lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 19 Dec 2010 12:55:43 +0000
From:	Daniel J Blueman <daniel.blueman@...il.com>
To:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: [2.6.37-rc6] led_trigger_unregister protection fault...

With 2.6.37-rc6, when hot-removing the battery on my Studio 1557 i7
laptop with AC power, kworker/0:2 hit a protection fault in
led_trigger_unregister_oops [1].

Rebuilding with the same config and disassembling led-triggers.o and
power_supply_leds.o, we see that the first two triggers were removed
from the list successfully [2,3].

I don't see 'LED trigger ... failed to register' the kernel message,
so leg_trigger_register_simple had registered the three of them, so
list corruption?

Dan

--- [1]

wq_worker_sleeping+0x1a/0x90
schedule
? call_rcu_sched
? release_task
do_exit
oops_end
die
do_general_protection
general_protection
? led_trigger_unregister+0x44/0xd0
led_trigger_unregister_simple+0x1b/0x30
power_supply_remove_bat_triggers
power_supply_remove_triggers
power_supply_unregister
sysfs_remove_battery
acpi_battery_update
acpi_battery_get_property
power_supply_show_property
power_supply_uevent
dev_uevent
kobject_uevent_env
? default_spin_lock_flags
kobject_uevent
device_del
device_unregister
power_supply_unregister
sysfs_remove_battery
acpi_battery_update
acpi_battery_notify
acpi_device_notify
acpi_ev_notify_dispatch
acpi_os_execute_deferred
process_one_work
? acpi_os_execute_deferred
worker_thread
? worker_thread
kthread
kernel_thread_helper
? kthread
? kernel_thread_helper
RIP: kthread_data+0x10/0x20

--- [2]

void led_trigger_unregister(struct led_trigger *trigger)
{
	struct led_classdev *led_cdev;

	/* Remove from the list of led triggers */
	down_write(&triggers_list_lock);
	list_del(&trigger->next_trig);  <----
	up_write(&triggers_list_lock);
...

--- [3]

static void power_supply_remove_bat_triggers(struct power_supply *psy)
{
	led_trigger_unregister_simple(psy->charging_full_trig);
	led_trigger_unregister_simple(psy->charging_trig);
	led_trigger_unregister_simple(psy->full_trig);  <----
	kfree(psy->full_trig_name);
	kfree(psy->charging_trig_name);
	kfree(psy->charging_full_trig_name);
}
-- 
Daniel J Blueman
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ