tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

gpio: reject invalid gpio before getting gpio_desc

Check user-given gpio number and reject it before
calling gpio_to_desc() because gpio_to_desc() is
for kernel driver and it expects given gpio number
is valid (means 0 to 511).
If given number is invalid, gpio_to_desc() calls
WARN() and dump registers and stack for debug.
This means user can easily kick WARN() just by
writing invalid gpio number (e.g. 512) to
/sys/class/gpio/export.

Fixes: 0e9a5edf5d01 ("gpio: fix deferred probe detection for legacy API")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

authored by

Masami Hiramatsu and committed by
Linus Walleij 90b05b05 ef954844

+8 -2
+8 -2
drivers/gpio/gpiolib-sysfs.c
··· 2 2 #include <linux/mutex.h> 3 3 #include <linux/device.h> 4 4 #include <linux/sysfs.h> 5 + #include <linux/gpio.h> 5 6 #include <linux/gpio/consumer.h> 6 7 #include <linux/gpio/driver.h> 7 8 #include <linux/interrupt.h> ··· 433 432 }; 434 433 ATTRIBUTE_GROUPS(gpiochip); 435 434 435 + static struct gpio_desc *gpio_to_valid_desc(int gpio) 436 + { 437 + return gpio_is_valid(gpio) ? gpio_to_desc(gpio) : NULL; 438 + } 439 + 436 440 /* 437 441 * /sys/class/gpio/export ... write-only 438 442 * integer N ... number of GPIO to export (full access) ··· 456 450 if (status < 0) 457 451 goto done; 458 452 459 - desc = gpio_to_desc(gpio); 453 + desc = gpio_to_valid_desc(gpio); 460 454 /* reject invalid GPIOs */ 461 455 if (!desc) { 462 456 pr_warn("%s: invalid GPIO %ld\n", __func__, gpio); ··· 499 493 if (status < 0) 500 494 goto done; 501 495 502 - desc = gpio_to_desc(gpio); 496 + desc = gpio_to_valid_desc(gpio); 503 497 /* reject bogus commands (gpio_unexport ignores them) */ 504 498 if (!desc) { 505 499 pr_warn("%s: invalid GPIO %ld\n", __func__, gpio);