From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Quentin Schulz <quentin.schulz@free-electrons.com>,
Alexandre Belloni <alexandre.belloni@free-electrons.com>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.15 38/84] rtc: ac100: Fix multiple race conditions
Date: Fri, 23 Mar 2018 10:53:52 +0100 [thread overview]
Message-ID: <20180323095417.706620097@linuxfoundation.org> (raw)
In-Reply-To: <20180323095411.913234798@linuxfoundation.org>
4.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandre Belloni <alexandre.belloni@free-electrons.com>
[ Upstream commit 994ec64c0a193940be7a6fd074668b9446d3b6c3 ]
The probe function is not allowed to fail after registering the RTC because
the following may happen:
CPU0: CPU1:
sys_load_module()
do_init_module()
do_one_initcall()
cmos_do_probe()
rtc_device_register()
__register_chrdev()
cdev->owner = struct module*
open("/dev/rtc0")
rtc_device_unregister()
module_put()
free_module()
module_free(mod->module_core)
/* struct module *module is now
freed */
chrdev_open()
spin_lock(cdev_lock)
cdev_get()
try_module_get()
module_is_live()
/* dereferences already
freed struct module* */
Also, the interrupt handler: ac100_rtc_irq() is dereferencing chip->rtc but
this may still be NULL when it is called, resulting in:
Unable to handle kernel NULL pointer dereference at virtual address 00000194
pgd = (ptrval)
[00000194] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in:
CPU: 0 PID: 72 Comm: irq/71-ac100-rt Not tainted 4.15.0-rc1-next-20171201-dirty #120
Hardware name: Allwinner sun8i Family
task: (ptrval) task.stack: (ptrval)
PC is at mutex_lock+0x14/0x3c
LR is at ac100_rtc_irq+0x38/0xc8
pc : [<c06543a4>] lr : [<c04d9a2c>] psr: 60000053
sp : ee9c9f28 ip : 00000000 fp : ee9adfdc
r10: 00000000 r9 : c0a04c48 r8 : c015ed18
r7 : ee9bd600 r6 : ee9c9f28 r5 : ee9af590 r4 : c0a04c48
r3 : ef3cb3c0 r2 : 00000000 r1 : ee9af590 r0 : 00000194
Flags: nZCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 4000406a DAC: 00000051
Process irq/71-ac100-rt (pid: 72, stack limit = 0x(ptrval))
Stack: (0xee9c9f28 to 0xee9ca000)
9f20: 00000000 7c2fd1be c015ed18 ee9adf40 ee9c0400 ee9c0400
9f40: ee9adf40 c015ed34 ee9c8000 ee9adf64 ee9c0400 c015f040 ee9adf80 00000000
9f60: c015ee24 7c2fd1be ee9adfc0 ee9adf80 00000000 ee9c8000 ee9adf40 c015eef4
9f80: ef1eba34 c0138f14 ee9c8000 ee9adf80 c0138df4 00000000 00000000 00000000
9fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff
[<c06543a4>] (mutex_lock) from [<c04d9a2c>] (ac100_rtc_irq+0x38/0xc8)
[<c04d9a2c>] (ac100_rtc_irq) from [<c015ed34>] (irq_thread_fn+0x1c/0x54)
[<c015ed34>] (irq_thread_fn) from [<c015f040>] (irq_thread+0x14c/0x214)
[<c015f040>] (irq_thread) from [<c0138f14>] (kthread+0x120/0x150)
[<c0138f14>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)
Solve both issues by moving to
devm_rtc_allocate_device()/rtc_register_device()
Reported-by: Quentin Schulz <quentin.schulz@free-electrons.com>
Tested-by: Quentin Schulz <quentin.schulz@free-electrons.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-ac100.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
--- a/drivers/rtc/rtc-ac100.c
+++ b/drivers/rtc/rtc-ac100.c
@@ -567,6 +567,12 @@ static int ac100_rtc_probe(struct platfo
return chip->irq;
}
+ chip->rtc = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(chip->rtc))
+ return PTR_ERR(chip->rtc);
+
+ chip->rtc->ops = &ac100_rtc_ops;
+
ret = devm_request_threaded_irq(&pdev->dev, chip->irq, NULL,
ac100_rtc_irq,
IRQF_SHARED | IRQF_ONESHOT,
@@ -586,17 +592,16 @@ static int ac100_rtc_probe(struct platfo
/* clear counter alarm pending interrupts */
regmap_write(chip->regmap, AC100_ALM_INT_STA, AC100_ALM_INT_ENABLE);
- chip->rtc = devm_rtc_device_register(&pdev->dev, "rtc-ac100",
- &ac100_rtc_ops, THIS_MODULE);
- if (IS_ERR(chip->rtc)) {
- dev_err(&pdev->dev, "unable to register device\n");
- return PTR_ERR(chip->rtc);
- }
-
ret = ac100_rtc_register_clks(chip);
if (ret)
return ret;
+ ret = rtc_register_device(chip->rtc);
+ if (ret) {
+ dev_err(&pdev->dev, "unable to register device\n");
+ return ret;
+ }
+
dev_info(&pdev->dev, "RTC enabled\n");
return 0;
next prev parent reply other threads:[~2018-03-23 9:58 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-23 9:53 [PATCH 4.15 00/84] 4.15.13-stable review Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 01/84] scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 02/84] staging: android: ashmem: Fix possible deadlock in ashmem_ioctl Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 03/84] drm/amdgpu: use polling mem to set SDMA3 wptr for VF Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 04/84] Bluetooth: hci_qca: Avoid setup failure on missing rampatch Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 05/84] Bluetooth: btqcomsmd: Fix skb double free corruption Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 06/84] cpufreq: longhaul: Revert transition_delay_us to 200 ms Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 07/84] media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 08/84] drm/msm: fix leak in failed get_pages Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 09/84] net: fec: add phy_reset_after_clk_enable() support Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 10/84] IB/ipoib: Warn when one port fails to initialize Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 11/84] RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 12/84] hv_netvsc: Fix the receive buffer size limit Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 13/84] hv_netvsc: Fix the TX/RX buffer default sizes Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 14/84] tcp: allow TLP in ECN CWR Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 15/84] spi: sh-msiof: Avoid writing to registers from spi_master.setup() Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 16/84] libbpf: prefer global symbols as bpf program name source Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 17/84] rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 18/84] rtlwifi: always initialize variables given to RT_TRACE() Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 19/84] media: bt8xx: Fix err bt878_probe() Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 20/84] ath10k: handling qos at STA side based on AP WMM enable/disable Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 21/84] media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 22/84] qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 23/84] tty: goldfish: Enable earlycon only if built-in Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 24/84] serial: 8250_dw: Disable clock on error Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 25/84] cros_ec: fix nul-termination for firmware build info Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 26/84] watchdog: Fix potential kref imbalance when opening watchdog Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 27/84] watchdog: Fix kref imbalance seen if handle_boot_enabled=0 Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 28/84] platform/chrome: Use proper protocol transfer function Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 29/84] dmaengine: zynqmp_dma: Fix race condition in the probe Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 30/84] drm/tilcdc: ensure nonatomic iowrite64 is not used Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 31/84] mmc: avoid removing non-removable hosts during suspend Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 32/84] mmc: block: fix logical error to avoid memory leak Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 33/84] /dev/mem: Add bounce buffer for copy-out Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 34/84] net: phy: meson-gxl: check phy_write return value Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 35/84] sfp: fix EEPROM reading in the case of non-SFF8472 SFPs Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 36/84] sfp: fix non-detection of PHY Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 37/84] media: s5p-mfc: Fix lock contention - request_firmware() once Greg Kroah-Hartman
2018-03-23 9:53 ` Greg Kroah-Hartman [this message]
2018-03-23 9:53 ` [PATCH 4.15 39/84] IB/ipoib: Avoid memory leak if the SA returns a different DGID Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 40/84] RDMA/cma: Use correct size when writing netlink stats Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 41/84] IB/umem: Fix use of npages/nmap fields Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 42/84] iser-target: avoid reinitializing rdma contexts for isert commands Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 43/84] bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 44/84] PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics Greg Kroah-Hartman
2018-03-23 9:53 ` [PATCH 4.15 45/84] vgacon: Set VGA struct resource types Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 46/84] omapdrm: panel: fix compatible vendor string for td028ttec1 Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 47/84] mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 48/84] drm/omap: DMM: Check for DMM readiness after successful transaction commit Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 49/84] pty: cancel pty slave port bufs work in tty_release Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 50/84] coresight: Fix disabling of CoreSight TPIU Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 51/84] PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 52/84] PCI: endpoint: Fix find_first_zero_bit() usage Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 53/84] PCI: rcar: Handle rcar_pcie_parse_request_of_pci_ranges() failures Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 54/84] media: davinci: fix a debug printk Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 55/84] clk: check ops pointer on clock register Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 56/84] dt-bindings: display: panel: Fix compatible string for Toshiba LT089AC29000 Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 57/84] clk: use round rate to bail out early in set_rate Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 58/84] pinctrl: Really force states during suspend/resume Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 59/84] pinctrl: rockchip: enable clock when reading pin direction register Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 60/84] iommu/vt-d: clean up pr_irq if request_threaded_irq fails Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 61/84] ip6_vti: adjust vti mtu according to mtu of lower device Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 62/84] ip_gre: fix error path when erspan_rcv failed Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 63/84] ip_gre: fix potential memory leak in erspan_rcv Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 64/84] soc: qcom: smsm: fix child-node lookup Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 65/84] scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 66/84] scsi: lpfc: Fix issues connecting with nvme initiator Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 67/84] RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 68/84] ARM: dts: aspeed-evb: Add unit name to memory node Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 69/84] nfsd4: permit layoutget of executable-only files Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 70/84] clk: at91: pmc: Wait for clocks when resuming Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 71/84] clk: Dont touch hardware when reparenting during registration Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 72/84] clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 73/84] clk: si5351: Rename internal plls to avoid name collisions Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 74/84] crypto: artpec6 - set correct iv size for gcm(aes) Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 75/84] hwrng: core - Clean up RNG list when last hwrng is unregistered Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 76/84] dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 77/84] IB/mlx5: Fix integer overflows in mlx5_ib_create_srq Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 78/84] IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 79/84] RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 80/84] serial: 8250_pci: Dont fail on multiport card class Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 81/84] RDMA/core: Do not use invalid destination in determining port reuse Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 82/84] clk: migrate the count of orphaned clocks at init Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 83/84] RDMA/ucma: Fix access to non-initialized CM_ID object Greg Kroah-Hartman
2018-03-23 9:54 ` [PATCH 4.15 84/84] RDMA/ucma: Dont allow join attempts for unsupported AF family Greg Kroah-Hartman
2018-03-23 13:40 ` [PATCH 4.15 00/84] 4.15.13-stable review kernelci.org bot
2018-03-23 14:22 ` Naresh Kamboju
2018-03-23 15:08 ` Greg Kroah-Hartman
2018-03-23 16:40 ` Greg Kroah-Hartman
2018-03-23 16:40 ` Greg Kroah-Hartman
2018-03-24 7:52 ` Naresh Kamboju
2018-03-24 9:05 ` Greg Kroah-Hartman
2018-03-23 20:46 ` Shuah Khan
2018-03-24 0:12 ` Guenter Roeck
2018-03-24 7:47 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180323095417.706620097@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=alexandre.belloni@free-electrons.com \
--cc=linux-kernel@vger.kernel.org \
--cc=quentin.schulz@free-electrons.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.