| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D627B7F.7000409@metafoo.de> Date: Mon, 21 Feb 2011 15:49:35 +0100 From: Lars-Peter Clausen <lars@...afoo.de> To: Grazvydas Ignotas <notasas@...il.com> CC: Anton Vorontsov <cbouatmailru@...il.com>, Pali Rohar <pali.rohar@...il.com>, Rodolfo Giometti <giometti@...ux.it>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 07/14 v3] bq27x00: Cache battery registers On 02/21/2011 03:00 PM, Grazvydas Ignotas wrote: >>> However there is bigger problem, compiling as module and doing >>> insmod/rmmod/insmod causes kernel OOPS: >>> >>> [ 882.575714] BUG: sleeping function called from invalid context at >>> arch/arm/mm/fault.c:295 >>> [ 882.584350] in_atomic(): 0, irqs_disabled(): 128, pid: 1154, name: insmod >>> ... >>> [ 882.959930] Unable to handle kernel NULL pointer dereference at >>> virtual address 00000000 >>> [ 882.968444] pgd = c14c8000 >>> [ 882.977905] Internal error: Oops: 817 [#1] >>> ... >>> [ 883.304412] [<c007eed8>] (__queue_work+0x140/0x260) from >>> [<c007f044>] (queue_work_on+0x2c/0x34) >>> [ 883.313568] [<c007f044>] (queue_work_on+0x2c/0x34) from >>> [<bf008390>] (bq27x00_update+0x1f8/0x220 [bq27x00_battery]) >>> [ 883.324584] [<bf008390>] (bq27x00_update+0x1f8/0x220 >>> [bq27x00_battery]) from [<bf0084c8>] (bq27x00_battery_poll+0x14/0x48 >>> [bq27x00_battery]) >>> >>> full backtrace attached. >> >> I can't reproduce that OOPS. And the backtrace looks a bit strange, >> queue_work_on is not called from bq27x00_update. >> Can you send me the disassembly of your bq27x00_update? > > It comes from power_supply_changed, probably omitted because > queue_work is a tail function of power_supply_changed. It's probably > something i2c specific, I could try bisecting it for you if you like, > I know it doesn't happen before this series. Hi The following patch should hopefully fix the issue. - Lars >From 860fc31cef00bd87085100825ddbff82ad601c33 Mon Sep 17 00:00:00 2001 From: Lars-Peter Clausen <lars@...afoo.de> Date: Mon, 21 Feb 2011 15:34:19 +0100 Subject: [PATCH] Initialize power_supply changed_work before calling device_add Calling device_add causes a uevent for that device to be generated. The power_supply uevent function calls the drivers get_property function, which might causes the driver to update its state, which again might causes the driver to call power_supply_changed(). Since the power_supplys changed_work has not been initialized at this point the behavior is undefined and might result in a OOPS. This patch fixes the issue by initializing the power_supplys changed_work prior to adding the power_supplys device to the device tree. Reported-by: Grazvydas Ignotas <notasas@...il.com> Signed-off-by: Lars-Peter Clausen <lars@...afoo.de> --- drivers/power/power_supply_core.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c index 970f733..329b46b 100644 --- a/drivers/power/power_supply_core.c +++ b/drivers/power/power_supply_core.c @@ -171,6 +171,8 @@ int power_supply_register(struct device *parent, struct power_supply *psy) dev_set_drvdata(dev, psy); psy->dev = dev; + INIT_WORK(&psy->changed_work, power_supply_changed_work); + rc = kobject_set_name(&dev->kobj, "%s", psy->name); if (rc) goto kobject_set_name_failed; @@ -179,8 +181,6 @@ int power_supply_register(struct device *parent, struct power_supply *psy) if (rc) goto device_add_failed; - INIT_WORK(&psy->changed_work, power_supply_changed_work); - rc = power_supply_create_triggers(psy); if (rc) goto create_triggers_failed; -- 1.7.2.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists