> - * situations that can be considered normal
> - * operation.
> - */
> - dev_warn(&gdev->dev,
> - "%s: get_direction failed: %d\n",
> - __func__, ret);
> -
> - assign_bit(FLAG_IS_OUT, &desc->flags, !ret);
> - } else {
> + if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index))
> + assign_bit(FLAG_IS_OUT, &desc->flags,
> + !gc->get_direction(gc, desc_index));
> + else
> assign_bit(FLAG_IS_OUT,
> &desc->flags, !gc->direction_input);
> - }
> }
>
> ret = of_gpiochip_add(gc);
>
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip
2025-02-25 11:56 ` [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip Bartosz Golaszewski
2025-02-25 13:22 ` Marek Szyprowski
@ 2025-02-25 13:22 ` Andy Shevchenko
2025-02-25 14:43 ` Bartosz Golaszewski
1 sibling, 1 reply; 10+ messages in thread
From: Andy Shevchenko @ 2025-02-25 13:22 UTC (permalink / raw)
To: Bartosz Golaszewski
Cc: Linus Walleij, Marek Szyprowski, linux-gpio, linux-kernel,
Bartosz Golaszewski
On Tue, Feb 25, 2025 at 12:56:23PM +0100, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
>
> During chip registration we should neither check the return value of
> gc->get_direction() nor hold the SRCU lock when calling it. The former
> is because pin controllers may have pins set to alternate functions and
> return errors from their get_direction() callbacks. That's alright - we
> should default to the safe INPUT state and not bail-out. The latter is
> not needed because we haven't registered the chip yet so there's nothing
> to protect against dynamic removal. In fact: we currently hit a lockdep
> splat. Revert to calling the gc->get_direction() callback directly not
> not checking its value.
...
I think the below code deserves a commit (as a summary of the above commit
message).
> + if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index))
> + assign_bit(FLAG_IS_OUT, &desc->flags,
> + !gc->get_direction(gc, desc_index));
> + else
> assign_bit(FLAG_IS_OUT,
> &desc->flags, !gc->direction_input);
Otherwise LGTM,
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
--
With Best Regards,
Andy Shevchenko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip
2025-02-25 13:22 ` Andy Shevchenko
@ 2025-02-25 14:43 ` Bartosz Golaszewski
2025-02-25 14:46 ` Andy Shevchenko
0 siblings, 1 reply; 10+ messages in thread
From: Bartosz Golaszewski @ 2025-02-25 14:43 UTC (permalink / raw)
To: Andy Shevchenko
Cc: Linus Walleij, Marek Szyprowski, linux-gpio, linux-kernel,
Bartosz Golaszewski
On Tue, Feb 25, 2025 at 2:22 PM Andy Shevchenko
<andriy.shevchenko@linux.intel.com> wrote:
>
> On Tue, Feb 25, 2025 at 12:56:23PM +0100, Bartosz Golaszewski wrote:
> > From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
> >
> > During chip registration we should neither check the return value of
> > gc->get_direction() nor hold the SRCU lock when calling it. The former
> > is because pin controllers may have pins set to alternate functions and
> > return errors from their get_direction() callbacks. That's alright - we
> > should default to the safe INPUT state and not bail-out. The latter is
> > not needed because we haven't registered the chip yet so there's nothing
> > to protect against dynamic removal. In fact: we currently hit a lockdep
> > splat. Revert to calling the gc->get_direction() callback directly not
> > not checking its value.
>
> ...
>
> I think the below code deserves a commit (as a summary of the above commit
> message).
>
Can you rephrase? I'm not getting this one.
Bart
> > + if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index))
> > + assign_bit(FLAG_IS_OUT, &desc->flags,
> > + !gc->get_direction(gc, desc_index));
> > + else
> > assign_bit(FLAG_IS_OUT,
> > &desc->flags, !gc->direction_input);
>
> Otherwise LGTM,
> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
>
> --
> With Best Regards,
> Andy Shevchenko
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip
2025-02-25 14:43 ` Bartosz Golaszewski
@ 2025-02-25 14:46 ` Andy Shevchenko
0 siblings, 0 replies; 10+ messages in thread
From: Andy Shevchenko @ 2025-02-25 14:46 UTC (permalink / raw)
To: Bartosz Golaszewski
Cc: Linus Walleij, Marek Szyprowski, linux-gpio, linux-kernel,
Bartosz Golaszewski
On Tue, Feb 25, 2025 at 03:43:29PM +0100, Bartosz Golaszewski wrote:
> On Tue, Feb 25, 2025 at 2:22 PM Andy Shevchenko
> <andriy.shevchenko@linux.intel.com> wrote:
> > On Tue, Feb 25, 2025 at 12:56:23PM +0100, Bartosz Golaszewski wrote:
> > > During chip registration we should neither check the return value of
> > > gc->get_direction() nor hold the SRCU lock when calling it. The former
> > > is because pin controllers may have pins set to alternate functions and
> > > return errors from their get_direction() callbacks. That's alright - we
> > > should default to the safe INPUT state and not bail-out. The latter is
> > > not needed because we haven't registered the chip yet so there's nothing
> > > to protect against dynamic removal. In fact: we currently hit a lockdep
> > > splat. Revert to calling the gc->get_direction() callback directly not
> > > not checking its value.
...
> > I think the below code deserves a commit (as a summary of the above commit
> > message).
>
> Can you rephrase? I'm not getting this one.
Ah, s/commit/comment/
> > > + if (gc->get_direction && gpiochip_line_is_valid(gc, desc_index))
> > > + assign_bit(FLAG_IS_OUT, &desc->flags,
> > > + !gc->get_direction(gc, desc_index));
> > > + else
> > > assign_bit(FLAG_IS_OUT,
> > > &desc->flags, !gc->direction_input);
> >
> > Otherwise LGTM,
> > Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
--
With Best Regards,
Andy Shevchenko
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-02-25 14:46 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-25 11:56 [PATCH 0/3] gpiolib: fix bugs in retval sanitization Bartosz Golaszewski
2025-02-25 11:56 ` [PATCH 1/3] gpiolib: don't use gpiochip_get_direction() when registering a chip Bartosz Golaszewski
2025-02-25 13:22 ` Marek Szyprowski
2025-02-25 13:22 ` Andy Shevchenko
2025-02-25 14:43 ` Bartosz Golaszewski
2025-02-25 14:46 ` Andy Shevchenko
2025-02-25 11:56 ` [PATCH 2/3] gpiolib: use a more explicit retval logic in gpiochip_get_direction() Bartosz Golaszewski
2025-02-25 13:19 ` Andy Shevchenko
2025-02-25 11:56 ` [PATCH 3/3] gpiolib: don't double-check the gc->get callback's existence Bartosz Golaszewski
2025-02-25 13:20 ` Andy Shevchenko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).