mirror of
https://github.com/torvalds/linux.git
synced 2024-12-27 05:11:48 +00:00
ac323d8d80
Fix NULL pointer dereference of "chip->pdata" if platform_data was not
supplied to the driver.
The driver during probe stored the pointer to the platform_data:
chip->pdata = client->dev.platform_data;
Later it was dereferenced in max17040_get_online() and
max17040_get_status().
If platform_data was not supplied, the NULL pointer exception would
happen:
[ 6.626094] Unable to handle kernel of a at virtual address 00000000
[ 6.628557] pgd = c0004000
[ 6.632868] [00000000] *pgd=66262564
[ 6.634636] Unable to handle kernel paging request at virtual address e6262000
[ 6.642014] pgd = de468000
[ 6.644700] [e6262000] *pgd=00000000
[ 6.648265] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 6.653552] Modules linked in:
[ 6.656598] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted 3.10.14-02717-gc58b4b4 #505
[ 6.664334] Workqueue: events max17040_work
[ 6.668488] task: dfa11b80 ti: df9f6000 task.ti: df9f6000
[ 6.673873] PC is at show_pte+0x80/0xb8
[ 6.677687] LR is at show_pte+0x3c/0xb8
[ 6.681503] pc : [<c001b7b8>] lr : [<c001b774>] psr: 600f0113
[ 6.681503] sp : df9f7d58 ip : 600f0113 fp : 00000009
[ 6.692965] r10: 00000000 r9 : 00000000 r8 : dfa11b80
[ 6.698171] r7 : df9f7ea0 r6 : e6262000 r5 : 00000000 r4 : 00000000
[ 6.704680] r3 : 00000000 r2 : e6262000 r1 : 600f0193 r0 : c05b3750
[ 6.711194] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
[ 6.718485] Control: 10c53c7d Table: 5e46806a DAC: 00000015
[ 6.724218] Process kworker/0:1 (pid: 31, stack limit = 0xdf9f6238)
[ 6.730465] Stack: (0xdf9f7d58 to 0xdf9f8000)
[ 6.914325] [<c001b7b8>] (show_pte+0x80/0xb8) from [<c047107c>] (__do_kernel_fault.part.9+0x44/0x74)
[ 6.923425] [<c047107c>] (__do_kernel_fault.part.9+0x44/0x74) from [<c001bb7c>] (do_page_fault+0x2c4/0x360)
[ 6.933144] [<c001bb7c>] (do_page_fault+0x2c4/0x360) from [<c0008400>] (do_DataAbort+0x34/0x9c)
[ 6.941825] [<c0008400>] (do_DataAbort+0x34/0x9c) from [<c000e5d8>] (__dabt_svc+0x38/0x60)
[ 6.950058] Exception stack(0xdf9f7ea0 to 0xdf9f7ee8)
[ 6.955099] 7ea0: df0c1790 00000000 00000002 00000000 df0c1794 df0c1790 df0c1790 00000042
[ 6.963271] 7ec0: df0c1794 00000001 00000000 00000009 00000000 df9f7ee8 c0306268 c0306270
[ 6.971419] 7ee0: a00f0113 ffffffff
[ 6.974902] [<c000e5d8>] (__dabt_svc+0x38/0x60) from [<c0306270>] (max17040_work+0x8c/0x144)
[ 6.983317] [<c0306270>] (max17040_work+0x8c/0x144) from [<c003f364>] (process_one_work+0x138/0x440)
[ 6.992429] [<c003f364>] (process_one_work+0x138/0x440) from [<c003fa64>] (worker_thread+0x134/0x3b8)
[ 7.001628] [<c003fa64>] (worker_thread+0x134/0x3b8) from [<c00454bc>] (kthread+0xa4/0xb0)
[ 7.009875] [<c00454bc>] (kthread+0xa4/0xb0) from [<c000eb28>] (ret_from_fork+0x14/0x2c)
[ 7.017943] Code: e1a03005 e2422480 e0826104 e59f002c (e7922104)
[ 7.024017] ---[ end trace 73bc7006b9cc5c79 ]---
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: c6f4a42de6
Cc: <stable@vger.kernel.org>
299 lines
6.9 KiB
C
299 lines
6.9 KiB
C
/*
|
|
* max17040_battery.c
|
|
* fuel-gauge systems for lithium-ion (Li+) batteries
|
|
*
|
|
* Copyright (C) 2009 Samsung Electronics
|
|
* Minkyu Kang <mk7.kang@samsung.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/init.h>
|
|
#include <linux/platform_device.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/err.h>
|
|
#include <linux/i2c.h>
|
|
#include <linux/delay.h>
|
|
#include <linux/power_supply.h>
|
|
#include <linux/max17040_battery.h>
|
|
#include <linux/slab.h>
|
|
|
|
#define MAX17040_VCELL_MSB 0x02
|
|
#define MAX17040_VCELL_LSB 0x03
|
|
#define MAX17040_SOC_MSB 0x04
|
|
#define MAX17040_SOC_LSB 0x05
|
|
#define MAX17040_MODE_MSB 0x06
|
|
#define MAX17040_MODE_LSB 0x07
|
|
#define MAX17040_VER_MSB 0x08
|
|
#define MAX17040_VER_LSB 0x09
|
|
#define MAX17040_RCOMP_MSB 0x0C
|
|
#define MAX17040_RCOMP_LSB 0x0D
|
|
#define MAX17040_CMD_MSB 0xFE
|
|
#define MAX17040_CMD_LSB 0xFF
|
|
|
|
#define MAX17040_DELAY 1000
|
|
#define MAX17040_BATTERY_FULL 95
|
|
|
|
struct max17040_chip {
|
|
struct i2c_client *client;
|
|
struct delayed_work work;
|
|
struct power_supply battery;
|
|
struct max17040_platform_data *pdata;
|
|
|
|
/* State Of Connect */
|
|
int online;
|
|
/* battery voltage */
|
|
int vcell;
|
|
/* battery capacity */
|
|
int soc;
|
|
/* State Of Charge */
|
|
int status;
|
|
};
|
|
|
|
static int max17040_get_property(struct power_supply *psy,
|
|
enum power_supply_property psp,
|
|
union power_supply_propval *val)
|
|
{
|
|
struct max17040_chip *chip = container_of(psy,
|
|
struct max17040_chip, battery);
|
|
|
|
switch (psp) {
|
|
case POWER_SUPPLY_PROP_STATUS:
|
|
val->intval = chip->status;
|
|
break;
|
|
case POWER_SUPPLY_PROP_ONLINE:
|
|
val->intval = chip->online;
|
|
break;
|
|
case POWER_SUPPLY_PROP_VOLTAGE_NOW:
|
|
val->intval = chip->vcell;
|
|
break;
|
|
case POWER_SUPPLY_PROP_CAPACITY:
|
|
val->intval = chip->soc;
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int max17040_write_reg(struct i2c_client *client, int reg, u8 value)
|
|
{
|
|
int ret;
|
|
|
|
ret = i2c_smbus_write_byte_data(client, reg, value);
|
|
|
|
if (ret < 0)
|
|
dev_err(&client->dev, "%s: err %d\n", __func__, ret);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int max17040_read_reg(struct i2c_client *client, int reg)
|
|
{
|
|
int ret;
|
|
|
|
ret = i2c_smbus_read_byte_data(client, reg);
|
|
|
|
if (ret < 0)
|
|
dev_err(&client->dev, "%s: err %d\n", __func__, ret);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void max17040_reset(struct i2c_client *client)
|
|
{
|
|
max17040_write_reg(client, MAX17040_CMD_MSB, 0x54);
|
|
max17040_write_reg(client, MAX17040_CMD_LSB, 0x00);
|
|
}
|
|
|
|
static void max17040_get_vcell(struct i2c_client *client)
|
|
{
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
u8 msb;
|
|
u8 lsb;
|
|
|
|
msb = max17040_read_reg(client, MAX17040_VCELL_MSB);
|
|
lsb = max17040_read_reg(client, MAX17040_VCELL_LSB);
|
|
|
|
chip->vcell = (msb << 4) + (lsb >> 4);
|
|
}
|
|
|
|
static void max17040_get_soc(struct i2c_client *client)
|
|
{
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
u8 msb;
|
|
u8 lsb;
|
|
|
|
msb = max17040_read_reg(client, MAX17040_SOC_MSB);
|
|
lsb = max17040_read_reg(client, MAX17040_SOC_LSB);
|
|
|
|
chip->soc = msb;
|
|
}
|
|
|
|
static void max17040_get_version(struct i2c_client *client)
|
|
{
|
|
u8 msb;
|
|
u8 lsb;
|
|
|
|
msb = max17040_read_reg(client, MAX17040_VER_MSB);
|
|
lsb = max17040_read_reg(client, MAX17040_VER_LSB);
|
|
|
|
dev_info(&client->dev, "MAX17040 Fuel-Gauge Ver %d%d\n", msb, lsb);
|
|
}
|
|
|
|
static void max17040_get_online(struct i2c_client *client)
|
|
{
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
|
|
if (chip->pdata && chip->pdata->battery_online)
|
|
chip->online = chip->pdata->battery_online();
|
|
else
|
|
chip->online = 1;
|
|
}
|
|
|
|
static void max17040_get_status(struct i2c_client *client)
|
|
{
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
|
|
if (!chip->pdata || !chip->pdata->charger_online
|
|
|| !chip->pdata->charger_enable) {
|
|
chip->status = POWER_SUPPLY_STATUS_UNKNOWN;
|
|
return;
|
|
}
|
|
|
|
if (chip->pdata->charger_online()) {
|
|
if (chip->pdata->charger_enable())
|
|
chip->status = POWER_SUPPLY_STATUS_CHARGING;
|
|
else
|
|
chip->status = POWER_SUPPLY_STATUS_NOT_CHARGING;
|
|
} else {
|
|
chip->status = POWER_SUPPLY_STATUS_DISCHARGING;
|
|
}
|
|
|
|
if (chip->soc > MAX17040_BATTERY_FULL)
|
|
chip->status = POWER_SUPPLY_STATUS_FULL;
|
|
}
|
|
|
|
static void max17040_work(struct work_struct *work)
|
|
{
|
|
struct max17040_chip *chip;
|
|
|
|
chip = container_of(work, struct max17040_chip, work.work);
|
|
|
|
max17040_get_vcell(chip->client);
|
|
max17040_get_soc(chip->client);
|
|
max17040_get_online(chip->client);
|
|
max17040_get_status(chip->client);
|
|
|
|
schedule_delayed_work(&chip->work, MAX17040_DELAY);
|
|
}
|
|
|
|
static enum power_supply_property max17040_battery_props[] = {
|
|
POWER_SUPPLY_PROP_STATUS,
|
|
POWER_SUPPLY_PROP_ONLINE,
|
|
POWER_SUPPLY_PROP_VOLTAGE_NOW,
|
|
POWER_SUPPLY_PROP_CAPACITY,
|
|
};
|
|
|
|
static int max17040_probe(struct i2c_client *client,
|
|
const struct i2c_device_id *id)
|
|
{
|
|
struct i2c_adapter *adapter = to_i2c_adapter(client->dev.parent);
|
|
struct max17040_chip *chip;
|
|
int ret;
|
|
|
|
if (!i2c_check_functionality(adapter, I2C_FUNC_SMBUS_BYTE))
|
|
return -EIO;
|
|
|
|
chip = devm_kzalloc(&client->dev, sizeof(*chip), GFP_KERNEL);
|
|
if (!chip)
|
|
return -ENOMEM;
|
|
|
|
chip->client = client;
|
|
chip->pdata = client->dev.platform_data;
|
|
|
|
i2c_set_clientdata(client, chip);
|
|
|
|
chip->battery.name = "battery";
|
|
chip->battery.type = POWER_SUPPLY_TYPE_BATTERY;
|
|
chip->battery.get_property = max17040_get_property;
|
|
chip->battery.properties = max17040_battery_props;
|
|
chip->battery.num_properties = ARRAY_SIZE(max17040_battery_props);
|
|
|
|
ret = power_supply_register(&client->dev, &chip->battery);
|
|
if (ret) {
|
|
dev_err(&client->dev, "failed: power supply register\n");
|
|
return ret;
|
|
}
|
|
|
|
max17040_reset(client);
|
|
max17040_get_version(client);
|
|
|
|
INIT_DEFERRABLE_WORK(&chip->work, max17040_work);
|
|
schedule_delayed_work(&chip->work, MAX17040_DELAY);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int max17040_remove(struct i2c_client *client)
|
|
{
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
|
|
power_supply_unregister(&chip->battery);
|
|
cancel_delayed_work(&chip->work);
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_PM_SLEEP
|
|
|
|
static int max17040_suspend(struct device *dev)
|
|
{
|
|
struct i2c_client *client = to_i2c_client(dev);
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
|
|
cancel_delayed_work(&chip->work);
|
|
return 0;
|
|
}
|
|
|
|
static int max17040_resume(struct device *dev)
|
|
{
|
|
struct i2c_client *client = to_i2c_client(dev);
|
|
struct max17040_chip *chip = i2c_get_clientdata(client);
|
|
|
|
schedule_delayed_work(&chip->work, MAX17040_DELAY);
|
|
return 0;
|
|
}
|
|
|
|
static SIMPLE_DEV_PM_OPS(max17040_pm_ops, max17040_suspend, max17040_resume);
|
|
#define MAX17040_PM_OPS (&max17040_pm_ops)
|
|
|
|
#else
|
|
|
|
#define MAX17040_PM_OPS NULL
|
|
|
|
#endif /* CONFIG_PM_SLEEP */
|
|
|
|
static const struct i2c_device_id max17040_id[] = {
|
|
{ "max17040", 0 },
|
|
{ }
|
|
};
|
|
MODULE_DEVICE_TABLE(i2c, max17040_id);
|
|
|
|
static struct i2c_driver max17040_i2c_driver = {
|
|
.driver = {
|
|
.name = "max17040",
|
|
.pm = MAX17040_PM_OPS,
|
|
},
|
|
.probe = max17040_probe,
|
|
.remove = max17040_remove,
|
|
.id_table = max17040_id,
|
|
};
|
|
module_i2c_driver(max17040_i2c_driver);
|
|
|
|
MODULE_AUTHOR("Minkyu Kang <mk7.kang@samsung.com>");
|
|
MODULE_DESCRIPTION("MAX17040 Fuel Gauge");
|
|
MODULE_LICENSE("GPL");
|