1. Patchew
  2. linux
  3. View series

[PATCH] drm/bridge: samsung-dsim: Fix potential double-free in TE GPIO handling

Miaoqian Lin posted 1 patch 2 months ago 
drivers/gpu/drm/bridge/samsung-dsim.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
[PATCH] drm/bridge: samsung-dsim: Fix potential double-free in TE GPIO handling
Posted by Miaoqian Lin 2 months ago 
The devm_gpiod_get_optional() function uses device-managed resources that
are automatically cleaned up. The
gpiod_put() calls in both the error path of samsung_dsim_register_te_irq()
and in samsung_dsim_unregister_te_irq() are redundant and may lead to
double-free when the device is removed.

Fixes: e7447128ca4a ("drm: bridge: Generalize Exynos-DSI driver into a Samsung DSIM bridge")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
 drivers/gpu/drm/bridge/samsung-dsim.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/bridge/samsung-dsim.c b/drivers/gpu/drm/bridge/samsung-dsim.c
index bccc88d25948..6ffaee6b7738 100644
--- a/drivers/gpu/drm/bridge/samsung-dsim.c
+++ b/drivers/gpu/drm/bridge/samsung-dsim.c
@@ -1691,7 +1691,6 @@ static int samsung_dsim_register_te_irq(struct samsung_dsim *dsi, struct device
 				   IRQF_TRIGGER_RISING | IRQF_NO_AUTOEN, "TE", dsi);
 	if (ret) {
 		dev_err(dsi->dev, "request interrupt failed with %d\n", ret);
-		gpiod_put(dsi->te_gpio);
 		return ret;
 	}
 
@@ -1790,10 +1789,8 @@ static int samsung_dsim_host_attach(struct mipi_dsi_host *host,
 
 static void samsung_dsim_unregister_te_irq(struct samsung_dsim *dsi)
 {
-	if (dsi->te_gpio) {
+	if (dsi->te_gpio)
 		free_irq(gpiod_to_irq(dsi->te_gpio), dsi);
-		gpiod_put(dsi->te_gpio);
-	}
 }
 
 static int samsung_dsim_host_detach(struct mipi_dsi_host *host,
-- 
2.35.1
Re: [PATCH] drm/bridge: samsung-dsim: Fix potential double-free in TE GPIO handling
Posted by Marek Szyprowski 2 months ago 
On 04.08.2025 14:24, Miaoqian Lin wrote:
> The devm_gpiod_get_optional() function uses device-managed resources that
> are automatically cleaned up. The
> gpiod_put() calls in both the error path of samsung_dsim_register_te_irq()
> and in samsung_dsim_unregister_te_irq() are redundant and may lead to
> double-free when the device is removed.
>
> Fixes: e7447128ca4a ("drm: bridge: Generalize Exynos-DSI driver into a Samsung DSIM bridge")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Marek Szyprowski <m.szyprowski@samsung.com>
> ---
>   drivers/gpu/drm/bridge/samsung-dsim.c | 5 +----
>   1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/samsung-dsim.c b/drivers/gpu/drm/bridge/samsung-dsim.c
> index bccc88d25948..6ffaee6b7738 100644
> --- a/drivers/gpu/drm/bridge/samsung-dsim.c
> +++ b/drivers/gpu/drm/bridge/samsung-dsim.c
> @@ -1691,7 +1691,6 @@ static int samsung_dsim_register_te_irq(struct samsung_dsim *dsi, struct device
>   				   IRQF_TRIGGER_RISING | IRQF_NO_AUTOEN, "TE", dsi);
>   	if (ret) {
>   		dev_err(dsi->dev, "request interrupt failed with %d\n", ret);
> -		gpiod_put(dsi->te_gpio);
>   		return ret;
>   	}
>   
> @@ -1790,10 +1789,8 @@ static int samsung_dsim_host_attach(struct mipi_dsi_host *host,
>   
>   static void samsung_dsim_unregister_te_irq(struct samsung_dsim *dsi)
>   {
> -	if (dsi->te_gpio) {
> +	if (dsi->te_gpio)
>   		free_irq(gpiod_to_irq(dsi->te_gpio), dsi);
> -		gpiod_put(dsi->te_gpio);
> -	}
>   }
>   
>   static int samsung_dsim_host_detach(struct mipi_dsi_host *host,

Best regards
-- 
Marek Szyprowski, PhD
Samsung R&D Institute Poland

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.