| From 25ce5cd95b2dee3a538953e5a00e6657ce57c243 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sun, 9 Sep 2018 22:38:47 +0200 |
| Subject: rtc: pl030: fix possible race condition |
| |
| From: Alexandre Belloni <alexandre.belloni@bootlin.com> |
| |
| [ Upstream commit c778ec85825dc895936940072aea9fe9037db684 ] |
| |
| The IRQ is requested before the struct rtc is allocated and registered, but |
| this struct is used in the IRQ handler. This may lead to a NULL pointer |
| dereference. |
| |
| Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc |
| before requesting the IRQ. |
| |
| Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/rtc/rtc-pl030.c | 15 +++++++++------ |
| 1 file changed, 9 insertions(+), 6 deletions(-) |
| |
| diff --git a/drivers/rtc/rtc-pl030.c b/drivers/rtc/rtc-pl030.c |
| index f85a1a93e669f..343bb6ed17839 100644 |
| --- a/drivers/rtc/rtc-pl030.c |
| +++ b/drivers/rtc/rtc-pl030.c |
| @@ -112,6 +112,13 @@ static int pl030_probe(struct amba_device *dev, const struct amba_id *id) |
| goto err_rtc; |
| } |
| |
| + rtc->rtc = devm_rtc_allocate_device(&dev->dev); |
| + if (IS_ERR(rtc->rtc)) { |
| + ret = PTR_ERR(rtc->rtc); |
| + goto err_rtc; |
| + } |
| + |
| + rtc->rtc->ops = &pl030_ops; |
| rtc->base = ioremap(dev->res.start, resource_size(&dev->res)); |
| if (!rtc->base) { |
| ret = -ENOMEM; |
| @@ -128,12 +135,9 @@ static int pl030_probe(struct amba_device *dev, const struct amba_id *id) |
| if (ret) |
| goto err_irq; |
| |
| - rtc->rtc = rtc_device_register("pl030", &dev->dev, &pl030_ops, |
| - THIS_MODULE); |
| - if (IS_ERR(rtc->rtc)) { |
| - ret = PTR_ERR(rtc->rtc); |
| + ret = rtc_register_device(rtc->rtc); |
| + if (ret) |
| goto err_reg; |
| - } |
| |
| return 0; |
| |
| @@ -154,7 +158,6 @@ static int pl030_remove(struct amba_device *dev) |
| writel(0, rtc->base + RTC_CR); |
| |
| free_irq(dev->irq[0], rtc); |
| - rtc_device_unregister(rtc->rtc); |
| iounmap(rtc->base); |
| amba_release_regions(dev); |
| |
| -- |
| 2.20.1 |
| |