lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-id: <1424692061-30624-1-git-send-email-k.kozlowski@samsung.com>
Date:	Mon, 23 Feb 2015 12:47:21 +0100
From:	Krzysztof Kozlowski <k.kozlowski@...sung.com>
To:	Sebastian Reichel <sre@...nel.org>,
	Dmitry Eremin-Solenikov <dbaryshkov@...il.com>,
	David Woodhouse <dwmw2@...radead.org>,
	linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org,
	"Rafael J. Wysocki" <rjw@...ysocki.net>,
	Len Brown <lenb@...nel.org>, Jiri Kosina <jkosina@...e.cz>,
	David Herrmann <dh.herrmann@...glemail.com>,
	Cezary Jackiewicz <cezary.jackiewicz@...il.com>,
	Darren Hart <dvhart@...radead.org>,
	Support Opensource <support.opensource@...semi.com>,
	Milo Kim <milo.kim@...com>,
	Julian Andres Klode <jak@...-linux.org>,
	Marc Dietrich <marvin24@....de>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-acpi@...r.kernel.org, linux-input@...r.kernel.org,
	platform-driver-x86@...r.kernel.org,
	patches@...nsource.wolfsonmicro.com, ac100@...ts.launchpad.net,
	linux-tegra@...r.kernel.org, devel@...verdev.osuosl.org,
	Linus Walleij <linus.walleij@...aro.org>,
	Samuel Ortiz <sameo@...ux.intel.com>,
	Lee Jones <lee.jones@...aro.org>,
	linux-arm-kernel@...ts.infradead.org,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	Daniel Mack <daniel@...que.org>,
	Haojian Zhuang <haojian.zhuang@...il.com>,
	Robert Jarzmik <robert.jarzmik@...e.fr>
Cc:	Thomas Gleixner <tglx@...utronix.de>, Pavel Machek <pavel@....cz>,
	Kyungmin Park <kyungmin.park@...sung.com>,
	Marek Szyprowski <m.szyprowski@...sung.com>,
	Krzysztof Kozlowski <k.kozlowski@...sung.com>
Subject: [PATCH v4 00/20] power_supply: Allow safe usage of power supply

Hi,


The patchset fixes invalid memory accesses in certain race scenarios by
moving ownership of struct power_supply to the core. All drivers are
modified.


TLDR for driver and subsystem maintainers
=========================================
Two patches of patchset change power_supply_register() function so in
the same time they touch all drivers. I am kindly asking for acks,
review and help in testing.

Especially please take a look at:
 - patch 2: power_supply: Move run-time configuration to separate structure
 - patch 11: power_supply: Change ownership from driver to core

These are huge.


Problem to fix
==============
Patchset tries to fix invalid memory accesses occurring in following
race scenario:

Thread 1: charger manager, CONSUMER
Thread 2: power supply driver, PROVIDER

THREAD 1 (consumer)                THREAD 2 (provider)
===================                ===================
psy = power_supply_get_by_name()
                                   Driver unbind, .remove
                                     power_supply_unregister()
                                     Device fully removed
psy->get_property()

The consumer of power supply will reference invalid memory because
the provider already freed it.


The fix
=======
To properly fix the race the patchset:
1. Moves ownership of power_supply structure from driver (provider) to
   power supply core.
2. Adds power_supply_get_property()-like API for safe access by consumer.
3. Adds power_supply_put() which will reclaim memory.


I modifed all drivers I found. However I only compile tested them
(plus Smatch, Sparse and coccicheck). I did not test them on real
hardware (except max14577, max77693, max17040, max17042
and charger-manager).


What the patchset does in steps
===============================
1. Some preparation steps are necessary - patch 1 and 2. The driver
   implementing power supply won't be able to fill structure before
   calling power_supply_register(). So 'power_supply_config'
   is introduced in patch 2 ("power_supply: Move run-time configuration
   to separate structure"). Unfortunately this touches all drivers.
   *All drivers are touched.*

2. Safe API wrappers (and usage counter) are added (power_supply_*()).

3. Patch 11: ownership of 'struct power_supply' is moved from driver
   to the core.
   *All drivers are touched.*

4. power_supply_put() is added which reclaims resources.


Dependencies
============
The patchset is rebased on v4.0-rc1 and my latest power supply changes:
1. power_supply: ab8500_fg: Simplify creation and removal of sysfs
   entries [4]
2. compal-laptop: two fixes [5].
3. twl4030_madc_battery, ipaq_micro_battery, lp8788-charger: fixes [6].

Bisect-ability is preserved. All later patches depend on previous ones
so it could be pulled in steps, but cherry-picking won't work.

Patchset is available also here:
https://git.linaro.org/people/marek.szyprowski/linux-srpol.git
branch: v4.0-rc1-power-supply-core-ownership


Changes since v3
================
1. Fix Jonghwa's email in his ack (spotted by Stefan Wahren)
2. Update power_supply_register() documentation.
3. Fix putting the reference to power supply in bq2415x_charger.c (put
   it when it is non-NULL).
4. Add acks: Robert Jarzmik (patch 20), Darren Hart (p. 2), Pavel
   Machek (p. 1-3), Marc Dietrich (p. 2 and 11).


Changes since v2
================
1. Rewrite all drivers to new power_supply_register().
2. Add reviewed-by Bartlomiej Zolnierkiewicz (internal review)
3. Add reviewed-by Sebastian Reichel [3] (to patches which I did not
   change in major way between v2 and v3).
4. Use atomic usage counter of power supply on each of:
   a. register/unregister,
   b. get/put.

Changes since v1
================
1. Add new patches (1, 2, 11, 19).
2. Preserved ack-s where there weren't any changes.
3. Patch 3: Add use counter.
4. Patch 3: Don't add wrapper for set_charged() because already exists
   one.


[1] https://lkml.org/lkml/2014/11/4/527
[2] https://lkml.org/lkml/2014/10/16/89
[3] https://lkml.org/lkml/2015/1/21/471
[4] https://lkml.org/lkml/2015/1/29/612
[5] https://lkml.org/lkml/2015/2/20/150
[6] https://lkml.org/lkml/2015/2/20/170	

Best regards,
Krzysztof


Krzysztof Kozlowski (20):
  power_supply: Add driver private data
  power_supply: Move run-time configuration to separate structure
  power_supply: Add API for safe access of power supply function attrs
  power_supply: sysfs: Use power_supply_*() API for accessing function
    attrs
  power_supply: 88pm860x_charger: Use power_supply_*() API for accessing
    function attrs
  power_supply: ab8500: Use power_supply_*() API for accessing function
    attrs
  mfd: ab8500: Use power_supply_*() API for accessing function attrs
  power_supply: apm_power: Use power_supply_*() API for accessing
    function attrs
  power_supply: bq2415x_charger: Use power_supply_*() API for accessing
    function attrs
  power_supply: charger-manager: Use power_supply_*() API for accessing
    function attrs
  power_supply: Change ownership from driver to core
  power_supply: Add power_supply_put for decrementing device reference
    counter
  power_supply: Increment power supply use counter when obtaining
    references
  power_supply: charger-manager: Decrement the power supply's device
    reference counter
  x86/olpc/xo1/sci: Use newly added power_supply_put API
  x86/olpc/xo15/sci: Use newly added power_supply_put API
  power_supply: 88pm860x_charger: Decrement the power supply's device
    reference counter
  power_supply: bq2415x_charger: Decrement the power supply's device
    reference counter
  mfd: ab8500: Decrement the power supply's device reference counter
  arm: mach-pxa: Decrement the power supply's device reference counter

 arch/arm/mach-pxa/raumfeld.c              |   4 +-
 arch/x86/platform/olpc/olpc-xo1-sci.c     |   4 +-
 arch/x86/platform/olpc/olpc-xo15-sci.c    |   4 +-
 drivers/acpi/ac.c                         |  32 ++--
 drivers/acpi/battery.c                    |  54 +++---
 drivers/acpi/sbs.c                        |  68 +++++---
 drivers/hid/hid-input.c                   |  51 +++---
 drivers/hid/hid-sony.c                    |  43 +++--
 drivers/hid/hid-wiimote-modules.c         |  41 +++--
 drivers/hid/hid-wiimote.h                 |   3 +-
 drivers/hid/wacom.h                       |   8 +-
 drivers/hid/wacom_sys.c                   |  70 ++++----
 drivers/mfd/ab8500-sysctrl.c              |   9 +-
 drivers/platform/x86/compal-laptop.c      |  29 ++--
 drivers/power/88pm860x_battery.c          |  40 +++--
 drivers/power/88pm860x_charger.c          |  61 ++++---
 drivers/power/ab8500_btemp.c              |  75 ++++----
 drivers/power/ab8500_charger.c            | 139 ++++++++-------
 drivers/power/ab8500_fg.c                 | 130 ++++++--------
 drivers/power/abx500_chargalg.c           |  98 +++++------
 drivers/power/apm_power.c                 |   6 +-
 drivers/power/bq2415x_charger.c           | 107 ++++++------
 drivers/power/bq24190_charger.c           | 103 ++++++-----
 drivers/power/bq24735-charger.c           |  53 +++---
 drivers/power/bq27x00_battery.c           |  70 ++++----
 drivers/power/charger-manager.c           | 159 ++++++++++-------
 drivers/power/collie_battery.c            |  75 ++++----
 drivers/power/da9030_battery.c            |  33 ++--
 drivers/power/da9052-battery.c            |  25 +--
 drivers/power/ds2760_battery.c            |  56 +++---
 drivers/power/ds2780_battery.c            |  45 +++--
 drivers/power/ds2781_battery.c            |  47 +++--
 drivers/power/ds2782_battery.c            |  30 ++--
 drivers/power/generic-adc-battery.c       |  54 +++---
 drivers/power/goldfish_battery.c          |  63 +++----
 drivers/power/gpio-charger.c              |  42 +++--
 drivers/power/intel_mid_battery.c         |  57 +++---
 drivers/power/ipaq_micro_battery.c        |  34 ++--
 drivers/power/isp1704_charger.c           |  49 +++---
 drivers/power/jz4740-battery.c            |  37 ++--
 drivers/power/lp8727_charger.c            |  94 +++++-----
 drivers/power/lp8788-charger.c            |  62 ++++---
 drivers/power/ltc2941-battery-gauge.c     |  51 +++---
 drivers/power/max14577_charger.c          |  34 ++--
 drivers/power/max17040_battery.c          |  31 ++--
 drivers/power/max17042_battery.c          |  45 +++--
 drivers/power/max77693_charger.c          |  32 ++--
 drivers/power/max8903_charger.c           |  52 +++---
 drivers/power/max8925_power.c             |  98 ++++++-----
 drivers/power/max8997_charger.c           |  31 ++--
 drivers/power/max8998_charger.c           |  32 ++--
 drivers/power/olpc_battery.c              |  54 +++---
 drivers/power/pcf50633-charger.c          | 105 +++++++-----
 drivers/power/pda_power.c                 |  66 +++----
 drivers/power/pm2301_charger.c            |  48 +++---
 drivers/power/pm2301_charger.h            |   1 +
 drivers/power/pmu_battery.c               |  42 +++--
 drivers/power/power_supply_core.c         | 276 +++++++++++++++++++++++-------
 drivers/power/power_supply_leds.c         |  25 +--
 drivers/power/power_supply_sysfs.c        |  24 +--
 drivers/power/rt5033_battery.c            |  27 +--
 drivers/power/rx51_battery.c              |  27 +--
 drivers/power/s3c_adc_battery.c           |  77 +++++----
 drivers/power/sbs-battery.c               |  71 ++++----
 drivers/power/smb347-charger.c            | 108 ++++++------
 drivers/power/test_power.c                |  53 ++++--
 drivers/power/tosa_battery.c              | 112 +++++++-----
 drivers/power/tps65090-charger.c          |  43 +++--
 drivers/power/twl4030_charger.c           |  65 ++++---
 drivers/power/twl4030_madc_battery.c      |  41 +++--
 drivers/power/wm831x_backup.c             |  26 ++-
 drivers/power/wm831x_power.c              |  95 +++++-----
 drivers/power/wm8350_power.c              |  89 +++++-----
 drivers/power/wm97xx_battery.c            |  37 ++--
 drivers/power/z2_battery.c                |  60 ++++---
 drivers/staging/nvec/nvec_power.c         |  34 ++--
 include/linux/hid.h                       |   6 +-
 include/linux/mfd/abx500/ux500_chargalg.h |  11 +-
 include/linux/mfd/rt5033.h                |   2 +-
 include/linux/mfd/wm8350/supply.h         |   6 +-
 include/linux/power/charger-manager.h     |   3 +-
 include/linux/power_supply.h              |  70 ++++++--
 82 files changed, 2507 insertions(+), 1867 deletions(-)

-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ