From 1f4a640e9ac7f450752365541ad9c064b13ef8bf Mon Sep 17 00:00:00 2001
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Date: Thu, 24 Oct 2024 15:38:34 +0200
Subject: [PATCH] gpiolib: fix a NULL-pointer dereference when setting
 direction

For optional GPIOs we may pass NULL to gpiod_direction_(input|output)().
With the call to the notifier chain added by commit 07c61d4da43f
("gpiolib: notify user-space about in-kernel line state changes") we
will now dereference a NULL pointer in this case. The reason for that is
the fact that the expansion of the VALIDATE_DESC() macro (which returns
0 for NULL descriptors) was moved into the nonotify variants of the
direction setters.

Move them back to the top-level interfaces as the nonotify ones are only
ever called from inside the GPIO core and are always passed valid GPIO
descriptors. This way we'll never call the line_state notifier chain
with non-valid descs.

Fixes: 07c61d4da43f ("gpiolib: notify user-space about in-kernel line state changes")
Reported-by: Mark Brown <broonie@kernel.org>
Closes: https://lore.kernel.org/all/d6601a31-7685-4b21-9271-1b76116cc483@sirena.org.uk/
Tested-by: Klara Modin <klarasmodin@gmail.com>
Tested-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20241024133834.47395-1-brgl@bgdev.pl
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
 drivers/gpio/gpiolib.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index ae758ba6dc3d..6001ec96693c 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -2695,6 +2695,8 @@ int gpiod_direction_input(struct gpio_desc *desc)
 {
 	int ret;
 
+	VALIDATE_DESC(desc);
+
 	ret = gpiod_direction_input_nonotify(desc);
 	if (ret == 0)
 		gpiod_line_state_notify(desc, GPIO_V2_LINE_CHANGED_CONFIG);
@@ -2707,8 +2709,6 @@ int gpiod_direction_input_nonotify(struct gpio_desc *desc)
 {
 	int ret = 0;
 
-	VALIDATE_DESC(desc);
-
 	CLASS(gpio_chip_guard, guard)(desc);
 	if (!guard.gc)
 		return -ENODEV;
@@ -2841,6 +2841,8 @@ int gpiod_direction_output(struct gpio_desc *desc, int value)
 {
 	int ret;
 
+	VALIDATE_DESC(desc);
+
 	ret = gpiod_direction_output_nonotify(desc, value);
 	if (ret == 0)
 		gpiod_line_state_notify(desc, GPIO_V2_LINE_CHANGED_CONFIG);
@@ -2854,8 +2856,6 @@ int gpiod_direction_output_nonotify(struct gpio_desc *desc, int value)
 	unsigned long flags;
 	int ret;
 
-	VALIDATE_DESC(desc);
-
 	flags = READ_ONCE(desc->flags);
 
 	if (test_bit(FLAG_ACTIVE_LOW, &flags))
-- 
2.25.1