mfd: Remove software node conditionally and locate at right place

Currently the software node is removed in error case and at ->remove()
stage unconditionally, that ruins the symmetry. Besides, in some cases,
when mfd_add_device() fails, the device_remove_software_node() call
may lead to NULL pointer dereference:

  BUG: kernel NULL pointer dereference, address: 00000000
  ...
  EIP: strlen+0x12/0x20
  ...
  kernfs_name_hash+0x13/0x70
  kernfs_find_ns+0x32/0xc0
  kernfs_remove_by_name_ns+0x2a/0x90
  sysfs_remove_link+0x16/0x30
  software_node_notify.cold+0x34/0x6b
  device_remove_software_node+0x5a/0x90
  mfd_add_device.cold+0x30a/0x427

Fix all these by guarding device_remove_software_node() with a conditional
and locating it at the right place.

Fixes: 42e59982917a ("mfd: core: Add support for software nodes")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>

diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c
index 6f02b8022c6d58a0c305dd90557fe5ee75c641f8..79f5c6a18815a9ee9ea22948416afbbe0f521587 100644 (file)
--- a/drivers/mfd/mfd-core.c
+++ b/drivers/mfd/mfd-core.c
@@ -266,18 +266,18 @@ static int mfd_add_device(struct device *parent, int id,
                        if (has_acpi_companion(&pdev->dev)) {
                                ret = acpi_check_resource_conflict(&res[r]);
                                if (ret)
-                                       goto fail_of_entry;
+                                       goto fail_res_conflict;
                        }
                }
        }
 
        ret = platform_device_add_resources(pdev, res, cell->num_resources);
        if (ret)
-               goto fail_of_entry;
+               goto fail_res_conflict;
 
        ret = platform_device_add(pdev);
        if (ret)
-               goto fail_of_entry;
+               goto fail_res_conflict;
 
        if (cell->pm_runtime_no_callbacks)
                pm_runtime_no_callbacks(&pdev->dev);
@@ -286,13 +286,15 @@ static int mfd_add_device(struct device *parent, int id,
 
        return 0;
 
+fail_res_conflict:
+       if (cell->swnode)
+               device_remove_software_node(&pdev->dev);
 fail_of_entry:
        list_for_each_entry_safe(of_entry, tmp, &mfd_of_node_list, list)
                if (of_entry->dev == &pdev->dev) {
                        list_del(&of_entry->list);
                        kfree(of_entry);
                }
-       device_remove_software_node(&pdev->dev);
 fail_alias:
        regulator_bulk_unregister_supply_alias(&pdev->dev,
                                               cell->parent_supplies,
@@ -358,11 +360,12 @@ static int mfd_remove_devices_fn(struct device *dev, void *data)
        if (level && cell->level > *level)
                return 0;
 
+       if (cell->swnode)
+               device_remove_software_node(&pdev->dev);
+
        regulator_bulk_unregister_supply_alias(dev, cell->parent_supplies,
                                               cell->num_parent_supplies);
 
-       device_remove_software_node(&pdev->dev);
-
        platform_device_unregister(pdev);
        return 0;
 }