[PATCH 5.10 118/121] i2c: qcom-cci: dont put a device tree node before i2c_add_adapter()

From: Greg Kroah-Hartman
Date: Mon Feb 21 2022 - 04:24:54 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.10 029/121] selftests: openat2: Add missing dependency in Makefile"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 116/121] dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 116/121] dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 029/121] selftests: openat2: Add missing dependency in Makefile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Vladimir Zapolskiy <vladimir.zapolskiy@xxxxxxxxxx>

commit 02a4a69667a2ad32f3b52ca906f19628fbdd8a01 upstream.

There is a minor chance for a race, if a pointer to an i2c-bus subnode
is stored and then reused after releasing its reference, and it would
be sufficient to get one more reference under a loop over children
subnodes.

Fixes: e517526195de ("i2c: Add Qualcomm CCI I2C driver")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@xxxxxxxxxx>
Reviewed-by: Robert Foss <robert.foss@xxxxxxxxxx>
Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Signed-off-by: Wolfram Sang <wsa@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/i2c/busses/i2c-qcom-cci.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)

--- a/drivers/i2c/busses/i2c-qcom-cci.c
+++ b/drivers/i2c/busses/i2c-qcom-cci.c
@@ -558,7 +558,7 @@ static int cci_probe(struct platform_dev
cci->master[idx].adap.quirks = &cci->data->quirks;
cci->master[idx].adap.algo = &cci_algo;
cci->master[idx].adap.dev.parent = dev;
- cci->master[idx].adap.dev.of_node = child;
+ cci->master[idx].adap.dev.of_node = of_node_get(child);
cci->master[idx].master = idx;
cci->master[idx].cci = cci;

@@ -643,8 +643,10 @@ static int cci_probe(struct platform_dev
continue;

ret = i2c_add_adapter(&cci->master[i].adap);
- if (ret < 0)
+ if (ret < 0) {
+ of_node_put(cci->master[i].adap.dev.of_node);
goto error_i2c;
+ }
}

pm_runtime_set_autosuspend_delay(dev, MSEC_PER_SEC);
@@ -656,8 +658,10 @@ static int cci_probe(struct platform_dev

error_i2c:
for (--i ; i >= 0; i--) {
- if (cci->master[i].cci)
+ if (cci->master[i].cci) {
i2c_del_adapter(&cci->master[i].adap);
+ of_node_put(cci->master[i].adap.dev.of_node);
+ }
}
error:
disable_irq(cci->irq);
@@ -673,8 +677,10 @@ static int cci_remove(struct platform_de
int i;

for (i = 0; i < cci->data->num_masters; i++) {
- if (cci->master[i].cci)
+ if (cci->master[i].cci) {
i2c_del_adapter(&cci->master[i].adap);
+ of_node_put(cci->master[i].adap.dev.of_node);
+ }
cci_halt(cci, i);
}

Next message: Greg Kroah-Hartman: "[PATCH 5.10 029/121] selftests: openat2: Add missing dependency in Makefile"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 116/121] dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 116/121] dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 029/121] selftests: openat2: Add missing dependency in Makefile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]