[PATCH 4.14 124/246] rtc: tps65910: fix possible race condition

From: Greg Kroah-Hartman
Date: Wed Aug 01 2018 - 13:18:05 EST


4.14-stable review patch. If anyone has any objections, please let me know.

------------------

From: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxx>

[ Upstream commit e6000a438e534ee0afd9e83b67f4e23a26dd1067 ]

The IRQ is requested before the struct rtc is allocated and registered, but
this struct is used in the IRQ handler. This may lead to a NULL pointer
dereference.

Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
before requesting the IRQ.

Signed-off-by: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/rtc/rtc-tps65910.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

--- a/drivers/rtc/rtc-tps65910.c
+++ b/drivers/rtc/rtc-tps65910.c
@@ -380,6 +380,10 @@ static int tps65910_rtc_probe(struct pla
if (!tps_rtc)
return -ENOMEM;

+ tps_rtc->rtc = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(tps_rtc->rtc))
+ return PTR_ERR(tps_rtc->rtc);
+
/* Clear pending interrupts */
ret = regmap_read(tps65910->regmap, TPS65910_RTC_STATUS, &rtc_reg);
if (ret < 0)
@@ -421,10 +425,10 @@ static int tps65910_rtc_probe(struct pla
tps_rtc->irq = irq;
device_set_wakeup_capable(&pdev->dev, 1);

- tps_rtc->rtc = devm_rtc_device_register(&pdev->dev, pdev->name,
- &tps65910_rtc_ops, THIS_MODULE);
- if (IS_ERR(tps_rtc->rtc)) {
- ret = PTR_ERR(tps_rtc->rtc);
+ tps_rtc->rtc->ops = &tps65910_rtc_ops;
+
+ ret = rtc_register_device(tps_rtc->rtc);
+ if (ret) {
dev_err(&pdev->dev, "RTC device register: err %d\n", ret);
return ret;
}