Linux Kernel GPIO Keys Module Delayed Work Cancellation Vulnerability

A vulnerability exists in the Linux kernel's GPIO keys module, specifically in how it handles delayed work cancellation for GPIO-based inputs. The module can accept either GPIOs or interrupts, but it only initializes delayed work for GPIOs when the debounce timer is not active. This oversight can lead to warnings when the GPIO keys module is unloaded while an interrupt pin is in use, instead of a GPIO. The issue arises because the module fails to properly synchronize the cancellation of delayed work for interrupt-based inputs, potentially leading to improper handling of work items in the kernel's workqueue.

Impact

Unloading the GPIO keys module while an interrupt pin is active can cause kernel warnings and improper work item management, which may lead to more significant issues in a different context.

Reproduction

To reproduce this vulnerability, load the GPIO keys module with an interrupt pin active, bypassing the debounce timer. Then, unload the module. This sequence will trigger the warning about the improper cancellation of delayed work, highlighting the vulnerability.