From: Anson Huang <[email protected]>
The RTC IRQ is requested before the struct rtc_device is allocated,
this may lead to a NULL pointer dereference in IRQ handler.
To fix this issue, allocating the rtc_device struct and register rtc
device before requesting the RTC IRQ.
Using devm_rtc_allocate_device/rtc_register_device instead of
devm_rtc_device_register.
Signed-off-by: Anson Huang <[email protected]>
---
Changes since V1:
- move devm_request_irq() to after rtc device register done, make sure everything
is ready before enabling IRQ.
---
drivers/rtc/rtc-snvs.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/rtc/rtc-snvs.c b/drivers/rtc/rtc-snvs.c
index 7ee673a2..d9650e7 100644
--- a/drivers/rtc/rtc-snvs.c
+++ b/drivers/rtc/rtc-snvs.c
@@ -279,6 +279,10 @@ static int snvs_rtc_probe(struct platform_device *pdev)
if (!data)
return -ENOMEM;
+ data->rtc = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(data->rtc))
+ return PTR_ERR(data->rtc);
+
data->regmap = syscon_regmap_lookup_by_phandle(pdev->dev.of_node, "regmap");
if (IS_ERR(data->regmap)) {
@@ -335,6 +339,13 @@ static int snvs_rtc_probe(struct platform_device *pdev)
if (ret)
dev_err(&pdev->dev, "failed to enable irq wake\n");
+ data->rtc->ops = &snvs_rtc_ops;
+ ret = rtc_register_device(data->rtc);
+ if (ret) {
+ dev_err(&pdev->dev, "failed to register rtc: %d\n", ret);
+ goto error_rtc_device_register;
+ }
+
ret = devm_request_irq(&pdev->dev, data->irq, snvs_rtc_irq_handler,
IRQF_SHARED, "rtc alarm", &pdev->dev);
if (ret) {
@@ -343,14 +354,6 @@ static int snvs_rtc_probe(struct platform_device *pdev)
goto error_rtc_device_register;
}
- data->rtc = devm_rtc_device_register(&pdev->dev, pdev->name,
- &snvs_rtc_ops, THIS_MODULE);
- if (IS_ERR(data->rtc)) {
- ret = PTR_ERR(data->rtc);
- dev_err(&pdev->dev, "failed to register rtc: %d\n", ret);
- goto error_rtc_device_register;
- }
-
return 0;
error_rtc_device_register:
--
2.7.4
On 19/07/2019 11:01:02+0800, [email protected] wrote:
> From: Anson Huang <[email protected]>
>
> The RTC IRQ is requested before the struct rtc_device is allocated,
> this may lead to a NULL pointer dereference in IRQ handler.
>
> To fix this issue, allocating the rtc_device struct and register rtc
> device before requesting the RTC IRQ.
>
> Using devm_rtc_allocate_device/rtc_register_device instead of
> devm_rtc_device_register.
>
> Signed-off-by: Anson Huang <[email protected]>
> ---
> Changes since V1:
> - move devm_request_irq() to after rtc device register done, make sure everything
> is ready before enabling IRQ.
This opens another race condition, the first version of the patch was
correct.
--
Alexandre Belloni, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
Hi, Alexandre
> On 19/07/2019 11:01:02+0800, [email protected] wrote:
> > From: Anson Huang <[email protected]>
> >
> > The RTC IRQ is requested before the struct rtc_device is allocated,
> > this may lead to a NULL pointer dereference in IRQ handler.
> >
> > To fix this issue, allocating the rtc_device struct and register rtc
> > device before requesting the RTC IRQ.
> >
> > Using devm_rtc_allocate_device/rtc_register_device instead of
> > devm_rtc_device_register.
> >
> > Signed-off-by: Anson Huang <[email protected]>
> > ---
> > Changes since V1:
> > - move devm_request_irq() to after rtc device register done, make
> sure everything
> > is ready before enabling IRQ.
>
> This opens another race condition, the first version of the patch was correct.
Hmm, OK, then we should go with V1.
Thanks,
Anson.