queue-4.19/power-supply-max14656-fix-potential-use-before-alloc.patch

   1 From 4a5cb29f2da115202f9a4415e1f46126cd96ba50 Mon Sep 17 00:00:00 2001
   2 From: Sven Van Asbroeck <thesven73@gmail.com>
   3 Date: Fri, 15 Feb 2019 16:43:02 -0500
   4 Subject: power: supply: max14656: fix potential use-before-alloc
   5
   6 [ Upstream commit 0cd0e49711556d2331a06b1117b68dd786cb54d2 ]
   7
   8 Call order on probe():
   9 - max14656_hw_init() enables interrupts on the chip
  10 - devm_request_irq() starts processing interrupts, isr
  11   could be called immediately
  12 -    isr: schedules delayed work (irq_work)
  13 -    irq_work: calls power_supply_changed()
  14 - devm_power_supply_register() registers the power supply
  15
  16 Depending on timing, it's possible that power_supply_changed()
  17 is called on an unregistered power supply structure.
  18
  19 Fix by registering the power supply before requesting the irq.
  20
  21 Cc: Alexander Kurz <akurz@blala.de>
  22 Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
  23 Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
  24 Signed-off-by: Sasha Levin <sashal@kernel.org>
  25 ---
  26  drivers/power/supply/max14656_charger_detector.c | 14 +++++++-------
  27  1 file changed, 7 insertions(+), 7 deletions(-)
  28
  29 diff --git a/drivers/power/supply/max14656_charger_detector.c b/drivers/power/supply/max14656_charger_detector.c
  30 index b91b1d2999dc..d19307f791c6 100644
  31 --- a/drivers/power/supply/max14656_charger_detector.c
  32 +++ b/drivers/power/supply/max14656_charger_detector.c
  33 @@ -280,6 +280,13 @@ static int max14656_probe(struct i2c_client *client,
  34
  35         INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker);
  36
  37 +       chip->detect_psy = devm_power_supply_register(dev,
  38 +                      &chip->psy_desc, &psy_cfg);
  39 +       if (IS_ERR(chip->detect_psy)) {
  40 +               dev_err(dev, "power_supply_register failed\n");
  41 +               return -EINVAL;
  42 +       }
  43 +
  44         ret = devm_request_irq(dev, chip->irq, max14656_irq,
  45                                IRQF_TRIGGER_FALLING,
  46                                MAX14656_NAME, chip);
  47 @@ -289,13 +296,6 @@ static int max14656_probe(struct i2c_client *client,
  48         }
  49         enable_irq_wake(chip->irq);
  50
  51 -       chip->detect_psy = devm_power_supply_register(dev,
  52 -                      &chip->psy_desc, &psy_cfg);
  53 -       if (IS_ERR(chip->detect_psy)) {
  54 -               dev_err(dev, "power_supply_register failed\n");
  55 -               return -EINVAL;
  56 -       }
  57 -
  58         schedule_delayed_work(&chip->irq_work, msecs_to_jiffies(2000));
  59
  60         return 0;
  61 --
  62 2.20.1
  63