Re: [PATCH] tpm: Fix IRQ unwind ordering in TIS
From: Jarkko Sakkinen
Date: Thu Apr 28 2016 - 04:09:33 EST
On Wed, 2016-04-27 at 10:58 -0600, Jason Gunthorpe wrote:
> The devm for the IRQ was placed on the chip, not the pdev. This can
> cause the irq to be still callable after the pdev has been cleaned up
> (eg priv kfree'd).
>Â
> Found by CONFIG_DEBUG_SHIRQ=y
>Â
> Reported-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
> Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev")
> Signed-off-by: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
> Tested-by:ÂÂStefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
/Jarkko
> ---
> Âdrivers/char/tpm/tpm_tis.c | 4 ++--
> Â1 file changed, 2 insertions(+), 2 deletions(-)
>Â
> diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
> index a6b2d460bfc0..d88827046a42 100644
> --- a/drivers/char/tpm/tpm_tis.c
> +++ b/drivers/char/tpm/tpm_tis.c
> @@ -387,7 +387,7 @@ static void disable_interrupts(struct tpm_chip *chip)
> Â intmask &= ~TPM_GLOBAL_INT_ENABLE;
> Â iowrite32(intmask,
> Â ÂÂpriv->iobase + TPM_INT_ENABLE(priv->locality));
> - devm_free_irq(&chip->dev, priv->irq, chip);
> + devm_free_irq(chip->dev.parent, priv->irq, chip);
> Â priv->irq = 0;
> Â chip->flags &= ~TPM_CHIP_FLAG_IRQ;
> Â}
> @@ -604,7 +604,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32
> intmask,
> Â struct priv_data *priv = dev_get_drvdata(&chip->dev);
> Â u8 original_int_vec;
> Â
> - if (devm_request_irq(&chip->dev, irq, tis_int_handler, flags,
> + if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
> Â ÂÂÂÂÂdev_name(&chip->dev), chip) != 0) {
> Â dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
> Â Âirq);