redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/rtc
History
Alexandre Belloni 10d0c768cc rtc: m41t80: fix race conditions 
The IRQ is requested before the struct rtc is allocated and registered, but
this struct is used in the IRQ handler, leading to:

Unable to handle kernel NULL pointer dereference at virtual address 0000017c
pgd = a38a2f9b
[0000017c] *pgd=00000000
Internal error: Oops: 5 [#1] ARM
Modules linked in:
CPU: 0 PID: 613 Comm: irq/48-m41t80 Not tainted 4.16.0-rc1+ #42
Hardware name: Atmel SAMA5
PC is at mutex_lock+0x14/0x38
LR is at m41t80_handle_irq+0x1c/0x9c
pc : [<c06e864c>]    lr : [<c04b70f0>]    psr: 20000013
sp : dec73f30  ip : 00000000  fp : dec56d98
r10: df437cf0  r9 : c0a03008  r8 : c0145ffc
r7 : df5c4300  r6 : dec568d0  r5 : df593000  r4 : 0000017c
r3 : df592800  r2 : 60000013  r1 : df593000  r0 : 0000017c
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c53c7d  Table: 20004059  DAC: 00000051
Process irq/48-m41t80 (pid: 613, stack limit = 0xb52d091e)
Stack: (0xdec73f30 to 0xdec74000)
3f20:                                     dec56840 df5c4300 00000001 df5c4300
3f40: c0145ffc c0146018 dec56840 ffffe000 00000001 c0146290 dec567c0 00000000
3f60: c0146084 ed7c9a62 c014615c dec56d80 dec567c0 00000000 dec72000 dec56840
3f80: c014615c c012ffc0 dec72000 dec567c0 c012fe80 00000000 00000000 00000000
3fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000
3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 29282726 2d2c2b2a
[<c06e864c>] (mutex_lock) from [<c04b70f0>] (m41t80_handle_irq+0x1c/0x9c)
[<c04b70f0>] (m41t80_handle_irq) from [<c0146018>] (irq_thread_fn+0x1c/0x54)
[<c0146018>] (irq_thread_fn) from [<c0146290>] (irq_thread+0x134/0x1c0)
[<c0146290>] (irq_thread) from [<c012ffc0>] (kthread+0x140/0x148)
[<c012ffc0>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)
Exception stack(0xdec73fb0 to 0xdec73ff8)
3fa0:                                     00000000 00000000 00000000 00000000
3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
Code: e3c33d7f e3c3303f f5d0f000 e593300c (e1901f9f)
---[ end trace 22b027302eb7c604 ]---
genirq: exiting task "irq/48-m41t80" (613) is an active IRQ thread (irq 48)

Also, there is another possible race condition. The probe function is not
allowed to fail after the RTC is registered because the following may
happen:

CPU0:                                CPU1:
sys_load_module()
 do_init_module()
  do_one_initcall()
   cmos_do_probe()
    rtc_device_register()
     __register_chrdev()
     cdev->owner = struct module*
                                     open("/dev/rtc0")
    rtc_device_unregister()
  module_put()
  free_module()
   module_free(mod->module_core)
   /* struct module *module is now
      freed */
                                      chrdev_open()
                                       spin_lock(cdev_lock)
                                       cdev_get()
                                        try_module_get()
                                         module_is_live()
                                         /* dereferences already
                                            freed struct module* */

Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
before requesting the IRQ and register it as late as possible.

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2018-03-17 14:20:48 +01:00
..
class.c rtc: remove nvmem_config 2018-03-01 10:49:23 +01:00
hctosys.c
interface.c rtc: Add tracepoints for RTC system 2018-02-13 21:30:22 +01:00
Kconfig rtc: tx4939: extend test coverage 2018-03-01 10:49:34 +01:00
Makefile rtc: remove rtc-at32ap700x 2018-01-19 09:59:32 +01:00
nvmem.c rtc: export rtc_nvmem_register() to drivers 2018-03-01 10:49:15 +01:00
rtc-88pm80x.c
rtc-88pm860x.c
rtc-ab-b5ze-s3.c rtc: ab-b5ze-s3: stop validating rtc_time in .read_time 2018-03-02 10:09:59 +01:00
rtc-ab3100.c rtc: stop validating rtc_time after rtc_time64_to_tm 2018-03-01 10:49:41 +01:00
rtc-ab8500.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-abx80x.c rtc: abx80x: remove useless message 2018-03-02 10:12:23 +01:00
rtc-ac100.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-armada38x.c rtc: armada38x: add support for trimming the RTC 2017-10-25 23:05:52 +02:00
rtc-as3722.c
rtc-asm9260.c
rtc-at91rm9200.c rtc: at91rm9200: fix reading alarm value 2017-11-10 16:24:32 +01:00
rtc-at91rm9200.h
rtc-at91sam9.c
rtc-au1xxx.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-bfin.c
rtc-bq32k.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-bq4802.c
rtc-brcmstb-waketimer.c rtc: brcmstb-waketimer: fix error handling in brcmstb_waketmr_probe() 2017-11-29 22:11:13 +01:00
rtc-cmos.c rtc: cmos: let the core handle invalid time 2018-03-01 10:49:39 +01:00
rtc-coh901331.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-core.h rtc: export rtc_nvmem_register() to drivers 2018-03-01 10:49:15 +01:00
rtc-cpcap.c rtc: cpcap: stop validating rtc_time in .read_time 2018-03-02 10:09:59 +01:00
rtc-cros-ec.c rtc: cros-ec: add cros-ec-rtc driver. 2017-12-18 23:05:10 +01:00
rtc-da9052.c rtc: diasemi: stop validating rtc_time in .read_time 2018-03-02 10:11:02 +01:00
rtc-da9055.c rtc: diasemi: stop validating rtc_time in .read_time 2018-03-02 10:11:02 +01:00
rtc-da9063.c rtc: diasemi: stop validating rtc_time in .read_time 2018-03-02 10:11:02 +01:00
rtc-davinci.c
rtc-dev.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rtc-digicolor.c
rtc-dm355evm.c mfd: dm355evm_msp: Move header file out of I2C realm 2017-08-15 08:06:14 +01:00
rtc-ds1216.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1286.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1302.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1305.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1307.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1343.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1347.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1374.c
rtc-ds1390.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1511.c rtc: ds1511: let the core handle invalid time 2018-03-01 10:49:38 +01:00
rtc-ds1553.c rtc: ds1553: let the core handle invalid time 2018-03-01 10:49:39 +01:00
rtc-ds1672.c rtc: constify i2c_device_id 2017-09-01 01:10:11 +02:00
rtc-ds1685.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds1742.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds2404.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ds3232.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-efi-platform.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtc-efi.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-em3027.c rtc: constify i2c_device_id 2017-09-01 01:10:11 +02:00
rtc-ep93xx.c
rtc-fm3130.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-ftrtc010.c rtc: gemini/ftrtc010: rename driver and symbols 2017-07-06 22:37:15 +02:00
rtc-generic.c
rtc-goldfish.c rtc: goldfish: Add missing MODULE_LICENSE 2018-02-13 21:46:04 +01:00
rtc-hid-sensor-time.c
rtc-hym8563.c
rtc-imxdi.c
rtc-isl1208.c rtc: isl1208: Fix unintended clear of SR bits 2018-03-01 10:49:36 +01:00
rtc-isl12022.c rtc: isl12022: remove useless indirection 2018-03-02 10:12:19 +01:00
rtc-jz4740.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-lib.c rtc: Fix overflow when converting time64_t to rtc_time 2018-02-13 21:30:28 +01:00
rtc-lp8788.c
rtc-lpc24xx.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-lpc32xx.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-ls1x.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-m41t80.c rtc: m41t80: fix race conditions 2018-03-17 14:20:48 +01:00
rtc-m41t93.c rtc: m41t93: stop validating rtc_time in .read_time 2018-03-02 10:12:19 +01:00
rtc-m41t94.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-m48t35.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-m48t59.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-m48t86.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-max6900.c rtc: max6900: remove useless indirection 2018-03-17 14:20:46 +01:00
rtc-max6902.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-max6916.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-max8907.c
rtc-max8925.c rtc: max8925: remove redundant check on ret 2017-07-31 00:17:48 +02:00
rtc-max8997.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-max8998.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-max77686.c rtc: max77686: stop validating rtc_time in .read_time 2018-03-02 10:12:20 +01:00
rtc-mc13xxx.c rtc: stop validating rtc_time after rtc_time64_to_tm 2018-03-01 10:49:41 +01:00
rtc-mc146818-lib.c
rtc-mcp795.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-moxart.c
rtc-mpc5121.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-mrst.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-msm6242.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-mt6397.c
rtc-mt7622.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-mv.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-mxc.c rtc: mxc: avoid disabling interrupts on device close 2017-08-24 16:23:16 +02:00
rtc-mxc_v2.c rtc: mxc_v2: Fix _iomem pointer notation 2018-03-01 10:49:36 +01:00
rtc-nuc900.c rtc: nuc900: stop validating rtc_time in .read_time 2018-03-02 10:12:17 +01:00
rtc-omap.c rtc: omap: stop validating rtc_time in .set_time and .set_alarm 2018-03-02 10:12:21 +01:00
rtc-opal.c rtc-opal: Fix handling of firmware error codes, prevent busy loops 2018-01-27 21:15:59 +11:00
rtc-palmas.c
rtc-pcap.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-pcf2123.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-pcf2127.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-pcf8523.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-pcf8563.c rtc: pcf8563: don't alway enable the alarm 2017-11-09 01:16:36 +01:00
rtc-pcf8583.c
rtc-pcf50633.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-pcf85063.c rtc: pcf85063: remove useless indirection 2018-03-17 14:20:47 +01:00
rtc-pcf85363.c rtc: pcf85363: put struct nvmem_config on the stack 2018-03-01 10:49:21 +01:00
rtc-pic32.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-pl030.c
rtc-pl031.c rtc: pl031: make interrupt optional 2017-10-12 16:30:30 +02:00
rtc-pm8xxx.c rtc: pm8xxx: remove useless message 2018-03-02 10:12:23 +01:00
rtc-proc.c
rtc-ps3.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-puv3.c rtc: puv3: make alarms useful 2017-08-22 12:05:21 +02:00
rtc-pxa.c rtc: pxa: fix possible race condition 2017-08-24 11:03:34 +02:00
rtc-r7301.c rtc: r7301: stop validating rtc_time in .read_time 2018-03-02 10:12:18 +01:00
rtc-r9701.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-rc5t583.c
rtc-rk808.c rtc: rk808: fix possible race condition 2018-03-17 14:20:42 +01:00
rtc-rp5c01.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-rs5c313.c
rtc-rs5c348.c rtc: rs5c348: let the core handle invalid time 2018-03-01 10:49:40 +01:00
rtc-rs5c372.c rtc: rs5c372: remove useless indirection 2018-03-17 14:20:45 +01:00
rtc-rtd119x.c rtc: Add Realtek RTD1295 2017-09-05 09:55:02 +02:00
rtc-rv3029c2.c rtc: rv3029: Clean up error handling in rv3029_eeprom_write() 2017-10-12 16:24:19 +02:00
rtc-rv8803.c rtc: rv8803: fix possible race condition 2018-03-01 10:49:23 +01:00
rtc-rx4581.c rtc: rx4581: remove useless message 2018-03-02 10:12:24 +01:00
rtc-rx6110.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-rx8010.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-rx8025.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-rx8581.c rtc: rx8581: remove useless message 2018-03-02 10:12:24 +01:00
rtc-s3c.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-s3c.h
rtc-s5m.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-s35390a.c rtc: s35390a: remove useless indirection 2018-03-17 14:20:44 +01:00
rtc-sa1100.c rtc: sa1100: make alarms useful 2017-08-24 11:03:35 +02:00
rtc-sa1100.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtc-sc27xx.c rtc: sc27xx: stop validating rtc_time in .read_time 2018-03-02 10:12:18 +01:00
rtc-sh.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-sirfsoc.c rtc: sirfsoc: remove useless sirfsoc_rtc_ioctl 2018-03-01 10:49:27 +01:00
rtc-snvs.c
rtc-spear.c rtc: spear: stop validating rtc_time in .set_time and .set_alarm 2018-03-02 10:12:21 +01:00
rtc-st-lpc.c rtc: st-lpc: make it robust against y2038/2106 bug 2017-07-09 22:32:18 +02:00
rtc-starfire.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-stk17ta8.c rtc: stk17ta8: let the core handle invalid time 2018-03-01 10:49:40 +01:00
rtc-stm32.c rtc: stm32: Fix copyright 2017-11-29 22:20:56 +01:00
rtc-stmp3xxx.c
rtc-sun4v.c
rtc-sun6i.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-sunxi.c rtc: stop validating rtc_time in .read_time 2018-03-02 10:09:58 +01:00
rtc-sysfs.c rtc: sysfs: Use time64_t variables to set time/alarm 2017-11-10 09:57:38 +01:00
rtc-tegra.c rtc: tegra: stop validating rtc_time in .set_time 2018-03-02 10:12:22 +01:00
rtc-test.c
rtc-tile.c
rtc-tps6586x.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-tps65910.c
rtc-tps80031.c
rtc-twl.c mfd: twl: Move header file out of I2C realm 2017-09-04 14:41:02 +01:00
rtc-tx4939.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-v3020.c
rtc-vr41xx.c rtc: vr41xx: make alarms useful 2017-08-24 11:03:36 +02:00
rtc-vt8500.c
rtc-wm831x.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-wm8350.c
rtc-x1205.c
rtc-xgene.c rtc: stop validating rtc_time after rtc_time_to_tm 2018-03-01 10:49:41 +01:00
rtc-zynqmp.c rtc: stop validating rtc_time after rtc_time64_to_tm 2018-03-01 10:49:41 +01:00
systohc.c rtc: Allow rtc drivers to specify the tv_nsec value for ntp 2017-10-30 15:03:24 -07:00