leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
994ec64c0a
linux/drivers
History
Alexandre Belloni 994ec64c0a rtc: ac100: Fix multiple race conditions 
The probe function is not allowed to fail after registering the RTC because
the following may happen:

CPU0:                                CPU1:
sys_load_module()
 do_init_module()
  do_one_initcall()
   cmos_do_probe()
    rtc_device_register()
     __register_chrdev()
     cdev->owner = struct module*
                                     open("/dev/rtc0")
    rtc_device_unregister()
  module_put()
  free_module()
   module_free(mod->module_core)
   /* struct module *module is now
      freed */
                                      chrdev_open()
                                       spin_lock(cdev_lock)
                                       cdev_get()
                                        try_module_get()
                                         module_is_live()
                                         /* dereferences already
                                            freed struct module* */

Also, the interrupt handler: ac100_rtc_irq() is dereferencing chip->rtc but
this may still be NULL when it is called, resulting in:
Unable to handle kernel NULL pointer dereference at virtual address 00000194
pgd = (ptrval)
[00000194] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in:
CPU: 0 PID: 72 Comm: irq/71-ac100-rt Not tainted 4.15.0-rc1-next-20171201-dirty #120
Hardware name: Allwinner sun8i Family
task: (ptrval) task.stack: (ptrval)
PC is at mutex_lock+0x14/0x3c
LR is at ac100_rtc_irq+0x38/0xc8
pc : [<c06543a4>]    lr : [<c04d9a2c>]    psr: 60000053
sp : ee9c9f28  ip : 00000000  fp : ee9adfdc
r10: 00000000  r9 : c0a04c48  r8 : c015ed18
r7 : ee9bd600  r6 : ee9c9f28  r5 : ee9af590  r4 : c0a04c48
r3 : ef3cb3c0  r2 : 00000000  r1 : ee9af590  r0 : 00000194
Flags: nZCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: 4000406a  DAC: 00000051
Process irq/71-ac100-rt (pid: 72, stack limit = 0x(ptrval))
Stack: (0xee9c9f28 to 0xee9ca000)
9f20:                   00000000 7c2fd1be c015ed18 ee9adf40 ee9c0400 ee9c0400
9f40: ee9adf40 c015ed34 ee9c8000 ee9adf64 ee9c0400 c015f040 ee9adf80 00000000
9f60: c015ee24 7c2fd1be ee9adfc0 ee9adf80 00000000 ee9c8000 ee9adf40 c015eef4
9f80: ef1eba34 c0138f14 ee9c8000 ee9adf80 c0138df4 00000000 00000000 00000000
9fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff
[<c06543a4>] (mutex_lock) from [<c04d9a2c>] (ac100_rtc_irq+0x38/0xc8)
[<c04d9a2c>] (ac100_rtc_irq) from [<c015ed34>] (irq_thread_fn+0x1c/0x54)
[<c015ed34>] (irq_thread_fn) from [<c015f040>] (irq_thread+0x14c/0x214)
[<c015f040>] (irq_thread) from [<c0138f14>] (kthread+0x120/0x150)
[<c0138f14>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)

Solve both issues by moving to
devm_rtc_allocate_device()/rtc_register_device()

Reported-by: Quentin Schulz <quentin.schulz@free-electrons.com>
Tested-by: Quentin Schulz <quentin.schulz@free-electrons.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
2017-12-18 23:05:11 +01:00
..
accessibility
acpi ACPI fix for v4.15-rc1 2017-11-17 14:51:24 -08:00
amba A couple of dma-mapping updates: 2017-11-14 16:54:12 -08:00
android Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
ata Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2017-11-15 14:11:41 -08:00
atm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
auxdisplay Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
base treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
block treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
bluetooth
bus ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
cdrom Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block 2017-11-14 15:32:19 -08:00
char Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:11:54 -08:00
clk We have two changes to the core framework this time around. The first being a 2017-11-17 20:04:24 -08:00
clocksource - final batch of "non trivial" timer conversions (multi-tree dependencies, 2017-11-23 16:29:05 +01:00
connector
cpufreq Power management updates for v4.15-rc1 2017-11-13 19:43:50 -08:00
cpuidle powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
crypto powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
dax libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
dca
devfreq Merge branches 'pm-devfreq' and 'pm-tools' 2017-11-13 01:41:39 +01:00
dio
dma dmaengine updates for 4.15-rc1 2017-11-14 16:49:31 -08:00
dma-buf Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
edac Modules updates for v4.15 2017-11-15 13:46:33 -08:00
eisa
extcon USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
firewire Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
firmware drivers/firmware: psci: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
fmc
fpga Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
fsi
gpio This is the bulk of pin control changes for the v4.15 2017-11-16 10:57:11 -08:00
gpu Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
hid treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
hsi HSI changes for the v4.15 series 2017-11-15 13:35:43 -08:00
hv Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
hwmon hwmon: (w83793) Remove duplicate NULL check 2017-11-16 01:03:19 -08:00
hwspinlock hwspinlock update for v4.15 2017-11-17 20:16:20 -08:00
hwtracing Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
i2c Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 11:54:55 -08:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2017-11-19 08:04:41 -10:00
idle Merge branch 'pm-cpuidle' 2017-11-13 01:34:14 +01:00
iio treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
infiniband treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
input treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
iommu treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ipack
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:39:20 -08:00
isdn treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
leds LED updates for 4.15rc1 2017-11-14 18:09:31 -08:00
lightnvm lightnvm: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
macintosh Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
mailbox Change to POLL api and fixes for FlexRM and OMAP driver 2017-11-15 13:39:18 -08:00
mcb
md Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-11-17 10:56:56 -08:00
media treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
memory ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
memstick treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
message Modules updates for v4.15 2017-11-15 13:46:33 -08:00
mfd treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
misc lkdtm: include WARN format string 2017-11-17 16:10:01 -08:00
mmc treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mtd Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
mux
net Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
nfc treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
ntb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
nubus m68k updates for 4.15 2017-11-13 12:10:24 -08:00
nvdimm libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
nvme nvmet_fc: fix better length checking 2017-11-16 11:27:04 -07:00
nvmem Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
of DeviceTree fixes for 4.15: 2017-11-20 21:38:41 -10:00
opp
oprofile
parisc
parport Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
pci Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:11:54 -08:00
pcmcia drivers/pcmcia/sa1111_badge4.c: avoid unused function warning 2017-11-17 16:10:04 -08:00
perf arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
phy USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
pinctrl This is the bulk of pin control changes for the v4.15 2017-11-16 10:57:11 -08:00
platform Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
pnp
power power supply and reset changes for the v4.15 series 2017-11-15 13:37:15 -08:00
powercap
pps treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ps3
ptp xen: features and fixes for v4.15-rc1 2017-11-16 13:06:27 -08:00
pwm pwm: Changes for v4.15-rc1 2017-11-22 21:09:18 -10:00
rapidio Merge branch 'akpm' (patches from Andrew) 2017-11-17 16:56:17 -08:00
ras Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
regulator - New Drivers 2017-11-16 09:15:57 -08:00
remoteproc remoteproc updates for v4.15 2017-11-17 20:14:10 -08:00
reset ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
rpmsg rpmsg updates for v4.15 2017-11-17 20:12:08 -08:00
rtc rtc: ac100: Fix multiple race conditions 2017-12-18 23:05:11 +01:00
s390 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2017-11-17 20:21:44 -08:00
scsi Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
sfi
sh A couple of dma-mapping updates: 2017-11-14 16:54:12 -08:00
sn
soc ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
spi Merge remote-tracking branches 'spi/topic/sh-msiof', 'spi/topic/slave', 'spi/topic/spreadtrum' and 'spi/topic/tegra114' into spi-next 2017-11-10 21:33:51 +00:00
spmi
ssb
staging treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
target Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-11-17 14:31:27 -08:00
thunderbolt Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
tty treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
uio
usb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
uwb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
vfio VFIO Updates for Linux v4.15 2017-11-14 16:47:47 -08:00
vhost Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 12:08:18 -08:00
video fbdev changes for v4.15: 2017-11-20 21:50:24 -10:00
virt
virtio virtio_balloon: fix deadlock on OOM 2017-11-14 23:57:38 +02:00
vlynq
vme Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
w1 Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
watchdog treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
xen treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
zorro
Kconfig Merge branches 'pm-cpufreq-sched' and 'pm-opp' 2017-11-13 01:40:52 +01:00
Makefile Merge branches 'pm-cpufreq-sched' and 'pm-opp' 2017-11-13 01:40:52 +01:00