Re: [PATCH] tpm: Fix IRQ unwind ordering in TIS

[Jarkko Sakkinen]

On Thu, 2016-04-28 at 11:09 +0300, Jarkko Sakkinen wrote:
> On Wed, 2016-04-27 at 10:58 -0600, Jason Gunthorpe wrote:
> > 
> > The devm for the IRQ was placed on the chip, not the pdev. This can
> > cause the irq to be still callable after the pdev has been cleaned up
> > (eg priv kfree'd).
> > Â
> > Found by CONFIG_DEBUG_SHIRQ=y
> > Â
> > Reported-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
> > Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev")
> > Signed-off-by: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
> > Tested-by:ÂÂStefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>

And applied Âand merged to next.

/Jarkko

> /Jarkko
> 
> > 
> > ---
> > Âdrivers/char/tpm/tpm_tis.c | 4 ++--
> > Â1 file changed, 2 insertions(+), 2 deletions(-)
> > Â
> > diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
> > index a6b2d460bfc0..d88827046a42 100644
> > --- a/drivers/char/tpm/tpm_tis.c
> > +++ b/drivers/char/tpm/tpm_tis.c
> > @@ -387,7 +387,7 @@ static void disable_interrupts(struct tpm_chip *chip)
> > Â	intmask &= ~TPM_GLOBAL_INT_ENABLE;
> > Â	iowrite32(intmask,
> > Â		ÂÂpriv->iobase + TPM_INT_ENABLE(priv->locality));
> > -	devm_free_irq(&chip->dev, priv->irq, chip);
> > +	devm_free_irq(chip->dev.parent, priv->irq, chip);
> > Â	priv->irq = 0;
> > Â	chip->flags &= ~TPM_CHIP_FLAG_IRQ;
> > Â}
> > @@ -604,7 +604,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32
> > intmask,
> > Â	struct priv_data *priv = dev_get_drvdata(&chip->dev);
> > Â	u8 original_int_vec;
> > Â
> > -	if (devm_request_irq(&chip->dev, irq, tis_int_handler, flags,
> > +	if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
> > Â			ÂÂÂÂÂdev_name(&chip->dev), chip) != 0) {
> > Â		dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
> > Â			Âirq);