[PATCH v2] nvmem: core: Fix race in nvmem_register()

From: Hector Martin
Date: Tue Jan 03 2023 - 06:45:24 EST

Next message: Deepak R Varma: "[PATCH] staging: media: imx: remove unnecessary return variable"
Previous message: Ulf Hansson: "Re: [RFC PATCH v1 12/19] rtw88: sdio: Add HCI implementation for SDIO based chipsets"
Next in thread: Srinivas Kandagatla: "Re: [PATCH v2] nvmem: core: Fix race in nvmem_register()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nvmem_register() currently registers the device before adding the nvmem
cells, which creates a race window where consumers may find the nvmem
device (and not get PROBE_DEFERred), but then fail to find the cells and
error out.

Move device registration to the end of nvmem_register(), to close the
race.

Observed when the stars line up on Apple Silicon machines with the (not
yet upstream, but trivial) spmi nvmem driver and the macsmc-rtc client:

[ 0.487375] macsmc-rtc macsmc-rtc: error -ENOENT: Failed to get rtc_offset NVMEM cell

Fixes: eace75cfdcf7 ("nvmem: Add a simple NVMEM framework for nvmem providers")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Eric Curtin <ecurtin@xxxxxxxxxx>
Signed-off-by: Hector Martin <marcan@xxxxxxxxx>
---
drivers/nvmem/core.c | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 321d7d63e068..606f428d6292 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -822,11 +822,8 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
break;
}

- if (rval) {
- ida_free(&nvmem_ida, nvmem->id);
- kfree(nvmem);
- return ERR_PTR(rval);
- }
+ if (rval)
+ goto err_gpiod_put;

nvmem->read_only = device_property_present(config->dev, "read-only") ||
config->read_only || !nvmem->reg_write;
@@ -837,20 +834,16 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)

dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);

- rval = device_register(&nvmem->dev);
- if (rval)
- goto err_put_device;
-
if (nvmem->nkeepout) {
rval = nvmem_validate_keepouts(nvmem);
if (rval)
- goto err_device_del;
+ goto err_gpiod_put;
}

if (config->compat) {
rval = nvmem_sysfs_setup_compat(nvmem, config);
if (rval)
- goto err_device_del;
+ goto err_gpiod_put;
}

if (config->cells) {
@@ -867,6 +860,15 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
if (rval)
goto err_remove_cells;

+ rval = device_register(&nvmem->dev);
+ if (rval) {
+ nvmem_device_remove_all_cells(nvmem);
+ if (config->compat)
+ nvmem_sysfs_remove_compat(nvmem, config);
+ put_device(&nvmem->dev);
+ return ERR_PTR(rval);
+ }
+
blocking_notifier_call_chain(&nvmem_notifier, NVMEM_ADD, nvmem);

return nvmem;
@@ -876,10 +878,10 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
err_teardown_compat:
if (config->compat)
nvmem_sysfs_remove_compat(nvmem, config);
-err_device_del:
- device_del(&nvmem->dev);
-err_put_device:
- put_device(&nvmem->dev);
+err_gpiod_put:
+ gpiod_put(nvmem->wp_gpio);
+ ida_free(&nvmem_ida, nvmem->id);
+ kfree(nvmem);

return ERR_PTR(rval);
}
--
2.35.1

Next message: Deepak R Varma: "[PATCH] staging: media: imx: remove unnecessary return variable"
Previous message: Ulf Hansson: "Re: [RFC PATCH v1 12/19] rtw88: sdio: Add HCI implementation for SDIO based chipsets"
Next in thread: Srinivas Kandagatla: "Re: [PATCH v2] nvmem: core: Fix race in nvmem_register()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]