[PATCH 4.17 160/336] rtc: vr41xx: fix possible race condition
From: Greg Kroah-Hartman
Date: Wed Aug 01 2018 - 14:27:43 EST
4.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxx>
[ Upstream commit 9a99247c9c1d1c95c6e8153d013979aac6111c6e ]
The probe function is not allowed to fail after the RTC is registered
because the following may happen:
CPU0: CPU1:
sys_load_module()
do_init_module()
do_one_initcall()
cmos_do_probe()
rtc_device_register()
__register_chrdev()
cdev->owner = struct module*
open("/dev/rtc0")
rtc_device_unregister()
module_put()
free_module()
module_free(mod->module_core)
/* struct module *module is now
freed */
chrdev_open()
spin_lock(cdev_lock)
cdev_get()
try_module_get()
module_is_live()
/* dereferences already
freed struct module* */
Signed-off-by: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/rtc/rtc-vr41xx.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/rtc/rtc-vr41xx.c
+++ b/drivers/rtc/rtc-vr41xx.c
@@ -292,13 +292,14 @@ static int rtc_probe(struct platform_dev
goto err_rtc1_iounmap;
}
- rtc = devm_rtc_device_register(&pdev->dev, rtc_name, &vr41xx_rtc_ops,
- THIS_MODULE);
+ rtc = devm_rtc_allocate_device(&pdev->dev);
if (IS_ERR(rtc)) {
retval = PTR_ERR(rtc);
goto err_iounmap_all;
}
+ rtc->ops = &vr41xx_rtc_ops;
+
rtc->max_user_freq = MAX_PERIODIC_RATE;
spin_lock_irq(&rtc_lock);
@@ -340,6 +341,10 @@ static int rtc_probe(struct platform_dev
dev_info(&pdev->dev, "Real Time Clock of NEC VR4100 series\n");
+ retval = rtc_register_device(rtc);
+ if (retval)
+ goto err_iounmap_all;
+
return 0;
err_iounmap_all: