leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cdaf3e1538
linux/drivers
History
Krzysztof Kozlowski cdaf3e1538 power: charger-manager: Fix accessing invalidated power supply after charger unbind 
The charger manager obtained in probe references to power supplies for
all chargers with power_supply_get_by_name() for later usage. However
if such charger driver was removed then this reference would point to
old power supply (from driver which was removed).

This lead to accessing invalid memory which could be observed with:
$ echo "max77693-charger" > /sys/bus/platform/drivers/max77693-charger/unbind
$ grep . /sys/devices/virtual/power_supply/battery/charger.0/*
$ grep . /sys/devices/virtual/power_supply/battery/*
[   15.339817] Unable to handle kernel paging request at virtual address 0001c12c
[   15.346187] pgd = edd08000
[   15.348814] [0001c12c] *pgd=6dce2831, *pte=00000000, *ppte=00000000
[   15.355075] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
[   15.360967] Modules linked in:
[   15.364010] CPU: 2 PID: 1388 Comm: grep Not tainted 3.17.0-next-20141007-00027-ga95e761db1b0 #245
[   15.372859] task: ee03ad00 ti: edcf6000 task.ti: edcf6000
[   15.378241] PC is at 0x1c12c
[   15.381113] LR is at is_ext_pwr_online+0x30/0x6c
[   15.385706] pc : [<0001c12c>]    lr : [<c0339fc4>]    psr: a0000013
[   15.385706] sp : edcf7e88  ip : 00000000  fp : 00000000
[   15.397161] r10: eeb02c08  r9 : c04b1f84  r8 : eeb02c00
[   15.402369] r7 : edc69a10  r6 : eea6ac10  r5 : eea6ac10  r4 : 00000004
[   15.408878] r3 : 0001c12c  r2 : edcf7e8c  r1 : 00000004  r0 : ee914418
[   15.415390] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   15.422506] Control: 10c5387d  Table: 6dd0804a  DAC: 00000015
[   15.428236] Process grep (pid: 1388, stack limit = 0xedcf6240)
[   15.434050] Stack: (0xedcf7e88 to 0xedcf8000)
[   15.438395] 7e80:                   ee03ad00 00000000 edcf7f80 eea6aca8 edcf7ec4 c033b7b0
[   15.446554] 7ea0: 00000001 ee1cc3f0 00000004 c06e1e44 eebdc000 c06e1e44 eeb02c00 c0337144
[   15.454713] 7ec0: ee2dac68 c005cffc ee1cc3c0 c06e1e44 00000fff 00001000 eebdc000 c0278ca8
[   15.462872] 7ee0: c0278c8c ee1cc3c0 eeb7ce00 c014422c edcf7f20 00008000 ee1cc3c0 ee9a48c0
[   15.471030] 7f00: 00000001 00000001 edcf7f80 c0142d94 c0142d70 c01060f4 00021000 ee1cc3f0
[   15.479190] 7f20: 00000000 00000000 c06a2150 eebdc000 2e7ec000 ee9a48c0 00008000 00021000
[   15.487349] 7f40: edcf7f80 00008000 edcf6000 00021000 00021000 c00e39a4 00000000 ee9a48c0
[   15.495508] 7f60: 00004000 00000000 00000000 ee9a48c0 ee9a48c0 00008000 00021000 c00e3aa0
[   15.503668] 7f80: 00000000 00000000 0001f2e0 0001f2e0 00021000 00001000 00000003 c000f364
[   15.511826] 7fa0: 00000000 c000f1a0 0001f2e0 00021000 00000003 00021000 00008000 00000000
[   15.519986] 7fc0: 0001f2e0 00021000 00001000 00000003 00000001 000205e8 00000000 00021000
[   15.528145] 7fe0: 00008000 bebbe910 0000a7ad b6edc49c 60000010 00000003 aaaaaaaa aaaaaaaa
[   15.536320] [<c0339fc4>] (is_ext_pwr_online) from [<c033b7b0>] (charger_get_property+0x170/0x314)
[   15.545164] [<c033b7b0>] (charger_get_property) from [<c0337144>] (power_supply_show_property+0x48/0x20c)
[   15.554719] [<c0337144>] (power_supply_show_property) from [<c0278ca8>] (dev_attr_show+0x1c/0x48)
[   15.563577] [<c0278ca8>] (dev_attr_show) from [<c014422c>] (sysfs_kf_seq_show+0x84/0x104)
[   15.571725] [<c014422c>] (sysfs_kf_seq_show) from [<c0142d94>] (kernfs_seq_show+0x24/0x28)
[   15.579973] [<c0142d94>] (kernfs_seq_show) from [<c01060f4>] (seq_read+0x1b0/0x484)
[   15.587614] [<c01060f4>] (seq_read) from [<c00e39a4>] (vfs_read+0x88/0x144)
[   15.594552] [<c00e39a4>] (vfs_read) from [<c00e3aa0>] (SyS_read+0x40/0x8c)
[   15.601417] [<c00e3aa0>] (SyS_read) from [<c000f1a0>] (ret_fast_syscall+0x0/0x48)
[   15.608877] Code: bad PC value
[   15.611991] ---[ end trace a88fcc95208db283 ]---

The charger-manager should get reference to charger power supply on
each use of get_property callback.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Cc: <stable@vger.kernel.org>
Fixes: 3bb3dbbd56 ("power_supply: Add initial Charger-Manager driver")
Signed-off-by: Sebastian Reichel <sre@kernel.org>
2014-10-28 03:30:21 +01:00
..
accessibility
acpi Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-08-29 17:22:27 -07:00
amba
ata libata: widen Crucial M550 blacklist matching 2014-08-18 17:40:09 -04:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-13 18:27:40 -06:00
auxdisplay
base Merge remote-tracking branches 'regmap/fix/cache', 'regmap/fix/debugfs' and 'regmap/fix/volatile' into regmap-linus 2014-08-31 13:23:45 +01:00
bcma bcma: use NS prefix for names of Northstar specific cores 2014-07-31 13:45:32 -04:00
block Merge branch 'akpm' (fixes from Andrew Morton) 2014-08-29 16:28:29 -07:00
bluetooth Bluetooth: Fix crash in the Marvell driver initialization codepath 2014-07-31 01:07:28 +02:00
bus bus: arm-ccn: Fix warning message 2014-08-24 11:28:30 -07:00
cdrom
char virtio: rng: add derating factor for use by hwrng core 2014-08-15 10:26:01 +05:30
clk ARM: SoC platform changes for 3.17 2014-08-08 11:14:29 -07:00
clocksource ARM: SoC platform changes for 3.17 2014-08-08 11:14:29 -07:00
connector
cpufreq cpufreq: s5pv210: Remove spurious __init annotation 2014-08-28 01:30:55 +02:00
cpuidle ARM: 8130/1: cpuidle/cpuidle-big_little: fix reading cpu id part number 2014-08-27 15:40:45 +01:00
crypto PCI changes for the v3.17 merge window (part 2): 2014-08-14 18:10:33 -06:00
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-08-11 07:14:01 -07:00
dma-buf dma-buf/fence: Fix a kerneldoc warning 2014-08-28 11:59:09 +05:30
edac Merge branch 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac 2014-08-15 17:56:45 -06:00
eisa
extcon
firewire Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-08-06 09:38:14 -07:00
firmware firmware: Do not use WARN_ON(!spin_is_locked()) 2014-08-22 08:45:40 +01:00
fmc
gpio gpio: bt8xx: fix release of managed resources 2014-08-29 14:31:43 +02:00
gpu Merge branch 'linux-3.17' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes 2014-09-05 09:27:33 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2014-08-27 09:38:06 -07:00
hsi HSI changes for the v3.17 series 2014-08-06 20:06:14 -07:00
hv Char / Misc driver patches for 3.17-rc1 2014-08-04 17:32:24 -07:00
hwmon hwmon: (ds1621) Update zbits after conversion rate change 2014-08-28 11:18:47 -07:00
hwspinlock hwspinlock: enable OMAP build for AM33xx, AM43xx & DRA7xx 2014-07-29 11:46:28 +03:00
i2c Revert "i2c: rcar: remove spinlock" 2014-09-04 19:59:42 +02:00
ide ide: use module_platform_driver() 2014-08-05 21:16:46 -07:00
idle intel_idle: Broadwell support 2014-08-15 17:06:40 -04:00
iio Staging driver patches for 3.17-rc1 2014-08-04 18:36:12 -07:00
infiniband PCI changes for the v3.17 merge window (part 2): 2014-08-14 18:10:33 -06:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2014-09-03 17:26:12 -07:00
iommu iommu/core: Check for the right function pointer in iommu_map() 2014-08-19 00:19:26 +02:00
ipack
irqchip ARM: SoC platform changes for 3.17 2014-08-08 11:14:29 -07:00
isdn drivers: isdn: eicon: xdi_msg.h: Fix typo in #ifndef 2014-08-22 11:31:30 -07:00
leds Revert "leds: convert blink timer to workqueue" 2014-09-02 10:02:13 -07:00
lguest mm/vmalloc.c: clean up map_vm_area third argument 2014-08-06 18:01:19 -07:00
macintosh == Changes to existing drivers == 2014-08-07 17:23:16 -07:00
mailbox mailbox/omap: add a parent structure for every IP instance 2014-07-29 01:57:25 -07:00
mcb
md dm crypt: fix access beyond the end of allocated space 2014-08-28 14:24:09 -04:00
media media: use pci_zalloc_consistent 2014-08-08 15:57:28 -07:00
memory memory: Freescale CoreNet Coherency Fabric error reporting driver 2014-07-29 19:26:30 -05:00
memstick
message
mfd Immutable branch between MFD, Power, Charger and Regulator for v3.18 2014-09-25 01:55:14 +02:00
misc mei: nfc: fix memory leak in error path 2014-08-25 13:16:23 -07:00
mmc PCI changes for the v3.17 merge window (part 2): 2014-08-14 18:10:33 -06:00
mtd mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc() 2014-08-25 16:15:33 -07:00
net net: ethernet: broadcom: bnx2x: Remove redundant #ifdef 2014-08-22 11:29:58 -07:00
nfc
ntb
nubus
of of/irq: Fix lookup to use 'interrupts-extended' property first 2014-08-16 09:03:58 +01:00
oprofile
parisc
parport drivers/parport/parport_ip32.c: use PTR_ERR_OR_ZERO 2014-08-08 15:57:25 -07:00
pci PCI update for v3.17: 2014-09-03 08:45:48 -07:00
pcmcia Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2014-08-07 08:50:34 -07:00
phy ARM: SoC driver changes for 3.17 2014-08-08 11:34:32 -07:00
pinctrl pinctrl: exynos: Lock GPIOs as interrupts when used as EINTs 2014-08-21 07:24:29 -05:00
platform toshiba_acpi: fix and cleanup toshiba_kbd_bl_mode_store() 2014-09-03 10:45:12 -07:00
pnp ACPI / PNP: Fix acpi_pnp_match() 2014-07-30 00:23:09 +02:00
power power: charger-manager: Fix accessing invalidated power supply after charger unbind 2014-10-28 03:30:21 +01:00
powercap
pps
ps3
ptp PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use 2014-08-12 12:15:14 -06:00
pwm pwm: Fix period and polarity in pwm_get() for non-perfect matches 2014-08-18 10:58:43 +02:00
rapidio PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use 2014-08-12 12:15:14 -06:00
ras
regulator regulator/mfd: max14577: Export symbols for calculating charger current 2014-09-24 15:25:47 +01:00
remoteproc
reset
rpmsg
rtc drivers/rtc/rtc-s5m.c: re-add support for devices without irq specified 2014-08-29 16:28:16 -07:00
s390 s390/sclp: remove unnecessary XTABS flag 2014-08-15 09:01:20 +02:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2014-08-05 18:57:18 -07:00
scsi Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2014-08-29 11:21:49 -07:00
sfi
sh sh: intc: Confine SH_INTC to platforms that need it 2014-08-22 12:28:16 +09:00
sn
soc
spi Merge remote-tracking branch 'spi/fix/sh-msiof' into spi-linus 2014-08-31 13:46:19 +01:00
spmi
ssb
staging USB fixes for 3.17-rc3 2014-08-29 12:10:03 -07:00
target SCSI misc on 20140806 2014-08-06 20:10:32 -07:00
tc
thermal
thunderbolt thunderbolt: Clear hops before overwriting 2014-08-26 14:54:48 -07:00
tty The branch contains the following device tree changes the v3.17 merge 2014-08-14 09:53:39 -06:00
uio
usb USB: fix build error with CONFIG_PM_RUNTIME disabled 2014-08-27 16:55:29 -07:00
uwb uwb/whci: use correct structure type name in sizeof 2014-08-01 15:48:08 -07:00
vfio drivers/vfio: Enable VFIO if EEH is not supported 2014-08-08 10:39:16 -06:00
vhost
video fbdev fixes for 3.17 2014-08-29 11:59:46 -07:00
virt
virtio
vlynq
vme vme: bridges: use pci_zalloc_consistent 2014-08-08 15:57:30 -07:00
w1
watchdog watchdog: sunxi: register restart handler with kernel restart handler 2014-09-26 00:00:42 -07:00
xen PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use 2014-08-12 12:15:14 -06:00
zorro
Kconfig Char / Misc driver patches for 3.17-rc1 2014-08-04 17:32:24 -07:00
Makefile Driver core patches for 3.17-rc1 2014-08-04 18:34:04 -07:00