All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Krzysztof Kozlowski <k.kozlowski@samsung.com>
Subject: [PATCH 3.10 60/66] power: max17040: Fix NULL pointer dereference when there is no platform_data
Date: Thu, 20 Feb 2014 15:51:59 -0800	[thread overview]
Message-ID: <20140220234911.209523372@linuxfoundation.org> (raw)
In-Reply-To: <20140220234909.482516304@linuxfoundation.org>

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Krzysztof Kozlowski <k.kozlowski@samsung.com>

commit ac323d8d807060f7c95a685a9fe861e7b6300993 upstream.

Fix NULL pointer dereference of "chip->pdata" if platform_data was not
supplied to the driver.

The driver during probe stored the pointer to the platform_data:
	chip->pdata = client->dev.platform_data;
Later it was dereferenced in max17040_get_online() and
max17040_get_status().

If platform_data was not supplied, the NULL pointer exception would
happen:

[    6.626094] Unable to handle kernel  of a at virtual address 00000000
[    6.628557] pgd = c0004000
[    6.632868] [00000000] *pgd=66262564
[    6.634636] Unable to handle kernel paging request at virtual address e6262000
[    6.642014] pgd = de468000
[    6.644700] [e6262000] *pgd=00000000
[    6.648265] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    6.653552] Modules linked in:
[    6.656598] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted 3.10.14-02717-gc58b4b4 #505
[    6.664334] Workqueue: events max17040_work
[    6.668488] task: dfa11b80 ti: df9f6000 task.ti: df9f6000
[    6.673873] PC is at show_pte+0x80/0xb8
[    6.677687] LR is at show_pte+0x3c/0xb8
[    6.681503] pc : [<c001b7b8>]    lr : [<c001b774>]    psr: 600f0113
[    6.681503] sp : df9f7d58  ip : 600f0113  fp : 00000009
[    6.692965] r10: 00000000  r9 : 00000000  r8 : dfa11b80
[    6.698171] r7 : df9f7ea0  r6 : e6262000  r5 : 00000000  r4 : 00000000
[    6.704680] r3 : 00000000  r2 : e6262000  r1 : 600f0193  r0 : c05b3750
[    6.711194] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[    6.718485] Control: 10c53c7d  Table: 5e46806a  DAC: 00000015
[    6.724218] Process kworker/0:1 (pid: 31, stack limit = 0xdf9f6238)
[    6.730465] Stack: (0xdf9f7d58 to 0xdf9f8000)
[    6.914325] [<c001b7b8>] (show_pte+0x80/0xb8) from [<c047107c>] (__do_kernel_fault.part.9+0x44/0x74)
[    6.923425] [<c047107c>] (__do_kernel_fault.part.9+0x44/0x74) from [<c001bb7c>] (do_page_fault+0x2c4/0x360)
[    6.933144] [<c001bb7c>] (do_page_fault+0x2c4/0x360) from [<c0008400>] (do_DataAbort+0x34/0x9c)
[    6.941825] [<c0008400>] (do_DataAbort+0x34/0x9c) from [<c000e5d8>] (__dabt_svc+0x38/0x60)
[    6.950058] Exception stack(0xdf9f7ea0 to 0xdf9f7ee8)
[    6.955099] 7ea0: df0c1790 00000000 00000002 00000000 df0c1794 df0c1790 df0c1790 00000042
[    6.963271] 7ec0: df0c1794 00000001 00000000 00000009 00000000 df9f7ee8 c0306268 c0306270
[    6.971419] 7ee0: a00f0113 ffffffff
[    6.974902] [<c000e5d8>] (__dabt_svc+0x38/0x60) from [<c0306270>] (max17040_work+0x8c/0x144)
[    6.983317] [<c0306270>] (max17040_work+0x8c/0x144) from [<c003f364>] (process_one_work+0x138/0x440)
[    6.992429] [<c003f364>] (process_one_work+0x138/0x440) from [<c003fa64>] (worker_thread+0x134/0x3b8)
[    7.001628] [<c003fa64>] (worker_thread+0x134/0x3b8) from [<c00454bc>] (kthread+0xa4/0xb0)
[    7.009875] [<c00454bc>] (kthread+0xa4/0xb0) from [<c000eb28>] (ret_from_fork+0x14/0x2c)
[    7.017943] Code: e1a03005 e2422480 e0826104 e59f002c (e7922104)
[    7.024017] ---[ end trace 73bc7006b9cc5c79 ]---

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: c6f4a42de60b981dd210de01cd3e575835e3158e
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/power/max17040_battery.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/power/max17040_battery.c
+++ b/drivers/power/max17040_battery.c
@@ -148,7 +148,7 @@ static void max17040_get_online(struct i
 {
 	struct max17040_chip *chip = i2c_get_clientdata(client);
 
-	if (chip->pdata->battery_online)
+	if (chip->pdata && chip->pdata->battery_online)
 		chip->online = chip->pdata->battery_online();
 	else
 		chip->online = 1;
@@ -158,7 +158,8 @@ static void max17040_get_status(struct i
 {
 	struct max17040_chip *chip = i2c_get_clientdata(client);
 
-	if (!chip->pdata->charger_online || !chip->pdata->charger_enable) {
+	if (!chip->pdata || !chip->pdata->charger_online
+			|| !chip->pdata->charger_enable) {
 		chip->status = POWER_SUPPLY_STATUS_UNKNOWN;
 		return;
 	}



  parent reply	other threads:[~2014-02-21  0:46 UTC|newest]

Thread overview: 68+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-20 23:50 [PATCH 3.10 00/66] 3.10.32-stable review Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 01/66] xen-blkfront: handle backend CLOSED without CLOSING Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 02/66] xen/p2m: check MFN is in range before using the m2p table Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 03/66] xen: Fix possible user space selector corruption Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 04/66] fs/file.c:fdtable: avoid triggering OOMs from alloc_fdmem Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 05/66] mm/memory-failure.c: move refcount only in !MF_COUNT_INCREASED Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 06/66] CIFS: Fix SMB2 mounts so they dont try to set or get xattrs via cifs Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 07/66] Add protocol specific operation for CIFS xattrs Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 08/66] retrieving CIFS ACLs when mounted with SMB2 fails dropping session Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 09/66] mac80211: move roc cookie assignment earlier Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 10/66] mac80211: release the channel in error path in start_ap Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 11/66] mac80211: fix fragmentation code, particularly for encryption Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 12/66] ath9k_htc: make ->sta_rc_update atomic for most calls Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 13/66] ar5523: fix usb id for Gigaset Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 14/66] s390/dump: Fix dump memory detection Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 15/66] s390: fix kernel crash due to linkage stack instructions Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 16/66] spi: Fix crash with double message finalisation on error handling Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 17/66] iwlwifi: mvm: dont allow A band if SKU forbids it Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 18/66] iwlwifi: mvm: print the version of the firmware when it asserts Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 19/66] iwlwifi: mvm: BT Coex - disable BT when TXing probe request in scan Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 20/66] of: fix PCI bus match for PCIe slots Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 21/66] raw: test against runtime value of max_raw_minors Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 22/66] hwmon: (ntc_thermistor) Avoid math overflow Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 23/66] lockd: send correct lock when granting a delayed lock Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 24/66] tty: n_gsm: Fix for modems with brk in modem status control Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 25/66] tty: Set correct tty name in active sysfs attribute Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 26/66] drm/radeon: fix UVD IRQ support on 7xx Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 30/66] staging: comedi: adv_pci1710: fix analog output readback value Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 31/66] staging:iio:ad799x fix error_free_irq which was freeing an irq that may not have been requested Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 32/66] iio: max1363: Use devm_regulator_get_optional for optional regulator Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 33/66] iio: adis16400: Set timestamp as the last element in chan_spec Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 34/66] x86, smap: Dont enable SMAP if CONFIG_X86_SMAP is disabled Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 35/66] x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 36/66] ftrace/x86: Use breakpoints for converting function graph caller Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 37/66] ALSA: hda - Fix mic capture on Sony VAIO Pro 11 Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 38/66] mei: clear write cb from waiting list on reset Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 39/66] mei: dont unset read cb ptr " Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 40/66] VME: Correct read/write alignment algorithm Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 41/66] Drivers: hv: vmbus: Dont timeout during the initial connection with host Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 43/66] USB: ftdi_sio: add Tagsys RFID Reader IDs Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 44/66] usb-storage: add unusual-devs entry for BlackBerry 9000 Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 45/66] usb-storage: restrict bcdDevice range for Super Top in Cypress ATACB Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 46/66] usb-storage: enable multi-LUN scanning when needed Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 47/66] usb: option: blacklist ZTE MF667 net interface Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 48/66] Revert "usbcore: set lpm_capable field for LPM capable root hubs" Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 49/66] Modpost: fixed USB alias generation for ranges including 0x9 and 0xA Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 50/66] block: __elv_next_request() shouldnt call into the elevator if bypassing Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 51/66] block: Fix nr_vecs for inline integrity vectors Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 52/66] block: add cond_resched() to potentially long running ioctl discard loop Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 53/66] compiler/gcc4: Make quirk for asm_volatile_goto() unconditional Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 54/66] IB/qib: Add missing serdes init sequence Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 55/66] KVM: return an error code in kvm_vm_ioctl_register_coalesced_mmio() Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 56/66] tick: Clear broadcast pending bit when switching to oneshot Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 57/66] md/raid1: restore ability for check and repair to fix read errors Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 58/66] md/raid5: Fix CPU hotplug callback registration Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.10 59/66] time: Fix overflow when HZ is smaller than 60 Greg Kroah-Hartman
2014-02-20 23:51 ` Greg Kroah-Hartman [this message]
2014-02-20 23:52 ` [PATCH 3.10 61/66] ring-buffer: Fix first commit on sub-buffer having non-zero delta Greg Kroah-Hartman
2014-02-20 23:52 ` [PATCH 3.10 62/66] genirq: Add missing irq_to_desc export for CONFIG_SPARSE_IRQ=n Greg Kroah-Hartman
2014-02-20 23:52 ` [PATCH 3.10 63/66] EDAC: Replace strict_strtol() with kstrtol() Greg Kroah-Hartman
2014-02-20 23:52 ` [PATCH 3.10 64/66] drivers/edac/edac_mc_sysfs.c: poll timeout cannot be zero Greg Kroah-Hartman
2014-02-20 23:52 ` [PATCH 3.10 65/66] EDAC: Poll timeout cannot be zero, p2 Greg Kroah-Hartman
2014-02-20 23:52 ` [PATCH 3.10 66/66] EDAC: Correct workqueue setup path Greg Kroah-Hartman
2014-02-21  3:56 ` [PATCH 3.10 00/66] 3.10.32-stable review Guenter Roeck
2014-02-21  5:09 ` Guenter Roeck
2014-02-21 19:01   ` Greg Kroah-Hartman
2014-02-21 23:17     ` Guenter Roeck
2014-02-21 23:38 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140220234911.209523372@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=k.kozlowski@samsung.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.