From: Greg Kroah-Hartman Date: Mon, 28 Feb 2022 09:13:25 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.9.304~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=880e1b5c0927d2779a3e880b1d8b5324f622f98f;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: gpio-tegra186-fix-chip_data-type-confusion.patch --- diff --git a/queue-5.4/gpio-tegra186-fix-chip_data-type-confusion.patch b/queue-5.4/gpio-tegra186-fix-chip_data-type-confusion.patch new file mode 100644 index 00000000000..45a0f1ddeca --- /dev/null +++ b/queue-5.4/gpio-tegra186-fix-chip_data-type-confusion.patch @@ -0,0 +1,80 @@ +From d1e972ace42390de739cde87d96043dcbe502286 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Fri, 11 Feb 2022 09:39:04 +0000 +Subject: gpio: tegra186: Fix chip_data type confusion + +From: Marc Zyngier + +commit d1e972ace42390de739cde87d96043dcbe502286 upstream. + +The tegra186 GPIO driver makes the assumption that the pointer +returned by irq_data_get_irq_chip_data() is a pointer to a +tegra_gpio structure. Unfortunately, it is actually a pointer +to the inner gpio_chip structure, as mandated by the gpiolib +infrastructure. Nice try. + +The saving grace is that the gpio_chip is the first member of +tegra_gpio, so the bug has gone undetected since... forever. + +Fix it by performing a container_of() on the pointer. This results +in no additional code, and makes it possible to understand how +the whole thing works. + +Fixes: 5b2b135a87fc ("gpio: Add Tegra186 support") +Signed-off-by: Marc Zyngier +Cc: Thierry Reding +Cc: Linus Walleij +Cc: Bartosz Golaszewski +Link: https://lore.kernel.org/r/20220211093904.1112679-1-maz@kernel.org +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-tegra186.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/gpio/gpio-tegra186.c ++++ b/drivers/gpio/gpio-tegra186.c +@@ -234,9 +234,12 @@ static int tegra186_gpio_of_xlate(struct + return offset + pin; + } + ++#define to_tegra_gpio(x) container_of((x), struct tegra_gpio, gpio) ++ + static void tegra186_irq_ack(struct irq_data *data) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + + base = tegra186_gpio_get_base(gpio, data->hwirq); +@@ -248,7 +251,8 @@ static void tegra186_irq_ack(struct irq_ + + static void tegra186_irq_mask(struct irq_data *data) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + u32 value; + +@@ -263,7 +267,8 @@ static void tegra186_irq_mask(struct irq + + static void tegra186_irq_unmask(struct irq_data *data) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + u32 value; + +@@ -278,7 +283,8 @@ static void tegra186_irq_unmask(struct i + + static int tegra186_irq_set_type(struct irq_data *data, unsigned int type) + { +- struct tegra_gpio *gpio = irq_data_get_irq_chip_data(data); ++ struct gpio_chip *gc = irq_data_get_irq_chip_data(data); ++ struct tegra_gpio *gpio = to_tegra_gpio(gc); + void __iomem *base; + u32 value; + diff --git a/queue-5.4/series b/queue-5.4/series index fd3ad96c085..0b8deed2c46 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -47,3 +47,4 @@ xhci-prevent-futile-urb-re-submissions-due-to-incorrect-return-value.patch tty-n_gsm-fix-encoding-of-control-signal-octet-bit-dv.patch tty-n_gsm-fix-proper-link-termination-after-failed-open.patch tty-n_gsm-fix-null-pointer-access-due-to-dlci-release.patch +gpio-tegra186-fix-chip_data-type-confusion.patch