* [PATCH] mfd: menelaus: fix possible race condition and leak
@ 2018-09-09 20:48 Alexandre Belloni
2018-09-11 15:39 ` Lee Jones
2018-09-11 15:43 ` [GIT PULL] Immutable branch between MFD and RTC due for the v4.20 merge window Lee Jones
0 siblings, 2 replies; 3+ messages in thread
From: Alexandre Belloni @ 2018-09-09 20:48 UTC (permalink / raw)
To: Lee Jones
Cc: Tony Lindgren, linux-omap, linux-kernel, linux-rtc,
Alexandre Belloni
The IRQ work is added before the struct rtc is allocated and registered,
but this struct is used in the IRQ handler. This may lead to a NULL pointer
dereference.
Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
before calling menelaus_add_irq_work.
Also, this solves a possible leak as the RTC is never released.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
---
Lee,
If that is ok with you, I would like to take this patch through the RTC
tree. So I can have a follow up patch removing rtc_device_register().
Thanks
drivers/mfd/menelaus.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/mfd/menelaus.c b/drivers/mfd/menelaus.c
index 29b7164a823b..d28ebe7ecd21 100644
--- a/drivers/mfd/menelaus.c
+++ b/drivers/mfd/menelaus.c
@@ -1094,6 +1094,7 @@ static void menelaus_rtc_alarm_work(struct menelaus_chip *m)
static inline void menelaus_rtc_init(struct menelaus_chip *m)
{
int alarm = (m->client->irq > 0);
+ int err;
/* assume 32KDETEN pin is pulled high */
if (!(menelaus_read_reg(MENELAUS_OSC_CTRL) & 0x80)) {
@@ -1101,6 +1102,12 @@ static inline void menelaus_rtc_init(struct menelaus_chip *m)
return;
}
+ m->rtc = devm_rtc_allocate_device(&m->client->dev);
+ if (IS_ERR(m->rtc))
+ return;
+
+ m->rtc->ops = &menelaus_rtc_ops;
+
/* support RTC alarm; it can issue wakeups */
if (alarm) {
if (menelaus_add_irq_work(MENELAUS_RTCALM_IRQ,
@@ -1125,10 +1132,8 @@ static inline void menelaus_rtc_init(struct menelaus_chip *m)
menelaus_write_reg(MENELAUS_RTC_CTRL, m->rtc_control);
}
- m->rtc = rtc_device_register(DRIVER_NAME,
- &m->client->dev,
- &menelaus_rtc_ops, THIS_MODULE);
- if (IS_ERR(m->rtc)) {
+ err = rtc_register_device(m->rtc);
+ if (err) {
if (alarm) {
menelaus_remove_irq_work(MENELAUS_RTCALM_IRQ);
device_init_wakeup(&m->client->dev, 0);
--
2.19.0.rc2
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] mfd: menelaus: fix possible race condition and leak
2018-09-09 20:48 [PATCH] mfd: menelaus: fix possible race condition and leak Alexandre Belloni
@ 2018-09-11 15:39 ` Lee Jones
2018-09-11 15:43 ` [GIT PULL] Immutable branch between MFD and RTC due for the v4.20 merge window Lee Jones
1 sibling, 0 replies; 3+ messages in thread
From: Lee Jones @ 2018-09-11 15:39 UTC (permalink / raw)
To: Alexandre Belloni; +Cc: Tony Lindgren, linux-omap, linux-kernel, linux-rtc
On Sun, 09 Sep 2018, Alexandre Belloni wrote:
> The IRQ work is added before the struct rtc is allocated and registered,
> but this struct is used in the IRQ handler. This may lead to a NULL pointer
> dereference.
>
> Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
> before calling menelaus_add_irq_work.
>
> Also, this solves a possible leak as the RTC is never released.
>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> ---
>
> Lee,
>
> If that is ok with you, I would like to take this patch through the RTC
> tree. So I can have a follow up patch removing rtc_device_register().
>
> Thanks
>
> drivers/mfd/menelaus.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
Applied, thanks.
--
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog
^ permalink raw reply [flat|nested] 3+ messages in thread
* [GIT PULL] Immutable branch between MFD and RTC due for the v4.20 merge window
2018-09-09 20:48 [PATCH] mfd: menelaus: fix possible race condition and leak Alexandre Belloni
2018-09-11 15:39 ` Lee Jones
@ 2018-09-11 15:43 ` Lee Jones
1 sibling, 0 replies; 3+ messages in thread
From: Lee Jones @ 2018-09-11 15:43 UTC (permalink / raw)
To: Alexandre Belloni; +Cc: Tony Lindgren, linux-omap, linux-kernel, linux-rtc
> Lee,
>
> If that is ok with you, I would like to take this patch through the RTC
> tree. So I can have a follow up patch removing rtc_device_register().
Your wish is my command!
The following changes since commit 5b394b2ddf0347bef56e50c69a58773c94343ff3:
Linux 4.19-rc1 (2018-08-26 14:11:59 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd.git ib-mfd-rtc-v4.20
for you to fetch changes up to 9612f8f503804d2fd2f63aa6ba1e58bba4612d96:
mfd: menelaus: Fix possible race condition and leak (2018-09-11 16:40:21 +0100)
----------------------------------------------------------------
Immutable branch between MFD and RTC due for the v4.20 merge window
----------------------------------------------------------------
Alexandre Belloni (1):
mfd: menelaus: Fix possible race condition and leak
drivers/mfd/menelaus.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-11 15:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-09 20:48 [PATCH] mfd: menelaus: fix possible race condition and leak Alexandre Belloni
2018-09-11 15:39 ` Lee Jones
2018-09-11 15:43 ` [GIT PULL] Immutable branch between MFD and RTC due for the v4.20 merge window Lee Jones
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.