Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3432138imu; Sun, 11 Nov 2018 14:59:35 -0800 (PST) X-Google-Smtp-Source: AJdET5ek0v2cBpW8Y2SWaKnPgl/eLRD+9m+aJy9/Ak9MwPznvy71u8zBA2bBNN82oO0WWzvpvRLh X-Received: by 2002:a63:94:: with SMTP id 142mr15157473pga.74.1541977175461; Sun, 11 Nov 2018 14:59:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541977175; cv=none; d=google.com; s=arc-20160816; b=et5hWuIbPr4eENNP2tHNwFvr8H4PGqtuUbqeqWG6Fj2fRcNvXp6UKVD28JsjPVHOCw S/tWrCdTgYwAWM5VIqGXSxTjLL1axwd3cMD7JAPZLOqCPO9M/s4sPNBuR6xwRWpdCWtJ 7BCUpfDvXZtwM4ci3x1QgqRMVJuSIxpIsLQCQnIJ8kEHTw6mAxdfr67JFJjXZrf40diz g3546Ojj8VF1DCECMqh9QECqF78n/s0tuudiJioymz1oP5IlhmEU055Dh0nzN6IQ1pDj 3qynYQmnTPd8CLcswAfFL7OwrCB4jApKaZfhyFrWDPD1mv0SnvwGWIuCLMjYk55miUwF RQ/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gztA/5x5TgAH9XID6d3c0q9CCr1dmIZoiSwLZnnuj64=; b=Hz2qI2fUwfBYigZJQGOoGS/G66S5WwlD29JQ1OYC1IS2t+uuCfK7/PlPShPvYb0eNP oYlU7VAs1I4xcWnmfsJoTCv32BD6Zm8bBldV8UI4fIJEUVYsha9WzDJfutG4xUBA0K5n cyL1mWgQQpBhIjZ0ApPn3FhVM8S3Jvypc0yjC40mJu37cyZXGzEOkcd0pBDSOrWdlB9S vwHoP0nZAO+e+lYSjcgfa3m3yDC7Dd1o1GcES/96mREAqTO25YpiJC0bQR5n7WO12aGB ej+0Pwu6hYJMopagRFDisrtnCa4vWBO0WhweOP4hoEzc82orZ/T2BwsMVWWvXYbyrwUF M8Ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=L7k6a5cU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j14si14606533pgi.354.2018.11.11.14.59.20; Sun, 11 Nov 2018 14:59:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=L7k6a5cU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390893AbeKLIrw (ORCPT + 99 others); Mon, 12 Nov 2018 03:47:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:54174 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403797AbeKLIWo (ORCPT ); Mon, 12 Nov 2018 03:22:44 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 41C2621582; Sun, 11 Nov 2018 22:32:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975567; bh=8Eu21MRtRNYNCmAkk+w/ulXLeYcOk/SCyc9+sn7uX7E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=L7k6a5cUIr/0JiiQ4ZKj6f+YC3wEvY2c+c4S6D0kicIkbfmIXyFE4/rVvFXgadpUn 6oCPnMDVA7D/SlCgDfw4RXq/WXEGNZ0+a5scwXD7nl/8vTTRJOtuy7pFgd+RBezpY+ iCBY0ooNkziXSbVJZDnA10h13Sn0n1mjJoQq0xaA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexandre Belloni , Lee Jones , Sasha Levin Subject: [PATCH 4.14 105/222] mfd: menelaus: Fix possible race condition and leak Date: Sun, 11 Nov 2018 14:23:22 -0800 Message-Id: <20181111221657.264432807@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221647.665769131@linuxfoundation.org> References: <20181111221647.665769131@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Alexandre Belloni [ Upstream commit 9612f8f503804d2fd2f63aa6ba1e58bba4612d96 ] The IRQ work is added before the struct rtc is allocated and registered, but this struct is used in the IRQ handler. This may lead to a NULL pointer dereference. Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc before calling menelaus_add_irq_work. Also, this solves a possible leak as the RTC is never released. Signed-off-by: Alexandre Belloni Signed-off-by: Lee Jones Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/mfd/menelaus.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/drivers/mfd/menelaus.c +++ b/drivers/mfd/menelaus.c @@ -1094,6 +1094,7 @@ static void menelaus_rtc_alarm_work(stru static inline void menelaus_rtc_init(struct menelaus_chip *m) { int alarm = (m->client->irq > 0); + int err; /* assume 32KDETEN pin is pulled high */ if (!(menelaus_read_reg(MENELAUS_OSC_CTRL) & 0x80)) { @@ -1101,6 +1102,12 @@ static inline void menelaus_rtc_init(str return; } + m->rtc = devm_rtc_allocate_device(&m->client->dev); + if (IS_ERR(m->rtc)) + return; + + m->rtc->ops = &menelaus_rtc_ops; + /* support RTC alarm; it can issue wakeups */ if (alarm) { if (menelaus_add_irq_work(MENELAUS_RTCALM_IRQ, @@ -1125,10 +1132,8 @@ static inline void menelaus_rtc_init(str menelaus_write_reg(MENELAUS_RTC_CTRL, m->rtc_control); } - m->rtc = rtc_device_register(DRIVER_NAME, - &m->client->dev, - &menelaus_rtc_ops, THIS_MODULE); - if (IS_ERR(m->rtc)) { + err = rtc_register_device(m->rtc); + if (err) { if (alarm) { menelaus_remove_irq_work(MENELAUS_RTCALM_IRQ); device_init_wakeup(&m->client->dev, 0);