regmap: irq: Set data pointer only on regmap_add_irq_chip success

After setting the 'data' pointer (wchich is returned to the caller for
freeing later) the regmap_add_irq_chip() could still fail for various
reasons (ENOMEM, regmap_read or regmap_write failure). In such case the
memory under 'data' was freed in error path and error value was returned
but the 'data' variable was not changed.

This could lead to errors if the caller passed such 'data' to
regmap_del_irq_chip().

The 'data' pointer should be changed atomically from the caller
perspective - set it only on regmap_add_irq_chip() success.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Mark Brown <broonie@linaro.org>

diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index 52ce0c1..edf88f2 100644 (file)
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -368,8 +368,6 @@ int regmap_add_irq_chip(struct regmap *map, int irq, int irq_flags,
        if (!d)
                return -ENOMEM;
 
-       *data = d;
-
        d->status_buf = kzalloc(sizeof(unsigned int) * chip->num_regs,
                                GFP_KERNEL);
        if (!d->status_buf)
@@ -506,6 +504,8 @@ int regmap_add_irq_chip(struct regmap *map, int irq, int irq_flags,
                goto err_domain;
        }
 
+       *data = d;
+
        return 0;
 
 err_domain: