| Message ID | 20160427165846.GA17064@obsidianresearch.com |
|---|---|
| State | New |
| Headers | show |
On Wed, 2016-04-27 at 10:58 -0600, Jason Gunthorpe wrote: > The devm for the IRQ was placed on the chip, not the pdev. This can > cause the irq to be still callable after the pdev has been cleaned up > (eg priv kfree'd). > > Found by CONFIG_DEBUG_SHIRQ=y > > Reported-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev") > Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> > Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> /Jarkko > --- > drivers/char/tpm/tpm_tis.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c > index a6b2d460bfc0..d88827046a42 100644 > --- a/drivers/char/tpm/tpm_tis.c > +++ b/drivers/char/tpm/tpm_tis.c > @@ -387,7 +387,7 @@ static void disable_interrupts(struct tpm_chip *chip) > intmask &= ~TPM_GLOBAL_INT_ENABLE; > iowrite32(intmask, > priv->iobase + TPM_INT_ENABLE(priv->locality)); > - devm_free_irq(&chip->dev, priv->irq, chip); > + devm_free_irq(chip->dev.parent, priv->irq, chip); > priv->irq = 0; > chip->flags &= ~TPM_CHIP_FLAG_IRQ; > } > @@ -604,7 +604,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 > intmask, > struct priv_data *priv = dev_get_drvdata(&chip->dev); > u8 original_int_vec; > > - if (devm_request_irq(&chip->dev, irq, tis_int_handler, flags, > + if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags, > dev_name(&chip->dev), chip) != 0) { > dev_info(&chip->dev, "Unable to request irq: %d for probe\n", > irq); ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
On Thu, 2016-04-28 at 11:09 +0300, Jarkko Sakkinen wrote: > On Wed, 2016-04-27 at 10:58 -0600, Jason Gunthorpe wrote: > > > > The devm for the IRQ was placed on the chip, not the pdev. This can > > cause the irq to be still callable after the pdev has been cleaned up > > (eg priv kfree'd). > > > > Found by CONFIG_DEBUG_SHIRQ=y > > > > Reported-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > > Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev") > > Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> > > Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> And applied and merged to next. /Jarkko > /Jarkko > > > > > --- > > drivers/char/tpm/tpm_tis.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c > > index a6b2d460bfc0..d88827046a42 100644 > > --- a/drivers/char/tpm/tpm_tis.c > > +++ b/drivers/char/tpm/tpm_tis.c > > @@ -387,7 +387,7 @@ static void disable_interrupts(struct tpm_chip *chip) > > intmask &= ~TPM_GLOBAL_INT_ENABLE; > > iowrite32(intmask, > > priv->iobase + TPM_INT_ENABLE(priv->locality)); > > - devm_free_irq(&chip->dev, priv->irq, chip); > > + devm_free_irq(chip->dev.parent, priv->irq, chip); > > priv->irq = 0; > > chip->flags &= ~TPM_CHIP_FLAG_IRQ; > > } > > @@ -604,7 +604,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 > > intmask, > > struct priv_data *priv = dev_get_drvdata(&chip->dev); > > u8 original_int_vec; > > > > - if (devm_request_irq(&chip->dev, irq, tis_int_handler, flags, > > + if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags, > > dev_name(&chip->dev), chip) != 0) { > > dev_info(&chip->dev, "Unable to request irq: %d for probe\n", > > irq); ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index a6b2d460bfc0..d88827046a42 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -387,7 +387,7 @@ static void disable_interrupts(struct tpm_chip *chip) intmask &= ~TPM_GLOBAL_INT_ENABLE; iowrite32(intmask, priv->iobase + TPM_INT_ENABLE(priv->locality)); - devm_free_irq(&chip->dev, priv->irq, chip); + devm_free_irq(chip->dev.parent, priv->irq, chip); priv->irq = 0; chip->flags &= ~TPM_CHIP_FLAG_IRQ; } @@ -604,7 +604,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask, struct priv_data *priv = dev_get_drvdata(&chip->dev); u8 original_int_vec; - if (devm_request_irq(&chip->dev, irq, tis_int_handler, flags, + if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags, dev_name(&chip->dev), chip) != 0) { dev_info(&chip->dev, "Unable to request irq: %d for probe\n", irq);
The devm for the IRQ was placed on the chip, not the pdev. This can cause the irq to be still callable after the pdev has been cleaned up (eg priv kfree'd). Found by CONFIG_DEBUG_SHIRQ=y Reported-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev") Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- drivers/char/tpm/tpm_tis.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)