From: Greg Kroah-Hartman Date: Fri, 15 May 2015 16:55:58 +0000 (-0700) Subject: 3.10-stable patches X-Git-Tag: v3.10.79~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b5be2e7064c23b26bb983f61a4ba573f9eae9bfb;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: gpio-sysfs-fix-memory-leaks-and-device-hotplug.patch gpio-unregister-gpiochip-device-before-removing-it.patch --- diff --git a/queue-3.10/gpio-sysfs-fix-memory-leaks-and-device-hotplug.patch b/queue-3.10/gpio-sysfs-fix-memory-leaks-and-device-hotplug.patch new file mode 100644 index 00000000000..26cc62a398b --- /dev/null +++ b/queue-3.10/gpio-sysfs-fix-memory-leaks-and-device-hotplug.patch @@ -0,0 +1,98 @@ +From 483d821108791092798f5d230686868112927044 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 21 Apr 2015 17:42:09 +0200 +Subject: gpio: sysfs: fix memory leaks and device hotplug + +From: Johan Hovold + +commit 483d821108791092798f5d230686868112927044 upstream. + +Unregister GPIOs requested through sysfs at chip remove to avoid leaking +the associated memory and sysfs entries. + +The stale sysfs entries prevented the gpio numbers from being exported +when the gpio range was later reused (e.g. at device reconnect). + +This also fixes the related module-reference leak. + +Note that kernfs makes sure that any on-going sysfs operations finish +before the class devices are unregistered and that further accesses +fail. + +The chip exported flag is used to prevent gpiod exports during removal. +This also makes it harder to trigger, but does not fix, the related race +between gpiochip_remove and export_store, which is really a race with +gpiod_request that needs to be addressed separately. + +Also note that this would prevent the crashes (e.g. NULL-dereferences) +at reconnect that affects pre-3.18 kernels, as well as use-after-free on +operations on open attribute files on pre-3.14 kernels (prior to +kernfs). + +Fixes: d8f388d8dc8d ("gpio: sysfs interface") +Signed-off-by: Johan Hovold +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpiolib.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -752,6 +752,7 @@ static struct class gpio_class = { + */ + static int gpiod_export(struct gpio_desc *desc, bool direction_may_change) + { ++ struct gpio_chip *chip; + unsigned long flags; + int status; + const char *ioname = NULL; +@@ -769,8 +770,16 @@ static int gpiod_export(struct gpio_desc + return -EINVAL; + } + ++ chip = desc->chip; ++ + mutex_lock(&sysfs_lock); + ++ /* check if chip is being removed */ ++ if (!chip || !chip->exported) { ++ status = -ENODEV; ++ goto fail_unlock; ++ } ++ + spin_lock_irqsave(&gpio_lock, flags); + if (!test_bit(FLAG_REQUESTED, &desc->flags) || + test_bit(FLAG_EXPORT, &desc->flags)) { +@@ -1040,6 +1049,8 @@ static void gpiochip_unexport(struct gpi + { + int status; + struct device *dev; ++ struct gpio_desc *desc; ++ unsigned int i; + + mutex_lock(&sysfs_lock); + dev = class_find_device(&gpio_class, NULL, chip, match_export); +@@ -1047,6 +1058,7 @@ static void gpiochip_unexport(struct gpi + sysfs_remove_group(&dev->kobj, &gpiochip_attr_group); + put_device(dev); + device_unregister(dev); ++ /* prevent further gpiod exports */ + chip->exported = 0; + status = 0; + } else +@@ -1056,6 +1068,13 @@ static void gpiochip_unexport(struct gpi + if (status) + pr_debug("%s: chip %s status %d\n", __func__, + chip->label, status); ++ ++ /* unregister gpiod class devices owned by sysfs */ ++ for (i = 0; i < chip->ngpio; i++) { ++ desc = &chip->desc[i]; ++ if (test_and_clear_bit(FLAG_SYSFS, &desc->flags)) ++ gpiod_free(desc); ++ } + } + + static int __init gpiolib_sysfs_init(void) diff --git a/queue-3.10/gpio-unregister-gpiochip-device-before-removing-it.patch b/queue-3.10/gpio-unregister-gpiochip-device-before-removing-it.patch new file mode 100644 index 00000000000..b8d7ce9cad1 --- /dev/null +++ b/queue-3.10/gpio-unregister-gpiochip-device-before-removing-it.patch @@ -0,0 +1,42 @@ +From 01cca93a9491ed95992523ff7e79dd9bfcdea8e0 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 12 Jan 2015 17:12:29 +0100 +Subject: gpio: unregister gpiochip device before removing it + +From: Johan Hovold + +commit 01cca93a9491ed95992523ff7e79dd9bfcdea8e0 upstream. + +Unregister gpiochip device (used to export information through sysfs) +before removing it internally. This way removal will reverse addition. + +Signed-off-by: Johan Hovold +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/gpio/gpiolib.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -1265,6 +1265,8 @@ int gpiochip_remove(struct gpio_chip *ch + int status = 0; + unsigned id; + ++ gpiochip_unexport(chip); ++ + spin_lock_irqsave(&gpio_lock, flags); + + gpiochip_remove_pin_ranges(chip); +@@ -1285,9 +1287,6 @@ int gpiochip_remove(struct gpio_chip *ch + + spin_unlock_irqrestore(&gpio_lock, flags); + +- if (status == 0) +- gpiochip_unexport(chip); +- + return status; + } + EXPORT_SYMBOL_GPL(gpiochip_remove); diff --git a/queue-3.10/series b/queue-3.10/series index 0e8e849faa7..78033382a04 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -2,3 +2,5 @@ ocfs2-dlm-fix-race-between-purge-and-get-lock-resource.patch nilfs2-fix-sanity-check-of-btree-level-in-nilfs_btree_root_broken.patch mm-memory-failure-call-shake_page-when-error-hits-thp-tail-page.patch xen-console-update-console-event-channel-on-resume.patch +gpio-unregister-gpiochip-device-before-removing-it.patch +gpio-sysfs-fix-memory-leaks-and-device-hotplug.patch