Input: gpio-keys - fix crash when disabliing GPIO-less buttons

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

My brain-damaged adjustments to Paul's patch caused crashes in
gpio_keys_disable_button() when driver is used in GPIO-less (i.e.
purely interrupt-driven) setups, because I mixed together debounce and
release timers when they are in fact separate:

Unable to handle kernel NULL pointer dereference at virtual address 0000000c
...
PC is at hrtimer_active+0xc/0x98
LR is at hrtimer_try_to_cancel+0x24/0x140
...
[<c01c43b8>] (hrtimer_active) from [<c01c50f4>] (hrtimer_try_to_cancel+0x24/0x140)
[<c01c50f4>] (hrtimer_try_to_cancel) from [<c01c5224>] (hrtimer_cancel+0x14/0x4c)
[<c01c5224>] (hrtimer_cancel) from [<bf1cae24>] (gpio_keys_attr_store_helper+0x1b8/0x1d8 [gpio_keys])
[<bf1cae24>] (gpio_keys_attr_store_helper [gpio_keys]) from [<bf1cae80>] (gpio_keys_store_disabled_keys+0x18/0x24 [gpio_keys])
[<bf1cae80>] (gpio_keys_store_disabled_keys [gpio_keys]) from [<c038ec7c>] (kernfs_fop_write_iter+0x10c/0x1cc)
[<c038ec7c>] (kernfs_fop_write_iter) from [<c02df858>] (vfs_write+0x2ac/0x404)
[<c02df858>] (vfs_write) from [<c02dfaf4>] (ksys_write+0x64/0xdc)
[<c02dfaf4>] (ksys_write) from [<c0100080>] (ret_fast_syscall+0x0/0x58)

Let's fix it up.

Fixes: c9efb0ba281e ("Input: gpio-keys - use hrtimer for software debounce, if possible")
Reported-by: Tony Lindgren <tony@atomide.com>
Tested-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/YG1DFFgojSVfdpaz@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

Dmitry Torokhov 5 years ago 2531fdbf 73e7f173

+13 -17

1 changed file

expand all

drivers

input

keyboard

gpio_keys.c

+13 -17

drivers/input/keyboard/gpio_keys.c

··· 125 125 return (type == EV_KEY) ? dev->keybit : dev->swbit; 126 126 } 127 127 128 + static void gpio_keys_quiesce_key(void *data) 129 + { 130 + struct gpio_button_data *bdata = data; 131 + 132 + if (!bdata->gpiod) 133 + hrtimer_cancel(&bdata->release_timer); 134 + if (bdata->debounce_use_hrtimer) 135 + hrtimer_cancel(&bdata->debounce_timer); 136 + else 137 + cancel_delayed_work_sync(&bdata->work); 138 + } 139 + 128 140 /** 129 141 * gpio_keys_disable_button() - disables given GPIO button 130 142 * @bdata: button data for button to be disabled ··· 157 145 * Disable IRQ and associated timer/work structure. 158 146 */ 159 147 disable_irq(bdata->irq); 160 - 161 - if (bdata->debounce_use_hrtimer) 162 - hrtimer_cancel(&bdata->release_timer); 163 - else 164 - cancel_delayed_work_sync(&bdata->work); 165 - 148 + gpio_keys_quiesce_key(bdata); 166 149 bdata->disabled = true; 167 150 } 168 151 } ··· 499 492 return IRQ_HANDLED; 500 493 } 501 494 502 - static void gpio_keys_quiesce_key(void *data) 503 - { 504 - struct gpio_button_data *bdata = data; 505 - 506 - if (bdata->debounce_use_hrtimer) 507 - hrtimer_cancel(&bdata->debounce_timer); 508 - else 509 - cancel_delayed_work_sync(&bdata->work); 510 - } 511 - 512 495 static int gpio_keys_setup_key(struct platform_device *pdev, 513 496 struct input_dev *input, 514 497 struct gpio_keys_drvdata *ddata, ··· 632 635 } 633 636 634 637 bdata->release_delay = button->debounce_interval; 635 - bdata->debounce_use_hrtimer = true; 636 638 hrtimer_init(&bdata->release_timer, 637 639 CLOCK_REALTIME, HRTIMER_MODE_REL_HARD); 638 640 bdata->release_timer.function = gpio_keys_irq_timer;