* [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
@ 2013-11-21 1:40 Shuah Khan
2013-11-21 1:40 ` [PATCH 1/2] " Shuah Khan
2013-11-21 1:40 ` [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate Shuah Khan
0 siblings, 2 replies; 9+ messages in thread
From: Shuah Khan @ 2013-11-21 1:40 UTC (permalink / raw)
To: len.brown, pavel, rjw, gregkh, anton, dwmw2
Cc: Shuah Khan, linux-pm, linux-kernel, shuahkhan
power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.
device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
When it gets called with a device with its name not yet set, ws structure
with ws->name = NULL gets created.
When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereference ws->name. Registering a
a wakeup source without a name should be possible.
This patch series fixes power_supply_register() to initialize the device name
prior to calling device_init_wakeup() and fixes wakeup_source_activate
tracepoint to check for null name and handle it gracefully by just using
"(no name)" as the name string for the source.
These two patches are not dependent, I left them as a series since the original
discussion started the fixes grouped in a series.
power_supply patch - no changes since series patch v1, other than including
Acked-by from Greg and Anton. Also added stable tag.
Second patch now is the fix to tracepoint code. This fix is definitely better
than adding WARN_ON to device_wakeup_enable(). It removes the dependency
between these two patches.
These patches can be applied independently with no ill effects. I included
the trace for the wakeup_source_activate trace output in the changelogs for
both patches.
Shuah Khan (2):
power_supply: Fix Oops from NULL pointer dereference from
wakeup_source_activate
PM: Fix Oops from NULL pointer dereference in wakeup_source_activate
drivers/power/power_supply_core.c | 12 ++++++------
include/trace/events/power.h | 6 ++++--
2 files changed, 10 insertions(+), 8 deletions(-)
--
1.8.3.2
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
2013-11-21 1:40 [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate Shuah Khan
@ 2013-11-21 1:40 ` Shuah Khan
2013-11-21 1:40 ` [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate Shuah Khan
1 sibling, 0 replies; 9+ messages in thread
From: Shuah Khan @ 2013-11-21 1:40 UTC (permalink / raw)
To: len.brown, pavel, rjw, gregkh, anton, dwmw2
Cc: Shuah Khan, linux-pm, linux-kernel, shuahkhan, stable
power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.
When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereference ws->name.
Fixed the problem by moving up the kobject_set_name() call prior to accesses
to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
right interface to be called from drivers. Fixed the call to device_del() prior
to device_add() in for wakeup_init_failed error handling code.
Trace after the change:
bash-2023 [000] d... 88.069073: wakeup_source_activate: BAT1 state=0x20001
kworker/0:1-38 [000] d... 88.069155: wakeup_source_deactivate: BAT1 state=0x30000
Oops message:
[ 819.769934] device: 'BAT1': device_add
[ 819.770078] PM: Adding info for No Bus:BAT1
[ 819.770235] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
[ 819.770716] Oops: 0000 [#1] SMP
[ 819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
[ 819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
[ 819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
[ 819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
[ 819.772119] RIP: 0010:[<ffffffff813381c0>] [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.772242] RSP: 0018:ffff8804015cbc70 EFLAGS: 00010046
[ 819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
[ 819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
[ 819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
[ 819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
[ 819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
[ 819.772744] FS: 00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
[ 819.772845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
[ 819.773001] Stack:
[ 819.773030] ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
[ 819.773146] ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
[ 819.773273] 0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
[ 819.773387] Call Trace:
[ 819.773434] [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
[ 819.773520] [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
[ 819.773595] [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
[ 819.773724] [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
[ 819.773795] [<ffffffff8153407c>] power_supply_register+0x18c/0x250
[ 819.773869] [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
[ 819.773935] [<ffffffff813d8d69>] battery_notify+0x37/0x3f
[ 819.774001] [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
[ 819.774071] [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
[ 819.774149] [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
[ 819.774227] [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
[ 819.774316] [<ffffffff81095b66>] hibernate+0x66/0x1c0
[ 819.774407] [<ffffffff81093931>] state_store+0x71/0xa0
[ 819.774507] [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
[ 819.774613] [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
[ 819.774735] [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
[ 819.774841] [<ffffffff811861d9>] SyS_write+0x49/0xa0
[ 819.774939] [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
[ 819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
[ 819.775760] RIP [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.775881] RSP <ffff8804015cbc70>
[ 819.775949] CR2: 0000000000000000
[ 819.794175] ---[ end trace c4ef25127039952e ]---
Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
Acked-by: Anton Vorontsov <anton@enomsg.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
---
drivers/power/power_supply_core.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
index 00e6672..557af94 100644
--- a/drivers/power/power_supply_core.c
+++ b/drivers/power/power_supply_core.c
@@ -511,6 +511,10 @@ int power_supply_register(struct device *parent, struct power_supply *psy)
dev_set_drvdata(dev, psy);
psy->dev = dev;
+ rc = dev_set_name(dev, "%s", psy->name);
+ if (rc)
+ goto dev_set_name_failed;
+
INIT_WORK(&psy->changed_work, power_supply_changed_work);
rc = power_supply_check_supplies(psy);
@@ -524,10 +528,6 @@ int power_supply_register(struct device *parent, struct power_supply *psy)
if (rc)
goto wakeup_init_failed;
- rc = kobject_set_name(&dev->kobj, "%s", psy->name);
- if (rc)
- goto kobject_set_name_failed;
-
rc = device_add(dev);
if (rc)
goto device_add_failed;
@@ -553,11 +553,11 @@ create_triggers_failed:
register_cooler_failed:
psy_unregister_thermal(psy);
register_thermal_failed:
-wakeup_init_failed:
device_del(dev);
-kobject_set_name_failed:
device_add_failed:
+wakeup_init_failed:
check_supplies_failed:
+dev_set_name_failed:
put_device(dev);
success:
return rc;
--
1.8.3.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate
2013-11-21 1:40 [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate Shuah Khan
2013-11-21 1:40 ` [PATCH 1/2] " Shuah Khan
@ 2013-11-21 1:40 ` Shuah Khan
2013-11-21 2:01 ` Shuah Khan
1 sibling, 1 reply; 9+ messages in thread
From: Shuah Khan @ 2013-11-21 1:40 UTC (permalink / raw)
To: len.brown, pavel, rjw, gregkh, anton, dwmw2
Cc: Shuah Khan, linux-pm, linux-kernel, shuahkhan, stable
power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.
When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereference ws->name. Registering a
a wakeup source without a name should be possible.
Fix wakeup_source_activate tracepoint to check for null name and handle it
gracefully by just using "(no name)" as the name string for the source.
Fixes: commit 6791e36c4a40e8930e08669e60077eea6770c429
Trace after the change:
bash-2008 [000] d... 610.307262: wakeup_source_activate: (no name) state=0x20001
kworker/0:0-2000 [000] d... 610.307287: wakeup_source_deactivate: (no name) state=0x30000
Oops message:
[ 819.769934] device: 'BAT1': device_add
[ 819.770078] PM: Adding info for No Bus:BAT1
[ 819.770235] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
[ 819.770716] Oops: 0000 [#1] SMP
[ 819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
[ 819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
[ 819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
[ 819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
[ 819.772119] RIP: 0010:[<ffffffff813381c0>] [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.772242] RSP: 0018:ffff8804015cbc70 EFLAGS: 00010046
[ 819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
[ 819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
[ 819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
[ 819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
[ 819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
[ 819.772744] FS: 00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
[ 819.772845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
[ 819.773001] Stack:
[ 819.773030] ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
[ 819.773146] ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
[ 819.773273] 0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
[ 819.773387] Call Trace:
[ 819.773434] [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
[ 819.773520] [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
[ 819.773595] [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
[ 819.773724] [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
[ 819.773795] [<ffffffff8153407c>] power_supply_register+0x18c/0x250
[ 819.773869] [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
[ 819.773935] [<ffffffff813d8d69>] battery_notify+0x37/0x3f
[ 819.774001] [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
[ 819.774071] [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
[ 819.774149] [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
[ 819.774227] [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
[ 819.774316] [<ffffffff81095b66>] hibernate+0x66/0x1c0
[ 819.774407] [<ffffffff81093931>] state_store+0x71/0xa0
[ 819.774507] [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
[ 819.774613] [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
[ 819.774735] [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
[ 819.774841] [<ffffffff811861d9>] SyS_write+0x49/0xa0
[ 819.774939] [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
[ 819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
[ 819.775760] RIP [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.775881] RSP <ffff8804015cbc70>
[ 819.775949] CR2: 0000000000000000
[ 819.794175] ---[ end trace c4ef25127039952e ]---
Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
Cc: stable@vger.kernel.org
---
include/trace/events/power.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/trace/events/power.h b/include/trace/events/power.h
index cda100d..5ba545a 100644
--- a/include/trace/events/power.h
+++ b/include/trace/events/power.h
@@ -110,12 +110,14 @@ DECLARE_EVENT_CLASS(wakeup_source,
TP_ARGS(name, state),
TP_STRUCT__entry(
- __string( name, name )
+ __string(name, name ? name : "(no name)")
__field( u64, state )
),
TP_fast_assign(
- __assign_str(name, name);
+ const char *tname = name ? name : "(no name)";
+
+ __assign_str(name, tname);
__entry->state = state;
),
--
1.8.3.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate
2013-11-21 1:40 ` [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate Shuah Khan
@ 2013-11-21 2:01 ` Shuah Khan
2013-11-21 2:26 ` Steven Rostedt
0 siblings, 1 reply; 9+ messages in thread
From: Shuah Khan @ 2013-11-21 2:01 UTC (permalink / raw)
To: len.brown, pavel, rjw, gregkh, anton, dwmw2, rostedt, fweisbec,
mingo, keun-o.park, paul.gortmaker
Cc: Shuah Khan, linux-pm, linux-kernel, shuahkhan, stable
On 11/20/2013 06:40 PM, Shuah Khan wrote:
> power_supply_register() calls device_init_wakeup() to register a wakeup
> source before initializing dev_name. As a result, device_wakeup_enable()
> end up registering wakeup source with a null name when wakeup_source_register()
> gets called with dev_name(dev) which is null at the time.
>
> When kernel is booted with wakeup_source_activate enabled, it will panic
> when the trace point code tries to dereference ws->name. Registering a
> a wakeup source without a name should be possible.
>
> Fix wakeup_source_activate tracepoint to check for null name and handle it
> gracefully by just using "(no name)" as the name string for the source.
>
> Fixes: commit 6791e36c4a40e8930e08669e60077eea6770c429
>
> Trace after the change:
> bash-2008 [000] d... 610.307262: wakeup_source_activate: (no name) state=0x20001
> kworker/0:0-2000 [000] d... 610.307287: wakeup_source_deactivate: (no name) state=0x30000
>
> Oops message:
>
> [ 819.769934] device: 'BAT1': device_add
> [ 819.770078] PM: Adding info for No Bus:BAT1
> [ 819.770235] BUG: unable to handle kernel NULL pointer dereference at (null)
> [ 819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [ 819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> [ 819.770716] Oops: 0000 [#1] SMP
> [ 819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> [ 819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> [ 819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> [ 819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> [ 819.772119] RIP: 0010:[<ffffffff813381c0>] [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [ 819.772242] RSP: 0018:ffff8804015cbc70 EFLAGS: 00010046
> [ 819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> [ 819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> [ 819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> [ 819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> [ 819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> [ 819.772744] FS: 00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> [ 819.772845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> [ 819.773001] Stack:
> [ 819.773030] ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> [ 819.773146] ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> [ 819.773273] 0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> [ 819.773387] Call Trace:
> [ 819.773434] [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> [ 819.773520] [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> [ 819.773595] [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> [ 819.773724] [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> [ 819.773795] [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> [ 819.773869] [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> [ 819.773935] [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> [ 819.774001] [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> [ 819.774071] [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> [ 819.774149] [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> [ 819.774227] [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> [ 819.774316] [<ffffffff81095b66>] hibernate+0x66/0x1c0
> [ 819.774407] [<ffffffff81093931>] state_store+0x71/0xa0
> [ 819.774507] [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> [ 819.774613] [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> [ 819.774735] [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> [ 819.774841] [<ffffffff811861d9>] SyS_write+0x49/0xa0
> [ 819.774939] [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> [ 819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> [ 819.775760] RIP [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [ 819.775881] RSP <ffff8804015cbc70>
> [ 819.775949] CR2: 0000000000000000
> [ 819.794175] ---[ end trace c4ef25127039952e ]---
>
> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
> Cc: stable@vger.kernel.org
> ---
> include/trace/events/power.h | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/include/trace/events/power.h b/include/trace/events/power.h
> index cda100d..5ba545a 100644
> --- a/include/trace/events/power.h
> +++ b/include/trace/events/power.h
> @@ -110,12 +110,14 @@ DECLARE_EVENT_CLASS(wakeup_source,
> TP_ARGS(name, state),
>
> TP_STRUCT__entry(
> - __string( name, name )
> + __string(name, name ? name : "(no name)")
> __field( u64, state )
> ),
>
> TP_fast_assign(
> - __assign_str(name, name);
> + const char *tname = name ? name : "(no name)";
> +
> + __assign_str(name, tname);
> __entry->state = state;
> ),
>
>
Adding tracing maintainers.
--
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
shuah.kh@samsung.com | (970) 672-0658
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate
2013-11-21 2:01 ` Shuah Khan
@ 2013-11-21 2:26 ` Steven Rostedt
2013-11-21 18:02 ` Shuah Khan
0 siblings, 1 reply; 9+ messages in thread
From: Steven Rostedt @ 2013-11-21 2:26 UTC (permalink / raw)
To: shuah.kh
Cc: len.brown, pavel, rjw, gregkh, anton, dwmw2, fweisbec, mingo,
keun-o.park, paul.gortmaker, linux-pm, linux-kernel, shuahkhan,
stable
On Wed, 20 Nov 2013 19:01:22 -0700
Shuah Khan <shuah.kh@samsung.com> wrote:
> On 11/20/2013 06:40 PM, Shuah Khan wrote:
> > ---
> > include/trace/events/power.h | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/trace/events/power.h b/include/trace/events/power.h
> > index cda100d..5ba545a 100644
> > --- a/include/trace/events/power.h
> > +++ b/include/trace/events/power.h
> > @@ -110,12 +110,14 @@ DECLARE_EVENT_CLASS(wakeup_source,
> > TP_ARGS(name, state),
> >
> > TP_STRUCT__entry(
> > - __string( name, name )
> > + __string(name, name ? name : "(no name)")
> > __field( u64, state )
> > ),
> >
> > TP_fast_assign(
> > - __assign_str(name, name);
> > + const char *tname = name ? name : "(no name)";
> > +
> > + __assign_str(name, tname);
> > __entry->state = state;
> > ),
> >
> >
>
> Adding tracing maintainers.
Thanks!
This is one solution, but what about just making the tracing facility a
bit more robust for everyone. Following what glibc printf() does when
it is passed a NULL, does this patch fix it too?
-- Steve
(haven't even compile tested this)
diff --git a/include/trace/ftrace.h b/include/trace/ftrace.h
index 52594b2..bdac88c 100644
--- a/include/trace/ftrace.h
+++ b/include/trace/ftrace.h
@@ -372,7 +372,8 @@ ftrace_define_fields_##call(struct ftrace_event_call *event_call) \
__data_size += (len) * sizeof(type);
#undef __string
-#define __string(item, src) __dynamic_array(char, item, strlen(src) + 1)
+#define __string(item, src) __dynamic_array(char, item, \
+ strlen((src) ? (src) : "(null)") + 1)
#undef DECLARE_EVENT_CLASS
#define DECLARE_EVENT_CLASS(call, proto, args, tstruct, assign, print) \
@@ -501,7 +502,7 @@ static inline notrace int ftrace_get_offsets_##call( \
#undef __assign_str
#define __assign_str(dst, src) \
- strcpy(__get_str(dst), src);
+ strcpy(__get_str(dst), (src) ? (src) : "(null)");
#undef TP_fast_assign
#define TP_fast_assign(args...) args
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate
2013-11-21 2:26 ` Steven Rostedt
@ 2013-11-21 18:02 ` Shuah Khan
0 siblings, 0 replies; 9+ messages in thread
From: Shuah Khan @ 2013-11-21 18:02 UTC (permalink / raw)
To: Steven Rostedt
Cc: len.brown, pavel, rjw, gregkh, anton, dwmw2, fweisbec, mingo,
keun-o.park, paul.gortmaker, linux-pm, linux-kernel, shuahkhan,
stable, Shuah Khan
On 11/20/2013 07:26 PM, Steven Rostedt wrote:
> On Wed, 20 Nov 2013 19:01:22 -0700
> Shuah Khan <shuah.kh@samsung.com> wrote:
>
>> On 11/20/2013 06:40 PM, Shuah Khan wrote:
>
>>> ---
>>> include/trace/events/power.h | 6 ++++--
>>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/include/trace/events/power.h b/include/trace/events/power.h
>>> index cda100d..5ba545a 100644
>>> --- a/include/trace/events/power.h
>>> +++ b/include/trace/events/power.h
>>> @@ -110,12 +110,14 @@ DECLARE_EVENT_CLASS(wakeup_source,
>>> TP_ARGS(name, state),
>>>
>>> TP_STRUCT__entry(
>>> - __string( name, name )
>>> + __string(name, name ? name : "(no name)")
>>> __field( u64, state )
>>> ),
>>>
>>> TP_fast_assign(
>>> - __assign_str(name, name);
>>> + const char *tname = name ? name : "(no name)";
>>> +
>>> + __assign_str(name, tname);
>>> __entry->state = state;
>>> ),
>>>
>>>
>>
>> Adding tracing maintainers.
>
> Thanks!
>
> This is one solution, but what about just making the tracing facility a
> bit more robust for everyone. Following what glibc printf() does when
> it is passed a NULL, does this patch fix it too?
>
Why not? I am working to get the code compiling now. Will let you know
if this works.
-- Shuah
--
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
shuah.kh@samsung.com | (970) 672-0658
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
@ 2013-11-19 15:59 Shuah Khan
2013-11-19 15:59 ` [PATCH 1/2] " Shuah Khan
0 siblings, 1 reply; 9+ messages in thread
From: Shuah Khan @ 2013-11-19 15:59 UTC (permalink / raw)
To: len.brown, pavel, rjw, gregkh, anton, dwmw2
Cc: Shuah Khan, linux-pm, linux-kernel, shuahkhan
power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.
device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
When it gets called with a device with its name not yet set, ws structure
with ws->name = NULL gets created.
When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereferences ws->name.
This patch series fixes power_supply_register() to initialize the device name
prior to calling device_init_wakeup() and adds WARN_ON on null device name to
device_wakeup_enable() to detect driver bugs that result in calling
device_wakeup_enable() before device is fully initialized with its name in
device_wakeup_enable().
It is important that these two fixes to be pulled in together as a series. The
change to add WARN_ON on null device name without the power_supply_register()
fix will result in early boot panics when AC Adapter and Battery device drivers
try to register wakeup source.
Shuah Khan (2):
power_supply: Fix Oops from NULL pointer dereference from
wakeup_source_activate
power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)
drivers/base/power/wakeup.c | 3 +++
drivers/power/power_supply_core.c | 12 ++++++------
2 files changed, 9 insertions(+), 6 deletions(-)
--
1.8.3.2
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
2013-11-19 15:59 [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate Shuah Khan
@ 2013-11-19 15:59 ` Shuah Khan
2013-11-19 23:13 ` Greg KH
0 siblings, 1 reply; 9+ messages in thread
From: Shuah Khan @ 2013-11-19 15:59 UTC (permalink / raw)
To: len.brown, pavel, rjw, gregkh, anton, dwmw2
Cc: Shuah Khan, linux-pm, linux-kernel, shuahkhan
power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.
When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereferences ws->name.
Fixed the problem by moving up the kobject_set_name() call prior to accesses
to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
right interface to be called from drivers. Fixed the call to device_del() prior
to device_add() in for wakeup_init_failed error handling code.
[ 819.769934] device: 'BAT1': device_add
[ 819.770078] PM: Adding info for No Bus:BAT1
[ 819.770235] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
[ 819.770716] Oops: 0000 [#1] SMP
[ 819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
[ 819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
[ 819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
[ 819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
[ 819.772119] RIP: 0010:[<ffffffff813381c0>] [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.772242] RSP: 0018:ffff8804015cbc70 EFLAGS: 00010046
[ 819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
[ 819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
[ 819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
[ 819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
[ 819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
[ 819.772744] FS: 00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
[ 819.772845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
[ 819.773001] Stack:
[ 819.773030] ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
[ 819.773146] ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
[ 819.773273] 0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
[ 819.773387] Call Trace:
[ 819.773434] [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
[ 819.773520] [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
[ 819.773595] [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
[ 819.773724] [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
[ 819.773795] [<ffffffff8153407c>] power_supply_register+0x18c/0x250
[ 819.773869] [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
[ 819.773935] [<ffffffff813d8d69>] battery_notify+0x37/0x3f
[ 819.774001] [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
[ 819.774071] [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
[ 819.774149] [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
[ 819.774227] [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
[ 819.774316] [<ffffffff81095b66>] hibernate+0x66/0x1c0
[ 819.774407] [<ffffffff81093931>] state_store+0x71/0xa0
[ 819.774507] [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
[ 819.774613] [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
[ 819.774735] [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
[ 819.774841] [<ffffffff811861d9>] SyS_write+0x49/0xa0
[ 819.774939] [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
[ 819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
[ 819.775760] RIP [<ffffffff813381c0>] skip_spaces+0x30/0x30
[ 819.775881] RSP <ffff8804015cbc70>
[ 819.775949] CR2: 0000000000000000
[ 819.794175] ---[ end trace c4ef25127039952e ]---
Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
---
drivers/power/power_supply_core.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
index 00e6672..557af94 100644
--- a/drivers/power/power_supply_core.c
+++ b/drivers/power/power_supply_core.c
@@ -511,6 +511,10 @@ int power_supply_register(struct device *parent, struct power_supply *psy)
dev_set_drvdata(dev, psy);
psy->dev = dev;
+ rc = dev_set_name(dev, "%s", psy->name);
+ if (rc)
+ goto dev_set_name_failed;
+
INIT_WORK(&psy->changed_work, power_supply_changed_work);
rc = power_supply_check_supplies(psy);
@@ -524,10 +528,6 @@ int power_supply_register(struct device *parent, struct power_supply *psy)
if (rc)
goto wakeup_init_failed;
- rc = kobject_set_name(&dev->kobj, "%s", psy->name);
- if (rc)
- goto kobject_set_name_failed;
-
rc = device_add(dev);
if (rc)
goto device_add_failed;
@@ -553,11 +553,11 @@ create_triggers_failed:
register_cooler_failed:
psy_unregister_thermal(psy);
register_thermal_failed:
-wakeup_init_failed:
device_del(dev);
-kobject_set_name_failed:
device_add_failed:
+wakeup_init_failed:
check_supplies_failed:
+dev_set_name_failed:
put_device(dev);
success:
return rc;
--
1.8.3.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
2013-11-19 15:59 ` [PATCH 1/2] " Shuah Khan
@ 2013-11-19 23:13 ` Greg KH
2013-11-19 23:59 ` Shuah Khan
0 siblings, 1 reply; 9+ messages in thread
From: Greg KH @ 2013-11-19 23:13 UTC (permalink / raw)
To: Shuah Khan
Cc: len.brown, pavel, rjw, anton, dwmw2, linux-pm, linux-kernel, shuahkhan
On Tue, Nov 19, 2013 at 08:59:35AM -0700, Shuah Khan wrote:
> power_supply_register() calls device_init_wakeup() to register a wakeup
> source before initializing dev_name. As a result, device_wakeup_enable()
> end up registering wakeup source with a null name when wakeup_source_register()
> gets called with dev_name(dev) which is null at the time.
>
> When kernel is booted with wakeup_source_activate enabled, it will panic
> when the trace point code tries to dereferences ws->name.
>
> Fixed the problem by moving up the kobject_set_name() call prior to accesses
> to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
> right interface to be called from drivers. Fixed the call to device_del() prior
> to device_add() in for wakeup_init_failed error handling code.
>
> [ 819.769934] device: 'BAT1': device_add
> [ 819.770078] PM: Adding info for No Bus:BAT1
> [ 819.770235] BUG: unable to handle kernel NULL pointer dereference at (null)
> [ 819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [ 819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> [ 819.770716] Oops: 0000 [#1] SMP
> [ 819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> [ 819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> [ 819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> [ 819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> [ 819.772119] RIP: 0010:[<ffffffff813381c0>] [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [ 819.772242] RSP: 0018:ffff8804015cbc70 EFLAGS: 00010046
> [ 819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> [ 819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> [ 819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> [ 819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> [ 819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> [ 819.772744] FS: 00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> [ 819.772845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> [ 819.773001] Stack:
> [ 819.773030] ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> [ 819.773146] ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> [ 819.773273] 0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> [ 819.773387] Call Trace:
> [ 819.773434] [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> [ 819.773520] [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> [ 819.773595] [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> [ 819.773724] [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> [ 819.773795] [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> [ 819.773869] [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> [ 819.773935] [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> [ 819.774001] [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> [ 819.774071] [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> [ 819.774149] [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> [ 819.774227] [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> [ 819.774316] [<ffffffff81095b66>] hibernate+0x66/0x1c0
> [ 819.774407] [<ffffffff81093931>] state_store+0x71/0xa0
> [ 819.774507] [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> [ 819.774613] [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> [ 819.774735] [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> [ 819.774841] [<ffffffff811861d9>] SyS_write+0x49/0xa0
> [ 819.774939] [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> [ 819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> [ 819.775760] RIP [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [ 819.775881] RSP <ffff8804015cbc70>
> [ 819.775949] CR2: 0000000000000000
> [ 819.794175] ---[ end trace c4ef25127039952e ]---
>
> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
Care to add a:
Cc: stable <stable@vger.kernel.org>
to this so that it gets backported to the older kernels that have this
problem?
Oh, and feel free to also add:
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
thanks for the dev_set_name() change,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
2013-11-19 23:13 ` Greg KH
@ 2013-11-19 23:59 ` Shuah Khan
0 siblings, 0 replies; 9+ messages in thread
From: Shuah Khan @ 2013-11-19 23:59 UTC (permalink / raw)
To: Greg KH
Cc: len.brown, pavel, rjw, anton, dwmw2, linux-pm, linux-kernel,
shuahkhan, Shuah Khan
On 11/19/2013 04:13 PM, Greg KH wrote:
> On Tue, Nov 19, 2013 at 08:59:35AM -0700, Shuah Khan wrote:
>> power_supply_register() calls device_init_wakeup() to register a wakeup
>> source before initializing dev_name. As a result, device_wakeup_enable()
>> end up registering wakeup source with a null name when wakeup_source_register()
>> gets called with dev_name(dev) which is null at the time.
>>
>> When kernel is booted with wakeup_source_activate enabled, it will panic
>> when the trace point code tries to dereferences ws->name.
>>
>> Fixed the problem by moving up the kobject_set_name() call prior to accesses
>> to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
>> right interface to be called from drivers. Fixed the call to device_del() prior
>> to device_add() in for wakeup_init_failed error handling code.
>>
>> [ 819.769934] device: 'BAT1': device_add
>> [ 819.770078] PM: Adding info for No Bus:BAT1
>> [ 819.770235] BUG: unable to handle kernel NULL pointer dereference at (null)
>> [ 819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
>> [ 819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
>> [ 819.770716] Oops: 0000 [#1] SMP
>> [ 819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
>> [ 819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
>> [ 819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
>> [ 819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
>> [ 819.772119] RIP: 0010:[<ffffffff813381c0>] [<ffffffff813381c0>] skip_spaces+0x30/0x30
>> [ 819.772242] RSP: 0018:ffff8804015cbc70 EFLAGS: 00010046
>> [ 819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
>> [ 819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
>> [ 819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
>> [ 819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
>> [ 819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
>> [ 819.772744] FS: 00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
>> [ 819.772845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
>> [ 819.773001] Stack:
>> [ 819.773030] ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
>> [ 819.773146] ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
>> [ 819.773273] 0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
>> [ 819.773387] Call Trace:
>> [ 819.773434] [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
>> [ 819.773520] [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
>> [ 819.773595] [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
>> [ 819.773724] [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
>> [ 819.773795] [<ffffffff8153407c>] power_supply_register+0x18c/0x250
>> [ 819.773869] [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
>> [ 819.773935] [<ffffffff813d8d69>] battery_notify+0x37/0x3f
>> [ 819.774001] [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
>> [ 819.774071] [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
>> [ 819.774149] [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
>> [ 819.774227] [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
>> [ 819.774316] [<ffffffff81095b66>] hibernate+0x66/0x1c0
>> [ 819.774407] [<ffffffff81093931>] state_store+0x71/0xa0
>> [ 819.774507] [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
>> [ 819.774613] [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
>> [ 819.774735] [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
>> [ 819.774841] [<ffffffff811861d9>] SyS_write+0x49/0xa0
>> [ 819.774939] [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
>> [ 819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
>> [ 819.775760] RIP [<ffffffff813381c0>] skip_spaces+0x30/0x30
>> [ 819.775881] RSP <ffff8804015cbc70>
>> [ 819.775949] CR2: 0000000000000000
>> [ 819.794175] ---[ end trace c4ef25127039952e ]---
>>
>> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
>
> Care to add a:
> Cc: stable <stable@vger.kernel.org>
> to this so that it gets backported to the older kernels that have this
> problem?
Yes this should be in stable as well. However, this patch failed to
apply to 3.10 and 3.11 (the two releases I spot checked while I was
contemplating adding cc stable tag.
I plan to back-port and send the stable patch once this gets into the
mainline. Sounds good?
>
> Oh, and feel free to also add:
> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
thanks,
>
> thanks for the dev_set_name() change,
>
> greg k-h
>
--
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
shuah.kh@samsung.com | (970) 672-0658
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2013-11-21 18:02 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-21 1:40 [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate Shuah Khan
2013-11-21 1:40 ` [PATCH 1/2] " Shuah Khan
2013-11-21 1:40 ` [PATCH 2/2] PM: Fix Oops from NULL pointer dereference in wakeup_source_activate Shuah Khan
2013-11-21 2:01 ` Shuah Khan
2013-11-21 2:26 ` Steven Rostedt
2013-11-21 18:02 ` Shuah Khan
-- strict thread matches above, loose matches on Subject: below --
2013-11-19 15:59 [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate Shuah Khan
2013-11-19 15:59 ` [PATCH 1/2] " Shuah Khan
2013-11-19 23:13 ` Greg KH
2013-11-19 23:59 ` Shuah Khan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).