rtc: ds1374: fix possible race condition

The RTC IRQ is requested before the struct rtc_device is allocated,
this may lead to a NULL pointer dereference in the IRQ handler.

To fix this issue, allocating the rtc_device struct before requesting
the RTC IRQ using devm_rtc_allocate_device, and use rtc_register_device
to register the RTC device.

Link: https://lore.kernel.org/r/20200306073404.56921-1-alexandre.belloni@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>

diff --git a/drivers/rtc/rtc-ds1374.c b/drivers/rtc/rtc-ds1374.c
index 6e9ddcd0399234d6cf7fc44a67fa55cf05e8ec6c..cb18a11a3c767ac49ca419aa0842c675da1499ff 100644 (file)
--- a/drivers/rtc/rtc-ds1374.c
+++ b/drivers/rtc/rtc-ds1374.c
@@ -620,6 +620,10 @@ static int ds1374_probe(struct i2c_client *client,
        if (!ds1374)
                return -ENOMEM;
 
+       ds1374->rtc = devm_rtc_allocate_device(&client->dev);
+       if (IS_ERR(ds1374->rtc))
+               return PTR_ERR(ds1374->rtc);
+
        ds1374->client = client;
        i2c_set_clientdata(client, ds1374);
 
@@ -641,12 +645,11 @@ static int ds1374_probe(struct i2c_client *client,
                device_set_wakeup_capable(&client->dev, 1);
        }
 
-       ds1374->rtc = devm_rtc_device_register(&client->dev, client->name,
-                                               &ds1374_rtc_ops, THIS_MODULE);
-       if (IS_ERR(ds1374->rtc)) {
-               dev_err(&client->dev, "unable to register the class device\n");
-               return PTR_ERR(ds1374->rtc);
-       }
+       ds1374->rtc->ops = &ds1374_rtc_ops;
+
+       ret = rtc_register_device(ds1374->rtc);
+       if (ret)
+               return ret;
 
 #ifdef CONFIG_RTC_DRV_DS1374_WDT
        save_client = client;