linux-hardened/drivers/rtc/rtc-rp5c01.c
John Stultz 130107b270 rtc: rp5c01: Initialize drvdata before registering device
Commit f44f7f96a2 ("RTC: Initialize kernel state from RTC") uncovered
an issue in a number of RTC drivers, where the drivers call
rtc_device_register before initializing the device or platform drvdata.

This frequently results in null pointer dereferences when the
rtc_device_register immediately makes use of the rtc device, calling
rtc_read_alarm.

The solution is to ensure the drvdata is initialized prior to registering
the rtc device.

CC: Wolfram Sang <w.sang@pengutronix.de>
CC: Alessandro Zummo <a.zummo@towertech.it>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: rtc-linux@googlegroups.com
Signed-off-by: John Stultz <john.stultz@linaro.org>
2011-05-06 18:02:05 -07:00

313 lines
8.5 KiB
C

/*
* Ricoh RP5C01 RTC Driver
*
* Copyright 2009 Geert Uytterhoeven
*
* Based on the A3000 TOD code in arch/m68k/amiga/config.c
* Copyright (C) 1993 Hamish Macdonald
*/
#include <linux/io.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/platform_device.h>
#include <linux/rtc.h>
#include <linux/slab.h>
enum {
RP5C01_1_SECOND = 0x0, /* MODE 00 */
RP5C01_10_SECOND = 0x1, /* MODE 00 */
RP5C01_1_MINUTE = 0x2, /* MODE 00 and MODE 01 */
RP5C01_10_MINUTE = 0x3, /* MODE 00 and MODE 01 */
RP5C01_1_HOUR = 0x4, /* MODE 00 and MODE 01 */
RP5C01_10_HOUR = 0x5, /* MODE 00 and MODE 01 */
RP5C01_DAY_OF_WEEK = 0x6, /* MODE 00 and MODE 01 */
RP5C01_1_DAY = 0x7, /* MODE 00 and MODE 01 */
RP5C01_10_DAY = 0x8, /* MODE 00 and MODE 01 */
RP5C01_1_MONTH = 0x9, /* MODE 00 */
RP5C01_10_MONTH = 0xa, /* MODE 00 */
RP5C01_1_YEAR = 0xb, /* MODE 00 */
RP5C01_10_YEAR = 0xc, /* MODE 00 */
RP5C01_12_24_SELECT = 0xa, /* MODE 01 */
RP5C01_LEAP_YEAR = 0xb, /* MODE 01 */
RP5C01_MODE = 0xd, /* all modes */
RP5C01_TEST = 0xe, /* all modes */
RP5C01_RESET = 0xf, /* all modes */
};
#define RP5C01_12_24_SELECT_12 (0 << 0)
#define RP5C01_12_24_SELECT_24 (1 << 0)
#define RP5C01_10_HOUR_AM (0 << 1)
#define RP5C01_10_HOUR_PM (1 << 1)
#define RP5C01_MODE_TIMER_EN (1 << 3) /* timer enable */
#define RP5C01_MODE_ALARM_EN (1 << 2) /* alarm enable */
#define RP5C01_MODE_MODE_MASK (3 << 0)
#define RP5C01_MODE_MODE00 (0 << 0) /* time */
#define RP5C01_MODE_MODE01 (1 << 0) /* alarm, 12h/24h, leap year */
#define RP5C01_MODE_RAM_BLOCK10 (2 << 0) /* RAM 4 bits x 13 */
#define RP5C01_MODE_RAM_BLOCK11 (3 << 0) /* RAM 4 bits x 13 */
#define RP5C01_RESET_1HZ_PULSE (1 << 3)
#define RP5C01_RESET_16HZ_PULSE (1 << 2)
#define RP5C01_RESET_SECOND (1 << 1) /* reset divider stages for */
/* seconds or smaller units */
#define RP5C01_RESET_ALARM (1 << 0) /* reset all alarm registers */
struct rp5c01_priv {
u32 __iomem *regs;
struct rtc_device *rtc;
spinlock_t lock; /* against concurrent RTC/NVRAM access */
struct bin_attribute nvram_attr;
};
static inline unsigned int rp5c01_read(struct rp5c01_priv *priv,
unsigned int reg)
{
return __raw_readl(&priv->regs[reg]) & 0xf;
}
static inline void rp5c01_write(struct rp5c01_priv *priv, unsigned int val,
unsigned int reg)
{
__raw_writel(val, &priv->regs[reg]);
}
static void rp5c01_lock(struct rp5c01_priv *priv)
{
rp5c01_write(priv, RP5C01_MODE_MODE00, RP5C01_MODE);
}
static void rp5c01_unlock(struct rp5c01_priv *priv)
{
rp5c01_write(priv, RP5C01_MODE_TIMER_EN | RP5C01_MODE_MODE01,
RP5C01_MODE);
}
static int rp5c01_read_time(struct device *dev, struct rtc_time *tm)
{
struct rp5c01_priv *priv = dev_get_drvdata(dev);
spin_lock_irq(&priv->lock);
rp5c01_lock(priv);
tm->tm_sec = rp5c01_read(priv, RP5C01_10_SECOND) * 10 +
rp5c01_read(priv, RP5C01_1_SECOND);
tm->tm_min = rp5c01_read(priv, RP5C01_10_MINUTE) * 10 +
rp5c01_read(priv, RP5C01_1_MINUTE);
tm->tm_hour = rp5c01_read(priv, RP5C01_10_HOUR) * 10 +
rp5c01_read(priv, RP5C01_1_HOUR);
tm->tm_mday = rp5c01_read(priv, RP5C01_10_DAY) * 10 +
rp5c01_read(priv, RP5C01_1_DAY);
tm->tm_wday = rp5c01_read(priv, RP5C01_DAY_OF_WEEK);
tm->tm_mon = rp5c01_read(priv, RP5C01_10_MONTH) * 10 +
rp5c01_read(priv, RP5C01_1_MONTH) - 1;
tm->tm_year = rp5c01_read(priv, RP5C01_10_YEAR) * 10 +
rp5c01_read(priv, RP5C01_1_YEAR);
if (tm->tm_year <= 69)
tm->tm_year += 100;
rp5c01_unlock(priv);
spin_unlock_irq(&priv->lock);
return rtc_valid_tm(tm);
}
static int rp5c01_set_time(struct device *dev, struct rtc_time *tm)
{
struct rp5c01_priv *priv = dev_get_drvdata(dev);
spin_lock_irq(&priv->lock);
rp5c01_lock(priv);
rp5c01_write(priv, tm->tm_sec / 10, RP5C01_10_SECOND);
rp5c01_write(priv, tm->tm_sec % 10, RP5C01_1_SECOND);
rp5c01_write(priv, tm->tm_min / 10, RP5C01_10_MINUTE);
rp5c01_write(priv, tm->tm_min % 10, RP5C01_1_MINUTE);
rp5c01_write(priv, tm->tm_hour / 10, RP5C01_10_HOUR);
rp5c01_write(priv, tm->tm_hour % 10, RP5C01_1_HOUR);
rp5c01_write(priv, tm->tm_mday / 10, RP5C01_10_DAY);
rp5c01_write(priv, tm->tm_mday % 10, RP5C01_1_DAY);
if (tm->tm_wday != -1)
rp5c01_write(priv, tm->tm_wday, RP5C01_DAY_OF_WEEK);
rp5c01_write(priv, (tm->tm_mon + 1) / 10, RP5C01_10_MONTH);
rp5c01_write(priv, (tm->tm_mon + 1) % 10, RP5C01_1_MONTH);
if (tm->tm_year >= 100)
tm->tm_year -= 100;
rp5c01_write(priv, tm->tm_year / 10, RP5C01_10_YEAR);
rp5c01_write(priv, tm->tm_year % 10, RP5C01_1_YEAR);
rp5c01_unlock(priv);
spin_unlock_irq(&priv->lock);
return 0;
}
static const struct rtc_class_ops rp5c01_rtc_ops = {
.read_time = rp5c01_read_time,
.set_time = rp5c01_set_time,
};
/*
* The NVRAM is organized as 2 blocks of 13 nibbles of 4 bits.
* We provide access to them like AmigaOS does: the high nibble of each 8-bit
* byte is stored in BLOCK10, the low nibble in BLOCK11.
*/
static ssize_t rp5c01_nvram_read(struct file *filp, struct kobject *kobj,
struct bin_attribute *bin_attr,
char *buf, loff_t pos, size_t size)
{
struct device *dev = container_of(kobj, struct device, kobj);
struct rp5c01_priv *priv = dev_get_drvdata(dev);
ssize_t count;
spin_lock_irq(&priv->lock);
for (count = 0; size > 0 && pos < RP5C01_MODE; count++, size--) {
u8 data;
rp5c01_write(priv,
RP5C01_MODE_TIMER_EN | RP5C01_MODE_RAM_BLOCK10,
RP5C01_MODE);
data = rp5c01_read(priv, pos) << 4;
rp5c01_write(priv,
RP5C01_MODE_TIMER_EN | RP5C01_MODE_RAM_BLOCK11,
RP5C01_MODE);
data |= rp5c01_read(priv, pos++);
rp5c01_write(priv, RP5C01_MODE_TIMER_EN | RP5C01_MODE_MODE01,
RP5C01_MODE);
*buf++ = data;
}
spin_unlock_irq(&priv->lock);
return count;
}
static ssize_t rp5c01_nvram_write(struct file *filp, struct kobject *kobj,
struct bin_attribute *bin_attr,
char *buf, loff_t pos, size_t size)
{
struct device *dev = container_of(kobj, struct device, kobj);
struct rp5c01_priv *priv = dev_get_drvdata(dev);
ssize_t count;
spin_lock_irq(&priv->lock);
for (count = 0; size > 0 && pos < RP5C01_MODE; count++, size--) {
u8 data = *buf++;
rp5c01_write(priv,
RP5C01_MODE_TIMER_EN | RP5C01_MODE_RAM_BLOCK10,
RP5C01_MODE);
rp5c01_write(priv, data >> 4, pos);
rp5c01_write(priv,
RP5C01_MODE_TIMER_EN | RP5C01_MODE_RAM_BLOCK11,
RP5C01_MODE);
rp5c01_write(priv, data & 0xf, pos++);
rp5c01_write(priv, RP5C01_MODE_TIMER_EN | RP5C01_MODE_MODE01,
RP5C01_MODE);
}
spin_unlock_irq(&priv->lock);
return count;
}
static int __init rp5c01_rtc_probe(struct platform_device *dev)
{
struct resource *res;
struct rp5c01_priv *priv;
struct rtc_device *rtc;
int error;
res = platform_get_resource(dev, IORESOURCE_MEM, 0);
if (!res)
return -ENODEV;
priv = kzalloc(sizeof(*priv), GFP_KERNEL);
if (!priv)
return -ENOMEM;
priv->regs = ioremap(res->start, resource_size(res));
if (!priv->regs) {
error = -ENOMEM;
goto out_free_priv;
}
sysfs_bin_attr_init(&priv->nvram_attr);
priv->nvram_attr.attr.name = "nvram";
priv->nvram_attr.attr.mode = S_IRUGO | S_IWUSR;
priv->nvram_attr.read = rp5c01_nvram_read;
priv->nvram_attr.write = rp5c01_nvram_write;
priv->nvram_attr.size = RP5C01_MODE;
spin_lock_init(&priv->lock);
platform_set_drvdata(dev, priv);
rtc = rtc_device_register("rtc-rp5c01", &dev->dev, &rp5c01_rtc_ops,
THIS_MODULE);
if (IS_ERR(rtc)) {
error = PTR_ERR(rtc);
goto out_unmap;
}
priv->rtc = rtc;
error = sysfs_create_bin_file(&dev->dev.kobj, &priv->nvram_attr);
if (error)
goto out_unregister;
return 0;
out_unregister:
rtc_device_unregister(rtc);
out_unmap:
platform_set_drvdata(dev, NULL);
iounmap(priv->regs);
out_free_priv:
kfree(priv);
return error;
}
static int __exit rp5c01_rtc_remove(struct platform_device *dev)
{
struct rp5c01_priv *priv = platform_get_drvdata(dev);
sysfs_remove_bin_file(&dev->dev.kobj, &priv->nvram_attr);
rtc_device_unregister(priv->rtc);
iounmap(priv->regs);
kfree(priv);
return 0;
}
static struct platform_driver rp5c01_rtc_driver = {
.driver = {
.name = "rtc-rp5c01",
.owner = THIS_MODULE,
},
.remove = __exit_p(rp5c01_rtc_remove),
};
static int __init rp5c01_rtc_init(void)
{
return platform_driver_probe(&rp5c01_rtc_driver, rp5c01_rtc_probe);
}
static void __exit rp5c01_rtc_fini(void)
{
platform_driver_unregister(&rp5c01_rtc_driver);
}
module_init(rp5c01_rtc_init);
module_exit(rp5c01_rtc_fini);
MODULE_AUTHOR("Geert Uytterhoeven <geert@linux-m68k.org>");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Ricoh RP5C01 RTC driver");
MODULE_ALIAS("platform:rtc-rp5c01");