From: Guenter Roeck <linux@roeck-us.net>
To: Daniel Santos <daniel.santos@pobox.com>
Cc: danielfsantos@att.net, Linus Walleij <linus.walleij@linaro.org>,
linux-gpio@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] gpiolib: Fix crash when exporting non-existant gpio
Date: Sat, 24 Aug 2013 12:57:53 -0700 [thread overview]
Message-ID: <52191041.7040505@roeck-us.net> (raw)
In-Reply-To: <1377370108-2867-1-git-send-email-daniel.santos@pobox.com>
On 08/24/2013 11:48 AM, danielfsantos@att.net wrote:
> I got this on an RPi and I can't find anything specific to that.
> Besides, it's clearly wrong to try to access desc->chip when we have
> just tested that it may be NULL at drivers/gpio/gpiolib.c:1409:
>
> chip = desc->chip;
> if (chip == NULL)
> goto done;
>
> ....
>
> done:
> if (status)
> pr_debug("_gpio_request: gpio-%d (%s) status %d\n",
> desc_to_gpio(desc), label ? : "?", status);
>
> To reproduce, just pick an invalid gpio nubmer and:
>
> echo -n 248 > /sys/class/gpio/export
>
> However, I wasn't able to reproduce it on my laptop, maybe because I
> don't have any real gpio chips there, not sure. More info on RPi bug
> report: https://github.com/raspberrypi/linux/issues/364
>
> [ 222.961384] Unable to handle kernel NULL pointer dereference at
> virtual address 00000044
> [ 222.969486] pgd = d97d0000
> [ 222.972190] [00000044] *pgd=1aaca831, *pte=00000000, *ppte=00000000
> [ 222.978483] Internal error: Oops: 17 [#1] PREEMPT ARM
> ---
> drivers/gpio/gpiolib.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
> index d6413b2..e547f75f8b 100644
> --- a/drivers/gpio/gpiolib.c
> +++ b/drivers/gpio/gpiolib.c
> @@ -136,7 +136,7 @@ static struct gpio_desc *gpio_to_desc(unsigned gpio)
> */
> static int desc_to_gpio(const struct gpio_desc *desc)
> {
> - return desc->chip->base + gpio_chip_hwgpio(desc);
> + return desc->chip ? desc->chip->base + gpio_chip_hwgpio(desc) : -1;
> }
>
Looking into calling code, desc_to_gpio() is clearly not supposed to return an error,
and it will result in odd behavior if it returns -1. For example, the resulting debug
message of "gpio--1 (...) status ..." is not very useful.
It would make more sense to fix the calling code. You could for example
validate in affected functions if the gpio pin exists by not only
checking for desc but also for desc->chip. Another option might be
to have gpio_to_desc() return NULL if desc->chip is NULL.
Guenter
next prev parent reply other threads:[~2013-08-24 19:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-24 18:48 [PATCH] gpiolib: Fix crash when exporting non-existant gpio danielfsantos
2013-08-24 19:57 ` Guenter Roeck [this message]
2013-08-24 20:31 ` Daniel Santos
2013-08-24 20:48 ` danielfsantos
2013-08-24 20:52 ` [PATCH v2] gpiolib: Fix crash when exporting non-existent gpio Daniel Santos
2013-08-24 21:51 ` [PATCH] gpiolib: Fix crash when exporting non-existant gpio Guenter Roeck
2013-08-29 9:52 ` Linus Walleij
2013-08-29 10:23 ` Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52191041.7040505@roeck-us.net \
--to=linux@roeck-us.net \
--cc=daniel.santos@pobox.com \
--cc=danielfsantos@att.net \
--cc=linus.walleij@linaro.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox