From 2531fdbf8bfc22b0a2554bb3e3772dd8105d74ad Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov Date: Wed, 7 Apr 2021 23:14:50 -0700 Subject: Input: gpio-keys - fix crash when disabliing GPIO-less buttons My brain-damaged adjustments to Paul's patch caused crashes in gpio_keys_disable_button() when driver is used in GPIO-less (i.e. purely interrupt-driven) setups, because I mixed together debounce and release timers when they are in fact separate: Unable to handle kernel NULL pointer dereference at virtual address 0000000c ... PC is at hrtimer_active+0xc/0x98 LR is at hrtimer_try_to_cancel+0x24/0x140 ... [] (hrtimer_active) from [] (hrtimer_try_to_cancel+0x24/0x140) [] (hrtimer_try_to_cancel) from [] (hrtimer_cancel+0x14/0x4c) [] (hrtimer_cancel) from [] (gpio_keys_attr_store_helper+0x1b8/0x1d8 [gpio_keys]) [] (gpio_keys_attr_store_helper [gpio_keys]) from [] (gpio_keys_store_disabled_keys+0x18/0x24 [gpio_keys]) [] (gpio_keys_store_disabled_keys [gpio_keys]) from [] (kernfs_fop_write_iter+0x10c/0x1cc) [] (kernfs_fop_write_iter) from [] (vfs_write+0x2ac/0x404) [] (vfs_write) from [] (ksys_write+0x64/0xdc) [] (ksys_write) from [] (ret_fast_syscall+0x0/0x58) Let's fix it up. Fixes: c9efb0ba281e ("Input: gpio-keys - use hrtimer for software debounce, if possible") Reported-by: Tony Lindgren Tested-by: Tony Lindgren Link: https://lore.kernel.org/r/YG1DFFgojSVfdpaz@google.com Signed-off-by: Dmitry Torokhov --- drivers/input/keyboard/gpio_keys.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) (limited to 'drivers/input') diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c index fe8fc76ee22e..8dbf1e69c90a 100644 --- a/drivers/input/keyboard/gpio_keys.c +++ b/drivers/input/keyboard/gpio_keys.c @@ -125,6 +125,18 @@ static const unsigned long *get_bm_events_by_type(struct input_dev *dev, return (type == EV_KEY) ? dev->keybit : dev->swbit; } +static void gpio_keys_quiesce_key(void *data) +{ + struct gpio_button_data *bdata = data; + + if (!bdata->gpiod) + hrtimer_cancel(&bdata->release_timer); + if (bdata->debounce_use_hrtimer) + hrtimer_cancel(&bdata->debounce_timer); + else + cancel_delayed_work_sync(&bdata->work); +} + /** * gpio_keys_disable_button() - disables given GPIO button * @bdata: button data for button to be disabled @@ -145,12 +157,7 @@ static void gpio_keys_disable_button(struct gpio_button_data *bdata) * Disable IRQ and associated timer/work structure. */ disable_irq(bdata->irq); - - if (bdata->debounce_use_hrtimer) - hrtimer_cancel(&bdata->release_timer); - else - cancel_delayed_work_sync(&bdata->work); - + gpio_keys_quiesce_key(bdata); bdata->disabled = true; } } @@ -492,16 +499,6 @@ out: return IRQ_HANDLED; } -static void gpio_keys_quiesce_key(void *data) -{ - struct gpio_button_data *bdata = data; - - if (bdata->debounce_use_hrtimer) - hrtimer_cancel(&bdata->debounce_timer); - else - cancel_delayed_work_sync(&bdata->work); -} - static int gpio_keys_setup_key(struct platform_device *pdev, struct input_dev *input, struct gpio_keys_drvdata *ddata, @@ -635,7 +632,6 @@ static int gpio_keys_setup_key(struct platform_device *pdev, } bdata->release_delay = button->debounce_interval; - bdata->debounce_use_hrtimer = true; hrtimer_init(&bdata->release_timer, CLOCK_REALTIME, HRTIMER_MODE_REL_HARD); bdata->release_timer.function = gpio_keys_irq_timer; -- cgit v1.2.3-58-ga151