drivers/rtc/rtc-pl031.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
From: Ali Pouladi <quic_apouladi@quicinc.com>
When there is no interrupt line, rtc alarm feature is disabled.
The clearing of the alarm feature bit was being done prior to allocations
of ldata->rtc device, resulting in a null pointer dereference.
Clear RTC_FEATURE_ALARM after the rtc device is allocated.
Fixes: d9b0dd54a194 ("rtc: pl031: use RTC_FEATURE_ALARM")
Cc: stable@vger.kernel.org
Signed-off-by: Ali Pouladi <quic_apouladi@quicinc.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
---
drivers/rtc/rtc-pl031.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/rtc/rtc-pl031.c b/drivers/rtc/rtc-pl031.c
index e38ee8848385..bad6a5d9c683 100644
--- a/drivers/rtc/rtc-pl031.c
+++ b/drivers/rtc/rtc-pl031.c
@@ -350,9 +350,6 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id)
}
}
- if (!adev->irq[0])
- clear_bit(RTC_FEATURE_ALARM, ldata->rtc->features);
-
device_init_wakeup(&adev->dev, true);
ldata->rtc = devm_rtc_allocate_device(&adev->dev);
if (IS_ERR(ldata->rtc)) {
@@ -360,6 +357,9 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id)
goto out;
}
+ if (!adev->irq[0])
+ clear_bit(RTC_FEATURE_ALARM, ldata->rtc->features);
+
ldata->rtc->ops = ops;
ldata->rtc->range_min = vendor->range_min;
ldata->rtc->range_max = vendor->range_max;
--
2.25.1
On Fri, 25 Feb 2022 08:19:24 -0800, Elliot Berman wrote:
> From: Ali Pouladi <quic_apouladi@quicinc.com>
>
> When there is no interrupt line, rtc alarm feature is disabled.
>
> The clearing of the alarm feature bit was being done prior to allocations
> of ldata->rtc device, resulting in a null pointer dereference.
>
> [...]
Applied, thanks!
[1/1] rtc: pl031: fix rtc features null pointer dereference
commit: 75445c15916421993d47c338a17d49f3449b516f
Best regards,
--
Alexandre Belloni <alexandre.belloni@bootlin.com>
© 2016 - 2026 Red Hat, Inc.