From 955ccd9cae0bd3651fb046155378b505fbedc16c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 23 Mar 2018 18:35:56 +0100 Subject: [PATCH] drop queue-4.9/rtc-ac100-fix-multiple-race-conditions.patch --- ...c-ac100-fix-multiple-race-conditions.patch | 121 ------------------ queue-4.9/series | 1 - 2 files changed, 122 deletions(-) delete mode 100644 queue-4.9/rtc-ac100-fix-multiple-race-conditions.patch diff --git a/queue-4.9/rtc-ac100-fix-multiple-race-conditions.patch b/queue-4.9/rtc-ac100-fix-multiple-race-conditions.patch deleted file mode 100644 index 3b064ec3db0..00000000000 --- a/queue-4.9/rtc-ac100-fix-multiple-race-conditions.patch +++ /dev/null @@ -1,121 +0,0 @@ -From foo@baz Thu Mar 22 14:40:24 CET 2018 -From: Alexandre Belloni -Date: Mon, 4 Dec 2017 14:58:33 +0100 -Subject: rtc: ac100: Fix multiple race conditions - -From: Alexandre Belloni - - -[ Upstream commit 994ec64c0a193940be7a6fd074668b9446d3b6c3 ] - -The probe function is not allowed to fail after registering the RTC because -the following may happen: - -CPU0: CPU1: -sys_load_module() - do_init_module() - do_one_initcall() - cmos_do_probe() - rtc_device_register() - __register_chrdev() - cdev->owner = struct module* - open("/dev/rtc0") - rtc_device_unregister() - module_put() - free_module() - module_free(mod->module_core) - /* struct module *module is now - freed */ - chrdev_open() - spin_lock(cdev_lock) - cdev_get() - try_module_get() - module_is_live() - /* dereferences already - freed struct module* */ - -Also, the interrupt handler: ac100_rtc_irq() is dereferencing chip->rtc but -this may still be NULL when it is called, resulting in: -Unable to handle kernel NULL pointer dereference at virtual address 00000194 -pgd = (ptrval) -[00000194] *pgd=00000000 -Internal error: Oops: 5 [#1] SMP ARM -Modules linked in: -CPU: 0 PID: 72 Comm: irq/71-ac100-rt Not tainted 4.15.0-rc1-next-20171201-dirty #120 -Hardware name: Allwinner sun8i Family -task: (ptrval) task.stack: (ptrval) -PC is at mutex_lock+0x14/0x3c -LR is at ac100_rtc_irq+0x38/0xc8 -pc : [] lr : [] psr: 60000053 -sp : ee9c9f28 ip : 00000000 fp : ee9adfdc -r10: 00000000 r9 : c0a04c48 r8 : c015ed18 -r7 : ee9bd600 r6 : ee9c9f28 r5 : ee9af590 r4 : c0a04c48 -r3 : ef3cb3c0 r2 : 00000000 r1 : ee9af590 r0 : 00000194 -Flags: nZCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment none -Control: 10c5387d Table: 4000406a DAC: 00000051 -Process irq/71-ac100-rt (pid: 72, stack limit = 0x(ptrval)) -Stack: (0xee9c9f28 to 0xee9ca000) -9f20: 00000000 7c2fd1be c015ed18 ee9adf40 ee9c0400 ee9c0400 -9f40: ee9adf40 c015ed34 ee9c8000 ee9adf64 ee9c0400 c015f040 ee9adf80 00000000 -9f60: c015ee24 7c2fd1be ee9adfc0 ee9adf80 00000000 ee9c8000 ee9adf40 c015eef4 -9f80: ef1eba34 c0138f14 ee9c8000 ee9adf80 c0138df4 00000000 00000000 00000000 -9fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 -9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 -9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff -[] (mutex_lock) from [] (ac100_rtc_irq+0x38/0xc8) -[] (ac100_rtc_irq) from [] (irq_thread_fn+0x1c/0x54) -[] (irq_thread_fn) from [] (irq_thread+0x14c/0x214) -[] (irq_thread) from [] (kthread+0x120/0x150) -[] (kthread) from [] (ret_from_fork+0x14/0x2c) - -Solve both issues by moving to -devm_rtc_allocate_device()/rtc_register_device() - -Reported-by: Quentin Schulz -Tested-by: Quentin Schulz -Signed-off-by: Alexandre Belloni -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/rtc/rtc-ac100.c | 19 ++++++++++++------- - 1 file changed, 12 insertions(+), 7 deletions(-) - ---- a/drivers/rtc/rtc-ac100.c -+++ b/drivers/rtc/rtc-ac100.c -@@ -567,6 +567,12 @@ static int ac100_rtc_probe(struct platfo - return chip->irq; - } - -+ chip->rtc = devm_rtc_allocate_device(&pdev->dev); -+ if (IS_ERR(chip->rtc)) -+ return PTR_ERR(chip->rtc); -+ -+ chip->rtc->ops = &ac100_rtc_ops; -+ - ret = devm_request_threaded_irq(&pdev->dev, chip->irq, NULL, - ac100_rtc_irq, - IRQF_SHARED | IRQF_ONESHOT, -@@ -586,17 +592,16 @@ static int ac100_rtc_probe(struct platfo - /* clear counter alarm pending interrupts */ - regmap_write(chip->regmap, AC100_ALM_INT_STA, AC100_ALM_INT_ENABLE); - -- chip->rtc = devm_rtc_device_register(&pdev->dev, "rtc-ac100", -- &ac100_rtc_ops, THIS_MODULE); -- if (IS_ERR(chip->rtc)) { -- dev_err(&pdev->dev, "unable to register device\n"); -- return PTR_ERR(chip->rtc); -- } -- - ret = ac100_rtc_register_clks(chip); - if (ret) - return ret; - -+ ret = rtc_register_device(chip->rtc); -+ if (ret) { -+ dev_err(&pdev->dev, "unable to register device\n"); -+ return ret; -+ } -+ - dev_info(&pdev->dev, "RTC enabled\n"); - - return 0; diff --git a/queue-4.9/series b/queue-4.9/series index 7d51ab8ebb9..4fae2bc2595 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -148,7 +148,6 @@ platform-chrome-use-proper-protocol-transfer-function.patch dmaengine-zynqmp_dma-fix-race-condition-in-the-probe.patch drm-tilcdc-ensure-nonatomic-iowrite64-is-not-used.patch mmc-avoid-removing-non-removable-hosts-during-suspend.patch -rtc-ac100-fix-multiple-race-conditions.patch ib-ipoib-avoid-memory-leak-if-the-sa-returns-a-different-dgid.patch rdma-cma-use-correct-size-when-writing-netlink-stats.patch ib-umem-fix-use-of-npages-nmap-fields.patch -- 2.47.2