This is a note to let you know that I've just added the patch titled rtc: check if __rtc_read_time was successful in rtc_timer_do_work() to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 97342e14668da2ae625acb2bbd8ba7ba937ed6e5 Author: Yongliang Gao <leonylgao@xxxxxxxxxxx> Date: Fri Oct 11 12:31:53 2024 +0800 rtc: check if __rtc_read_time was successful in rtc_timer_do_work() [ Upstream commit e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d ] If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup. Fixes: 6610e0893b8b ("RTC: Rework RTC code to use timerqueue for events") Signed-off-by: Yongliang Gao <leonylgao@xxxxxxxxxxx> Acked-by: Jingqun Li <jingqunli@xxxxxxxxxxx> Link: https://lore.kernel.org/r/20241011043153.3788112-1-leonylgao@xxxxxxxxx Signed-off-by: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c index 29c12947e73fc..7c62b13077627 100644 --- a/drivers/rtc/interface.c +++ b/drivers/rtc/interface.c @@ -893,13 +893,18 @@ void rtc_timer_do_work(struct work_struct *work) struct timerqueue_node *next; ktime_t now; struct rtc_time tm; + int err; struct rtc_device *rtc = container_of(work, struct rtc_device, irqwork); mutex_lock(&rtc->ops_lock); again: - __rtc_read_time(rtc, &tm); + err = __rtc_read_time(rtc, &tm); + if (err) { + mutex_unlock(&rtc->ops_lock); + return; + } now = rtc_tm_to_ktime(tm); while ((next = timerqueue_getnext(&rtc->timerqueue))) { if (next->expires > now)