From: Ali Pouladi quic_apouladi@quicinc.com
When there is no interrupt line, rtc alarm feature is disabled.
The clearing of the alarm feature bit was being done prior to allocations of ldata->rtc device, resulting in a null pointer dereference.
Clear RTC_FEATURE_ALARM after the rtc device is allocated.
Fixes: d9b0dd54a194 ("rtc: pl031: use RTC_FEATURE_ALARM") Cc: stable@vger.kernel.org Signed-off-by: Ali Pouladi quic_apouladi@quicinc.com Signed-off-by: Elliot Berman quic_eberman@quicinc.com --- drivers/rtc/rtc-pl031.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/rtc/rtc-pl031.c b/drivers/rtc/rtc-pl031.c index e38ee8848385..bad6a5d9c683 100644 --- a/drivers/rtc/rtc-pl031.c +++ b/drivers/rtc/rtc-pl031.c @@ -350,9 +350,6 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id) } }
- if (!adev->irq[0]) - clear_bit(RTC_FEATURE_ALARM, ldata->rtc->features); - device_init_wakeup(&adev->dev, true); ldata->rtc = devm_rtc_allocate_device(&adev->dev); if (IS_ERR(ldata->rtc)) { @@ -360,6 +357,9 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id) goto out; }
+ if (!adev->irq[0]) + clear_bit(RTC_FEATURE_ALARM, ldata->rtc->features); + ldata->rtc->ops = ops; ldata->rtc->range_min = vendor->range_min; ldata->rtc->range_max = vendor->range_max;
On Fri, 25 Feb 2022 08:19:24 -0800, Elliot Berman wrote:
From: Ali Pouladi quic_apouladi@quicinc.com
When there is no interrupt line, rtc alarm feature is disabled.
The clearing of the alarm feature bit was being done prior to allocations of ldata->rtc device, resulting in a null pointer dereference.
[...]
Applied, thanks!
[1/1] rtc: pl031: fix rtc features null pointer dereference commit: 75445c15916421993d47c338a17d49f3449b516f
Best regards,
linux-stable-mirror@lists.linaro.org
-
Alexandre Belloni -
Elliot Berman