Commit 95b1b9a1 authored by Sven Van Asbroeck's avatar Sven Van Asbroeck Committed by Greg Kroah-Hartman

power: supply: max14656: fix potential use-before-alloc

[ Upstream commit 0cd0e497 ]

Call order on probe():
- max14656_hw_init() enables interrupts on the chip
- devm_request_irq() starts processing interrupts, isr
  could be called immediately
-    isr: schedules delayed work (irq_work)
-    irq_work: calls power_supply_changed()
- devm_power_supply_register() registers the power supply

Depending on timing, it's possible that power_supply_changed()
is called on an unregistered power supply structure.

Fix by registering the power supply before requesting the irq.

Cc: Alexander Kurz <akurz@blala.de>
Signed-off-by: default avatarSven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: default avatarSebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 93e97bcf
...@@ -280,6 +280,13 @@ static int max14656_probe(struct i2c_client *client, ...@@ -280,6 +280,13 @@ static int max14656_probe(struct i2c_client *client,
INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker); INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker);
chip->detect_psy = devm_power_supply_register(dev,
&chip->psy_desc, &psy_cfg);
if (IS_ERR(chip->detect_psy)) {
dev_err(dev, "power_supply_register failed\n");
return -EINVAL;
}
ret = devm_request_irq(dev, chip->irq, max14656_irq, ret = devm_request_irq(dev, chip->irq, max14656_irq,
IRQF_TRIGGER_FALLING, IRQF_TRIGGER_FALLING,
MAX14656_NAME, chip); MAX14656_NAME, chip);
...@@ -289,13 +296,6 @@ static int max14656_probe(struct i2c_client *client, ...@@ -289,13 +296,6 @@ static int max14656_probe(struct i2c_client *client,
} }
enable_irq_wake(chip->irq); enable_irq_wake(chip->irq);
chip->detect_psy = devm_power_supply_register(dev,
&chip->psy_desc, &psy_cfg);
if (IS_ERR(chip->detect_psy)) {
dev_err(dev, "power_supply_register failed\n");
return -EINVAL;
}
schedule_delayed_work(&chip->irq_work, msecs_to_jiffies(2000)); schedule_delayed_work(&chip->irq_work, msecs_to_jiffies(2000));
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment