From: Greg Kroah-Hartman Date: Mon, 28 Feb 2022 09:13:30 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.9.304~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=673d2ae1f63d789caf545c1212f15609b06b93b2;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: gpio-tegra186-fix-chip_data-type-confusion.patch --- diff --git a/queue-5.10/gpio-tegra186-fix-chip_data-type-confusion.patch b/queue-5.10/gpio-tegra186-fix-chip_data-type-confusion.patch new file mode 100644 index 00000000000..eb43dcfd834 --- /dev/null +++ b/queue-5.10/gpio-tegra186-fix-chip_data-type-confusion.patch @@ -0,0 +1,80 @@ +From d1e972ace42390de739cde87d96043dcbe502286 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Fri, 11 Feb 2022 09:39:04 +0000 +Subject: gpio: tegra186: Fix chip_data type confusion + +From: Marc Zyngier + +commit d1e972ace42390de739cde87d96043dcbe502286 upstream. + +The tegra186 GPIO driver makes the assumption that the pointer +returned by irq_data_get_irq_chip_data() is a pointer to a +tegra_gpio structure. Unfortunately, it is actually a pointer +to the inner gpio_chip structure, as mandated by the gpiolib +infrastructure. Nice try. + +The saving grace is that the gpio_chip is the first member of +tegra_gpio, so the bug has gone undetected since... forever. + +Fix it by performing a container_of() on the pointer. This results +in no additional code, and makes it possible to understand how +the whole thing works. + +Fixes: 5b2b135a87fc ("gpio: Add Tegra186 support") +Signed-off-by: Marc Zyngier +Cc: Thierry Reding +Cc: Linus Walleij +Cc: Bartosz Golaszewski +Link: https://lore.kernel.org/r/20220211093904.1112679-1-maz@kernel.org +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-tegra186.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/gpio/gpio-tegra186.c ++++ b/drivers/gpio/gpio-tegra186.c +@@ -337,9 +337,12 @@ static int tegra186_gpio_of_xlate(struct + return offset + pin; + } + ++#define to_tegra_gpio(x) container_of((x), struct tegra_gpio, gpio) ++ + static void tegra186_irq_ack(struct irq_data *data) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + + base = tegra186_gpio_get_base(gpio, data->hwirq); +@@ -351,7 +354,8 @@ static void tegra186_irq_ack(struct irq_ + + static void tegra186_irq_mask(struct irq_data *data) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + u32 value; + +@@ -366,7 +370,8 @@ static void tegra186_irq_mask(struct irq + + static void tegra186_irq_unmask(struct irq_data *data) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + u32 value; + +@@ -381,7 +386,8 @@ static void tegra186_irq_unmask(struct i + + static int tegra186_irq_set_type(struct irq_data *data, unsigned int type) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + u32 value; + diff --git a/queue-5.10/series b/queue-5.10/series index 95bf0b9d657..f0bb37c2347 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -76,3 +76,4 @@ tty-n_gsm-fix-proper-link-termination-after-failed-open.patch tty-n_gsm-fix-null-pointer-access-due-to-dlci-release.patch tty-n_gsm-fix-wrong-tty-control-line-for-flow-control.patch tty-n_gsm-fix-deadlock-in-gsmtty_open.patch +gpio-tegra186-fix-chip_data-type-confusion.patch