The IRQ is requested before the struct rtc is allocated and registered, but
this struct is used in the IRQ handler. This may lead to a NULL pointer
dereference.
Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
struct before requesting the IRQ.
Signed-off-by: Alexandre Belloni <alexandre.bell...@bootlin.com>
---
drivers/rtc/rtc-sh.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/rtc/rtc-sh.c b/drivers/rtc/rtc-sh.c
index f4ac9ec8fbb6..b582af10ddb5 100644
--- a/drivers/rtc/rtc-sh.c
+++ b/drivers/rtc/rtc-sh.c
@@ -531,6 +531,10 @@ static int __init sh_rtc_probe(struct platform_device
*pdev)
rtc->clk = NULL;
}
+ rtc->rtc_dev = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(rtc->rtc_dev))
+ return PTR_ERR(rtc->rtc_dev);
+
clk_enable(rtc->clk);
rtc->capabilities = RTC_DEF_CAPABILITIES;
@@ -594,15 +598,13 @@ static int __init sh_rtc_probe(struct platform_device
*pdev)
sh_rtc_setaie(&pdev->dev, 0);
sh_rtc_setcie(&pdev->dev, 0);
- rtc->rtc_dev = devm_rtc_device_register(&pdev->dev, "sh",
- &sh_rtc_ops, THIS_MODULE);
- if (IS_ERR(rtc->rtc_dev)) {
- ret = PTR_ERR(rtc->rtc_dev);
- goto err_unmap;
- }
-
+ rtc->rtc_dev->ops = &sh_rtc_ops;
rtc->rtc_dev->max_user_freq = 256;
+ ret = rtc_register_device(rtc->rtc_dev);
+ if (ret)
+ goto err_unmap;
+
device_init_wakeup(&pdev->dev, 1);
return 0;
--
2.20.1
