drivers/gpio/gpiolib.c | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-)
Backport a7ac22d53d09 ("gpiolib: fix race condition for gdev->srcu") to
6.12.y. To make the git context difference between commit a7ac22d53d09
and its backport in 6.12.y smaller, also backport fa17f749ee5b
("gpiolib: unify two loops initializing GPIO descriptors").
a7ac22d53d09 fixes an issue reported as being present since 6.9. It's
been fixed in 6.19 and backported to 6.18.y in fb674c8f1a5d8.
The git context difference could be even smaller if we also backported
d4f335b410dd ("gpiolib: rename GPIO chip printk macros") but its
cherry-pick conflicts so I decided to not include it for now. It was
backported to 6.18.y though (because it applied cleanly and helped
a7ac22d53d09 being cleanly applied as well, see
https://lore.kernel.org/stable/2026011530-owl-savage-9b8e@gregkh/).
The changes between a7ac22d53d09 in v6.19 and the second patch of this
series is (according to git range-diff):
"""
## drivers/gpio/gpiolib.c ##
@@ drivers/gpio/gpiolib.c: int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
gdev->ngpio = gc->ngpio;
gdev->can_sleep = gc->can_sleep;
-+ rwlock_init(&gdev->line_state_lock);
-+ RAW_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
++ BLOCKING_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
+ BLOCKING_INIT_NOTIFIER_HEAD(&gdev->device_notifier);
+
+ ret = init_srcu_struct(&gdev->srcu);
@@ drivers/gpio/gpiolib.c: int gpiochip_add_data_with_key(struct gpio_chip *gc, voi
@@ drivers/gpio/gpiolib.c: int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
ret = gpiodev_add_to_list_unlocked(gdev);
if (ret) {
- gpiochip_err(gc, "GPIO integer space overlap, cannot add chip\n");
+ chip_err(gc, "GPIO integer space overlap, cannot add chip\n");
- goto err_free_label;
+ goto err_cleanup_desc_srcu;
}
}
-- rwlock_init(&gdev->line_state_lock);
-- RAW_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
+- BLOCKING_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
- BLOCKING_INIT_NOTIFIER_HEAD(&gdev->device_notifier);
-
- ret = init_srcu_struct(&gdev->srcu);
"""
s/gpiochip_err/chip_err/ aside, the rest of the diff comes from feature
commits which do not fit the rules for backporting to stable.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
---
Bartosz Golaszewski (1):
gpiolib: unify two loops initializing GPIO descriptors
Paweł Narewski (1):
gpiolib: fix race condition for gdev->srcu
drivers/gpio/gpiolib.c | 43 +++++++++++++++++++++----------------------
1 file changed, 21 insertions(+), 22 deletions(-)
---
base-commit: e7a3953084a7050ca349010deb22546834c2e196
change-id: 20260415-6-12-gpiolib-cve-2026-22986-f0b4331c0aa1
Best regards,
--
Quentin Schulz <quentin.schulz@cherry.de>
On Wed, 15 Apr 2026 13:15:39 +0200, Quentin Schulz <foss+kernel@0leil.net> said:
> Backport a7ac22d53d09 ("gpiolib: fix race condition for gdev->srcu") to
> 6.12.y. To make the git context difference between commit a7ac22d53d09
> and its backport in 6.12.y smaller, also backport fa17f749ee5b
> ("gpiolib: unify two loops initializing GPIO descriptors").
>
> a7ac22d53d09 fixes an issue reported as being present since 6.9. It's
> been fixed in 6.19 and backported to 6.18.y in fb674c8f1a5d8.
>
> The git context difference could be even smaller if we also backported
> d4f335b410dd ("gpiolib: rename GPIO chip printk macros") but its
> cherry-pick conflicts so I decided to not include it for now. It was
> backported to 6.18.y though (because it applied cleanly and helped
> a7ac22d53d09 being cleanly applied as well, see
> https://lore.kernel.org/stable/2026011530-owl-savage-9b8e@gregkh/).
>
> The changes between a7ac22d53d09 in v6.19 and the second patch of this
> series is (according to git range-diff):
>
> """
> ## drivers/gpio/gpiolib.c ##
> @@ drivers/gpio/gpiolib.c: int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
> gdev->ngpio = gc->ngpio;
> gdev->can_sleep = gc->can_sleep;
>
> -+ rwlock_init(&gdev->line_state_lock);
> -+ RAW_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
> ++ BLOCKING_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
> + BLOCKING_INIT_NOTIFIER_HEAD(&gdev->device_notifier);
> +
> + ret = init_srcu_struct(&gdev->srcu);
> @@ drivers/gpio/gpiolib.c: int gpiochip_add_data_with_key(struct gpio_chip *gc, voi
> @@ drivers/gpio/gpiolib.c: int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
> ret = gpiodev_add_to_list_unlocked(gdev);
> if (ret) {
> - gpiochip_err(gc, "GPIO integer space overlap, cannot add chip\n");
> + chip_err(gc, "GPIO integer space overlap, cannot add chip\n");
> - goto err_free_label;
> + goto err_cleanup_desc_srcu;
> }
> }
>
> -- rwlock_init(&gdev->line_state_lock);
> -- RAW_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
> +- BLOCKING_INIT_NOTIFIER_HEAD(&gdev->line_state_notifier);
> - BLOCKING_INIT_NOTIFIER_HEAD(&gdev->device_notifier);
> -
> - ret = init_srcu_struct(&gdev->srcu);
> """
>
> s/gpiochip_err/chip_err/ aside, the rest of the diff comes from feature
> commits which do not fit the rules for backporting to stable.
>
> Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
> ---
> Bartosz Golaszewski (1):
> gpiolib: unify two loops initializing GPIO descriptors
>
> Paweł Narewski (1):
> gpiolib: fix race condition for gdev->srcu
>
> drivers/gpio/gpiolib.c | 43 +++++++++++++++++++++----------------------
> 1 file changed, 21 insertions(+), 22 deletions(-)
> ---
> base-commit: e7a3953084a7050ca349010deb22546834c2e196
> change-id: 20260415-6-12-gpiolib-cve-2026-22986-f0b4331c0aa1
>
> Best regards,
> --
> Quentin Schulz <quentin.schulz@cherry.de>
>
>
Acked-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
© 2016 - 2026 Red Hat, Inc.