From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Cc: Alexandre Belloni <alexandre.belloni@free-electrons.com>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL for 4.14 35/67] rtc: ac100: Fix multiple race conditions
Date: Thu, 8 Mar 2018 04:57:46 +0000 [thread overview]
Message-ID: <20180308045641.7814-35-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180308045641.7814-1-alexander.levin@microsoft.com>
From: Alexandre Belloni <alexandre.belloni@free-electrons.com>
[ Upstream commit 994ec64c0a193940be7a6fd074668b9446d3b6c3 ]
The probe function is not allowed to fail after registering the RTC because
the following may happen:
CPU0: CPU1:
sys_load_module()
do_init_module()
do_one_initcall()
cmos_do_probe()
rtc_device_register()
__register_chrdev()
cdev->owner = struct module*
open("/dev/rtc0")
rtc_device_unregister()
module_put()
free_module()
module_free(mod->module_core)
/* struct module *module is now
freed */
chrdev_open()
spin_lock(cdev_lock)
cdev_get()
try_module_get()
module_is_live()
/* dereferences already
freed struct module* */
Also, the interrupt handler: ac100_rtc_irq() is dereferencing chip->rtc but
this may still be NULL when it is called, resulting in:
Unable to handle kernel NULL pointer dereference at virtual address 00000194
pgd = (ptrval)
[00000194] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in:
CPU: 0 PID: 72 Comm: irq/71-ac100-rt Not tainted 4.15.0-rc1-next-20171201-dirty #120
Hardware name: Allwinner sun8i Family
task: (ptrval) task.stack: (ptrval)
PC is at mutex_lock+0x14/0x3c
LR is at ac100_rtc_irq+0x38/0xc8
pc : [<c06543a4>] lr : [<c04d9a2c>] psr: 60000053
sp : ee9c9f28 ip : 00000000 fp : ee9adfdc
r10: 00000000 r9 : c0a04c48 r8 : c015ed18
r7 : ee9bd600 r6 : ee9c9f28 r5 : ee9af590 r4 : c0a04c48
r3 : ef3cb3c0 r2 : 00000000 r1 : ee9af590 r0 : 00000194
Flags: nZCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 4000406a DAC: 00000051
Process irq/71-ac100-rt (pid: 72, stack limit = 0x(ptrval))
Stack: (0xee9c9f28 to 0xee9ca000)
9f20: 00000000 7c2fd1be c015ed18 ee9adf40 ee9c0400 ee9c0400
9f40: ee9adf40 c015ed34 ee9c8000 ee9adf64 ee9c0400 c015f040 ee9adf80 00000000
9f60: c015ee24 7c2fd1be ee9adfc0 ee9adf80 00000000 ee9c8000 ee9adf40 c015eef4
9f80: ef1eba34 c0138f14 ee9c8000 ee9adf80 c0138df4 00000000 00000000 00000000
9fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff
[<c06543a4>] (mutex_lock) from [<c04d9a2c>] (ac100_rtc_irq+0x38/0xc8)
[<c04d9a2c>] (ac100_rtc_irq) from [<c015ed34>] (irq_thread_fn+0x1c/0x54)
[<c015ed34>] (irq_thread_fn) from [<c015f040>] (irq_thread+0x14c/0x214)
[<c015f040>] (irq_thread) from [<c0138f14>] (kthread+0x120/0x150)
[<c0138f14>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)
Solve both issues by moving to
devm_rtc_allocate_device()/rtc_register_device()
Reported-by: Quentin Schulz <quentin.schulz@free-electrons.com>
Tested-by: Quentin Schulz <quentin.schulz@free-electrons.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/rtc/rtc-ac100.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/rtc/rtc-ac100.c b/drivers/rtc/rtc-ac100.c
index 9e336184491c..0e358d4b6738 100644
--- a/drivers/rtc/rtc-ac100.c
+++ b/drivers/rtc/rtc-ac100.c
@@ -567,6 +567,12 @@ static int ac100_rtc_probe(struct platform_device *pdev)
return chip->irq;
}
+ chip->rtc = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(chip->rtc))
+ return PTR_ERR(chip->rtc);
+
+ chip->rtc->ops = &ac100_rtc_ops;
+
ret = devm_request_threaded_irq(&pdev->dev, chip->irq, NULL,
ac100_rtc_irq,
IRQF_SHARED | IRQF_ONESHOT,
@@ -586,17 +592,16 @@ static int ac100_rtc_probe(struct platform_device *pdev)
/* clear counter alarm pending interrupts */
regmap_write(chip->regmap, AC100_ALM_INT_STA, AC100_ALM_INT_ENABLE);
- chip->rtc = devm_rtc_device_register(&pdev->dev, "rtc-ac100",
- &ac100_rtc_ops, THIS_MODULE);
- if (IS_ERR(chip->rtc)) {
- dev_err(&pdev->dev, "unable to register device\n");
- return PTR_ERR(chip->rtc);
- }
-
ret = ac100_rtc_register_clks(chip);
if (ret)
return ret;
+ ret = rtc_register_device(chip->rtc);
+ if (ret) {
+ dev_err(&pdev->dev, "unable to register device\n");
+ return ret;
+ }
+
dev_info(&pdev->dev, "RTC enabled\n");
return 0;
--
2.14.1
next prev parent reply other threads:[~2018-03-08 4:58 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-08 4:57 [PATCH AUTOSEL for 4.14 01/67] Bluetooth: hci_qca: Avoid setup failure on missing rampatch Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 02/67] Bluetooth: btqcomsmd: Fix skb double free corruption Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 03/67] cpufreq: longhaul: Revert transition_delay_us to 200 ms Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 05/67] media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 06/67] drm/msm: fix leak in failed get_pages Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 04/67] dt-bindings: net: add TI CC2560 Bluetooth chip Sasha Levin
2018-03-08 16:09 ` David Lechner
2018-03-09 16:38 ` Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 08/67] dm: ensure bio submission follows a depth-first tree walk Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 07/67] net: fec: add phy_reset_after_clk_enable() support Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 10/67] hv_netvsc: Fix the receive buffer size limit Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 09/67] RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 12/67] KVM: x86: add support for emulating UMIP Sasha Levin
2018-03-08 6:46 ` Paolo Bonzini
2018-03-19 15:22 ` Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 11/67] hv_netvsc: Fix the TX/RX buffer default sizes Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 13/67] spi: sh-msiof: Avoid writing to registers from spi_master.setup() Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 14/67] rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 17/67] ath10k: handling qos at STA side based on AP WMM enable/disable Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 16/67] media: bt8xx: Fix err 'bt878_probe()' Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 15/67] rtlwifi: always initialize variables given to RT_TRACE() Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 19/67] qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 18/67] media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 21/67] serial: 8250_dw: Disable clock on error Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 20/67] tty: goldfish: Enable 'earlycon' only if built-in Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 23/67] watchdog: Fix potential kref imbalance when opening watchdog Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 22/67] cros_ec: fix nul-termination for firmware build info Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 24/67] watchdog: Fix kref imbalance seen if handle_boot_enabled=0 Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 26/67] dmaengine: zynqmp_dma: Fix race condition in the probe Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 25/67] platform/chrome: Use proper protocol transfer function Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 27/67] drm/tilcdc: ensure nonatomic iowrite64 is not used Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 28/67] mmc: avoid removing non-removable hosts during suspend Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 30/67] /dev/mem: Add bounce buffer for copy-out Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 29/67] mmc: block: fix logical error to avoid memory leak Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 33/67] sfp: fix non-detection of PHY Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 32/67] sfp: fix EEPROM reading in the case of non-SFF8472 SFPs Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 31/67] net: phy: meson-gxl: check phy_write return value Sasha Levin
2018-03-08 4:57 ` Sasha Levin [this message]
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 34/67] media: s5p-mfc: Fix lock contention - request_firmware() once Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 36/67] IB/ipoib: Avoid memory leak if the SA returns a different DGID Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 37/67] RDMA/cma: Use correct size when writing netlink stats Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 39/67] iser-target: avoid reinitializing rdma contexts for isert commands Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 38/67] IB/umem: Fix use of npages/nmap fields Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 40/67] vgacon: Set VGA struct resource types Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 41/67] omapdrm: panel: fix compatible vendor string for td028ttec1 Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 42/67] mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 43/67] drm/omap: DMM: Check for DMM readiness after successful transaction commit Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 44/67] pty: cancel pty slave port buf's work in tty_release Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 45/67] coresight: Fix disabling of CoreSight TPIU Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 46/67] PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 49/67] media: davinci: fix a debug printk Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 47/67] PCI: endpoint: Fix find_first_zero_bit() usage Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 48/67] PCI: rcar: Handle rcar_pcie_parse_request_of_pci_ranges() failures Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 51/67] pinctrl: rockchip: enable clock when reading pin direction register Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 50/67] pinctrl: Really force states during suspend/resume Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 53/67] ip6_vti: adjust vti mtu according to mtu of lower device Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 52/67] iommu/vt-d: clean up pr_irq if request_threaded_irq fails Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 54/67] ip_gre: fix error path when erspan_rcv failed Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 55/67] ip_gre: fix potential memory leak in erspan_rcv Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 56/67] soc: qcom: smsm: fix child-node lookup Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 57/67] scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 58/67] scsi: lpfc: Fix issues connecting with nvme initiator Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 60/67] ARM: dts: aspeed-evb: Add unit name to memory node Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 59/67] RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 61/67] nfsd4: permit layoutget of executable-only files Sasha Levin
2018-03-08 4:57 ` [PATCH AUTOSEL for 4.14 62/67] clk: at91: pmc: Wait for clocks when resuming Sasha Levin
2018-03-08 4:58 ` [PATCH AUTOSEL for 4.14 63/67] clk: Don't touch hardware when reparenting during registration Sasha Levin
2018-03-08 4:58 ` [PATCH AUTOSEL for 4.14 65/67] clk: si5351: Rename internal plls to avoid name collisions Sasha Levin
2018-03-08 4:58 ` [PATCH AUTOSEL for 4.14 64/67] clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Sasha Levin
2018-03-08 4:58 ` [PATCH AUTOSEL for 4.14 67/67] dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Sasha Levin
2018-03-08 4:58 ` [PATCH AUTOSEL for 4.14 66/67] crypto: artpec6 - set correct iv size for gcm(aes) Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180308045641.7814-35-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=alexandre.belloni@free-electrons.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox