[PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate

[PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate

[Shuah Khan]

power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.

device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
When it gets called with a device with its name not yet set, ws structure
with ws->name = NULL gets created.

When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereferences ws->name.

This patch series fixes power_supply_register() to initialize the device name
prior to calling device_init_wakeup() and adds WARN_ON on null device name to
device_wakeup_enable() to detect driver bugs that result in calling
device_wakeup_enable() before device is fully initialized with its name in
device_wakeup_enable().

It is important that these two fixes to be pulled in together as a series. The
change to add WARN_ON on null device name without the power_supply_register()
fix will result in early boot panics when AC Adapter and Battery device drivers
try to register wakeup source.

Shuah Khan (2):
  power_supply: Fix Oops from NULL pointer dereference from
    wakeup_source_activate
  power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

 drivers/base/power/wakeup.c       |  3 +++
 drivers/power/power_supply_core.c | 12 ++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

-- 
1.8.3.2

[PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate

[Shuah Khan]

power_supply_register() calls device_init_wakeup() to register a wakeup
source before initializing dev_name. As a result, device_wakeup_enable()
end up registering wakeup source with a null name when wakeup_source_register()
gets called with dev_name(dev) which is null at the time.

When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereferences ws->name.

Fixed the problem by moving up the kobject_set_name() call prior to accesses
to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
right interface to be called from drivers. Fixed the call to device_del() prior
to device_add() in for wakeup_init_failed error handling code.

[  819.769934] device: 'BAT1': device_add
[  819.770078] PM: Adding info for No Bus:BAT1
[  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
[  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
[  819.770716] Oops: 0000 [#1] SMP
[  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
[  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
[  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
[  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
[  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
[  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
[  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
[  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
[  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
[  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
[  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
[  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
[  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
[  819.773001] Stack:
[  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
[  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
[  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
[  819.773387] Call Trace:
[  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
[  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
[  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
[  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
[  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
[  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
[  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
[  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
[  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
[  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
[  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
[  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
[  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
[  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
[  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
[  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
[  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
[  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
[  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
[  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
[  819.775881]  RSP <ffff8804015cbc70>
[  819.775949] CR2: 0000000000000000
[  819.794175] ---[ end trace c4ef25127039952e ]---

Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
---
 drivers/power/power_supply_core.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
index 00e6672..557af94 100644
--- a/drivers/power/power_supply_core.c
+++ b/drivers/power/power_supply_core.c
@@ -511,6 +511,10 @@ int power_supply_register(struct device *parent, struct power_supply *psy)
 	dev_set_drvdata(dev, psy);
 	psy->dev = dev;
 
+	rc = dev_set_name(dev, "%s", psy->name);
+	if (rc)
+		goto dev_set_name_failed;
+
 	INIT_WORK(&psy->changed_work, power_supply_changed_work);
 
 	rc = power_supply_check_supplies(psy);
@@ -524,10 +528,6 @@ int power_supply_register(struct device *parent, struct power_supply *psy)
 	if (rc)
 		goto wakeup_init_failed;
 
-	rc = kobject_set_name(&dev->kobj, "%s", psy->name);
-	if (rc)
-		goto kobject_set_name_failed;
-
 	rc = device_add(dev);
 	if (rc)
 		goto device_add_failed;
@@ -553,11 +553,11 @@ create_triggers_failed:
 register_cooler_failed:
 	psy_unregister_thermal(psy);
 register_thermal_failed:
-wakeup_init_failed:
 	device_del(dev);
-kobject_set_name_failed:
 device_add_failed:
+wakeup_init_failed:
 check_supplies_failed:
+dev_set_name_failed:
 	put_device(dev);
 success:
 	return rc;
-- 
1.8.3.2

[PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Shuah Khan]

device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
When it gets called with a device with its name not yet set, ws structure
with ws->name = NULL gets created.

When kernel is booted with wakeup_source_activate enabled, it will panic
when the trace point code tries to dereferences ws->name.

Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
to detect driver bugs that result in calling device_wakeup_enable() before
device is fully initialized with its name in device_wakeup_enable().

This change without the power_supply_register() fix will result in early
boot panics when AC Adapter and Battery device drivers try to register
wakeup source.

The following panic resulted from power_supply_register() registering
wakeup source with a null device name.

[  819.769934] device: 'BAT1': device_add
[  819.770078] PM: Adding info for No Bus:BAT1
[  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
[  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
[  819.770716] Oops: 0000 [#1] SMP
[  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
[  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
[  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
[  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
[  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
[  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
[  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
[  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
[  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
[  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
[  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
[  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
[  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
[  819.773001] Stack:
[  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
[  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
[  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
[  819.773387] Call Trace:
[  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
[  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
[  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
[  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
[  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
[  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
[  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
[  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
[  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
[  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
[  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
[  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
[  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
[  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
[  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
[  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
[  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
[  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
[  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
[  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
[  819.775881]  RSP <ffff8804015cbc70>
[  819.775949] CR2: 0000000000000000
[  819.794175] ---[ end trace c4ef25127039952e ]---

Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
---
 drivers/base/power/wakeup.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
index 2d56f41..a605f0d 100644
--- a/drivers/base/power/wakeup.c
+++ b/drivers/base/power/wakeup.c
@@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
 	if (!dev || !dev->power.can_wakeup)
 		return -EINVAL;
 
+	if (WARN_ON(!dev_name(dev)))
+		return -EINVAL;
+
 	ws = wakeup_source_register(dev_name(dev));
 	if (!ws)
 		return -ENOMEM;
-- 
1.8.3.2

Re: [PATCH 0/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate

[Anton Vorontsov]

On Tue, Nov 19, 2013 at 08:59:34AM -0700, Shuah Khan wrote:
> power_supply_register() calls device_init_wakeup() to register a wakeup
> source before initializing dev_name. As a result, device_wakeup_enable()
> end up registering wakeup source with a null name when wakeup_source_register()
> gets called with dev_name(dev) which is null at the time.
> 
> device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
> When it gets called with a device with its name not yet set, ws structure
> with ws->name = NULL gets created.
> 
> When kernel is booted with wakeup_source_activate enabled, it will panic
> when the trace point code tries to dereferences ws->name.
> 
> This patch series fixes power_supply_register() to initialize the device name
> prior to calling device_init_wakeup() and adds WARN_ON on null device name to
> device_wakeup_enable() to detect driver bugs that result in calling
> device_wakeup_enable() before device is fully initialized with its name in
> device_wakeup_enable().
> 
> It is important that these two fixes to be pulled in together as a series. The
> change to add WARN_ON on null device name without the power_supply_register()
> fix will result in early boot panics when AC Adapter and Battery device drivers
> try to register wakeup source.

I am all for it, so for the power_supply part:

Acked-by: Anton Vorontsov <anton@enomsg.org>

Re: [PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate

[Greg KH]

On Tue, Nov 19, 2013 at 08:59:35AM -0700, Shuah Khan wrote:
> power_supply_register() calls device_init_wakeup() to register a wakeup
> source before initializing dev_name. As a result, device_wakeup_enable()
> end up registering wakeup source with a null name when wakeup_source_register()
> gets called with dev_name(dev) which is null at the time.
> 
> When kernel is booted with wakeup_source_activate enabled, it will panic
> when the trace point code tries to dereferences ws->name.
> 
> Fixed the problem by moving up the kobject_set_name() call prior to accesses
> to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
> right interface to be called from drivers. Fixed the call to device_del() prior
> to device_add() in for wakeup_init_failed error handling code.
> 
> [  819.769934] device: 'BAT1': device_add
> [  819.770078] PM: Adding info for No Bus:BAT1
> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> [  819.770716] Oops: 0000 [#1] SMP
> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> [  819.773001] Stack:
> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> [  819.773387] Call Trace:
> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [  819.775881]  RSP <ffff8804015cbc70>
> [  819.775949] CR2: 0000000000000000
> [  819.794175] ---[ end trace c4ef25127039952e ]---
> 
> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>

Care to add a:
	Cc: stable <stable@vger.kernel.org>
to this so that it gets backported to the older kernels that have this
problem?

Oh, and feel free to also add:
	Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

thanks for the dev_set_name() change,

greg k-h

Re: [PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Greg KH]

On Tue, Nov 19, 2013 at 09:05:46AM -0700, Shuah Khan wrote:
> device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
> When it gets called with a device with its name not yet set, ws structure
> with ws->name = NULL gets created.
> 
> When kernel is booted with wakeup_source_activate enabled, it will panic
> when the trace point code tries to dereferences ws->name.
> 
> Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
> to detect driver bugs that result in calling device_wakeup_enable() before
> device is fully initialized with its name in device_wakeup_enable().
> 
> This change without the power_supply_register() fix will result in early
> boot panics when AC Adapter and Battery device drivers try to register
> wakeup source.
> 
> The following panic resulted from power_supply_register() registering
> wakeup source with a null device name.
> 
> [  819.769934] device: 'BAT1': device_add
> [  819.770078] PM: Adding info for No Bus:BAT1
> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> [  819.770716] Oops: 0000 [#1] SMP
> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> [  819.773001] Stack:
> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> [  819.773387] Call Trace:
> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> [  819.775881]  RSP <ffff8804015cbc70>
> [  819.775949] CR2: 0000000000000000
> [  819.794175] ---[ end trace c4ef25127039952e ]---
> 
> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
> ---
>  drivers/base/power/wakeup.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
> index 2d56f41..a605f0d 100644
> --- a/drivers/base/power/wakeup.c
> +++ b/drivers/base/power/wakeup.c
> @@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
>  	if (!dev || !dev->power.can_wakeup)
>  		return -EINVAL;
>  
> +	if (WARN_ON(!dev_name(dev)))
> +		return -EINVAL;
> +
>  	ws = wakeup_source_register(dev_name(dev));

Shouldn't wakeup_source_register() just handle a NULL for a name better?

thanks,

greg k-h

Re: [PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Shuah Khan]

On 11/19/2013 04:56 PM, Rafael J. Wysocki wrote:
> On Tuesday, November 19, 2013 03:14:01 PM Greg KH wrote:
>> On Tue, Nov 19, 2013 at 09:05:46AM -0700, Shuah Khan wrote:
>>> device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
>>> When it gets called with a device with its name not yet set, ws structure
>>> with ws->name = NULL gets created.
>>>
>>> When kernel is booted with wakeup_source_activate enabled, it will panic
>>> when the trace point code tries to dereferences ws->name.
>>>
>>> Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
>>> to detect driver bugs that result in calling device_wakeup_enable() before
>>> device is fully initialized with its name in device_wakeup_enable().
>>>
>>> This change without the power_supply_register() fix will result in early
>>> boot panics when AC Adapter and Battery device drivers try to register
>>> wakeup source.
>>>
>>> The following panic resulted from power_supply_register() registering
>>> wakeup source with a null device name.
>>>
>>> [  819.769934] device: 'BAT1': device_add
>>> [  819.770078] PM: Adding info for No Bus:BAT1
>>> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
>>> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
>>> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
>>> [  819.770716] Oops: 0000 [#1] SMP
>>> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
>>> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
>>> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
>>> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
>>> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
>>> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
>>> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
>>> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
>>> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
>>> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
>>> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
>>> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
>>> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
>>> [  819.773001] Stack:
>>> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
>>> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
>>> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
>>> [  819.773387] Call Trace:
>>> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
>>> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
>>> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
>>> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
>>> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
>>> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
>>> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
>>> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
>>> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
>>> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
>>> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
>>> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
>>> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
>>> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
>>> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
>>> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
>>> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
>>> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
>>> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
>>> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
>>> [  819.775881]  RSP <ffff8804015cbc70>
>>> [  819.775949] CR2: 0000000000000000
>>> [  819.794175] ---[ end trace c4ef25127039952e ]---
>>>
>>> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
>>> ---
>>>   drivers/base/power/wakeup.c | 3 +++
>>>   1 file changed, 3 insertions(+)
>>>
>>> diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
>>> index 2d56f41..a605f0d 100644
>>> --- a/drivers/base/power/wakeup.c
>>> +++ b/drivers/base/power/wakeup.c
>>> @@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
>>>   	if (!dev || !dev->power.can_wakeup)
>>>   		return -EINVAL;
>>>
>>> +	if (WARN_ON(!dev_name(dev)))
>>> +		return -EINVAL;
>>> +
>>>   	ws = wakeup_source_register(dev_name(dev));
>>
>> Shouldn't wakeup_source_register() just handle a NULL for a name better?
>
> In fact, it does.
>
> The bug is in wakeup_source_activate() and that's because it passes ws->name
> to trace_wakeup_source_activate() which then doesn't bother to check it against
> NULL.
>
> So the solution here is to check ws->name before attempting to pass
> it to trace_wakeup_source_activate() in wakeup_source_activate().  It is
> actually valid to have a wakeup source with a NULL name and it shouldn't
> blow up like this.
>
> Thanks,
> Rafael
>

Rafael beat me to it. Yes adding the following to 
DECLARE_EVENT_CLASS(wakeup_source, should take care of the problem:


               const char *tmp_i = name ? name : "ws no name";

                 __assign_str(name, tmp_i);

should make trace_wakeup_source_activate() not blow up. I did consider 
this as one of the fixes to the oops. Would you rather see this fix 
instead of this change to device_wakeup_enable()?

-- Shuah

-- 
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
shuah.kh@samsung.com | (970) 672-0658

Re: [PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Rafael J. Wysocki]

On Tuesday, November 19, 2013 03:14:01 PM Greg KH wrote:
> On Tue, Nov 19, 2013 at 09:05:46AM -0700, Shuah Khan wrote:
> > device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
> > When it gets called with a device with its name not yet set, ws structure
> > with ws->name = NULL gets created.
> > 
> > When kernel is booted with wakeup_source_activate enabled, it will panic
> > when the trace point code tries to dereferences ws->name.
> > 
> > Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
> > to detect driver bugs that result in calling device_wakeup_enable() before
> > device is fully initialized with its name in device_wakeup_enable().
> > 
> > This change without the power_supply_register() fix will result in early
> > boot panics when AC Adapter and Battery device drivers try to register
> > wakeup source.
> > 
> > The following panic resulted from power_supply_register() registering
> > wakeup source with a null device name.
> > 
> > [  819.769934] device: 'BAT1': device_add
> > [  819.770078] PM: Adding info for No Bus:BAT1
> > [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
> > [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> > [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> > [  819.770716] Oops: 0000 [#1] SMP
> > [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> > [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> > [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> > [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> > [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> > [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
> > [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> > [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> > [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> > [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> > [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> > [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> > [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> > [  819.773001] Stack:
> > [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> > [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> > [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> > [  819.773387] Call Trace:
> > [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> > [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> > [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> > [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> > [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> > [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> > [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> > [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> > [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> > [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> > [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> > [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
> > [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
> > [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> > [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> > [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> > [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
> > [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> > [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> > [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> > [  819.775881]  RSP <ffff8804015cbc70>
> > [  819.775949] CR2: 0000000000000000
> > [  819.794175] ---[ end trace c4ef25127039952e ]---
> > 
> > Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
> > ---
> >  drivers/base/power/wakeup.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
> > index 2d56f41..a605f0d 100644
> > --- a/drivers/base/power/wakeup.c
> > +++ b/drivers/base/power/wakeup.c
> > @@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
> >  	if (!dev || !dev->power.can_wakeup)
> >  		return -EINVAL;
> >  
> > +	if (WARN_ON(!dev_name(dev)))
> > +		return -EINVAL;
> > +
> >  	ws = wakeup_source_register(dev_name(dev));
> 
> Shouldn't wakeup_source_register() just handle a NULL for a name better?

In fact, it does.

The bug is in wakeup_source_activate() and that's because it passes ws->name
to trace_wakeup_source_activate() which then doesn't bother to check it against
NULL.

So the solution here is to check ws->name before attempting to pass
it to trace_wakeup_source_activate() in wakeup_source_activate().  It is
actually valid to have a wakeup source with a NULL name and it shouldn't
blow up like this.

Thanks,
Rafael

Re: [PATCH 1/2] power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate

[Shuah Khan]

On 11/19/2013 04:13 PM, Greg KH wrote:
> On Tue, Nov 19, 2013 at 08:59:35AM -0700, Shuah Khan wrote:
>> power_supply_register() calls device_init_wakeup() to register a wakeup
>> source before initializing dev_name. As a result, device_wakeup_enable()
>> end up registering wakeup source with a null name when wakeup_source_register()
>> gets called with dev_name(dev) which is null at the time.
>>
>> When kernel is booted with wakeup_source_activate enabled, it will panic
>> when the trace point code tries to dereferences ws->name.
>>
>> Fixed the problem by moving up the kobject_set_name() call prior to accesses
>> to dev_name(). Replaced kobject_set_name() with dev_set_name() which is the
>> right interface to be called from drivers. Fixed the call to device_del() prior
>> to device_add() in for wakeup_init_failed error handling code.
>>
>> [  819.769934] device: 'BAT1': device_add
>> [  819.770078] PM: Adding info for No Bus:BAT1
>> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
>> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
>> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
>> [  819.770716] Oops: 0000 [#1] SMP
>> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
>> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
>> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
>> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
>> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
>> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
>> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
>> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
>> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
>> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
>> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
>> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
>> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
>> [  819.773001] Stack:
>> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
>> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
>> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
>> [  819.773387] Call Trace:
>> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
>> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
>> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
>> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
>> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
>> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
>> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
>> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
>> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
>> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
>> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
>> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
>> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
>> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
>> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
>> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
>> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
>> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
>> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
>> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
>> [  819.775881]  RSP <ffff8804015cbc70>
>> [  819.775949] CR2: 0000000000000000
>> [  819.794175] ---[ end trace c4ef25127039952e ]---
>>
>> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
>
> Care to add a:
> 	Cc: stable <stable@vger.kernel.org>
> to this so that it gets backported to the older kernels that have this
> problem?

Yes this should be in stable as well. However, this patch failed to 
apply to 3.10 and 3.11 (the two releases I spot checked while I was 
contemplating adding cc stable tag.

I plan to back-port and send the stable patch once this gets into the 
mainline. Sounds good?
>
> Oh, and feel free to also add:
> 	Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

thanks,
>
> thanks for the dev_set_name() change,
>
> greg k-h
>


-- 
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
shuah.kh@samsung.com | (970) 672-0658

Re: [PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Greg KH]

On Tue, Nov 19, 2013 at 04:52:59PM -0700, Shuah Khan wrote:
> On 11/19/2013 04:56 PM, Rafael J. Wysocki wrote:
> > On Tuesday, November 19, 2013 03:14:01 PM Greg KH wrote:
> >> On Tue, Nov 19, 2013 at 09:05:46AM -0700, Shuah Khan wrote:
> >>> device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
> >>> When it gets called with a device with its name not yet set, ws structure
> >>> with ws->name = NULL gets created.
> >>>
> >>> When kernel is booted with wakeup_source_activate enabled, it will panic
> >>> when the trace point code tries to dereferences ws->name.
> >>>
> >>> Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
> >>> to detect driver bugs that result in calling device_wakeup_enable() before
> >>> device is fully initialized with its name in device_wakeup_enable().
> >>>
> >>> This change without the power_supply_register() fix will result in early
> >>> boot panics when AC Adapter and Battery device drivers try to register
> >>> wakeup source.
> >>>
> >>> The following panic resulted from power_supply_register() registering
> >>> wakeup source with a null device name.
> >>>
> >>> [  819.769934] device: 'BAT1': device_add
> >>> [  819.770078] PM: Adding info for No Bus:BAT1
> >>> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
> >>> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> >>> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> >>> [  819.770716] Oops: 0000 [#1] SMP
> >>> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> >>> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> >>> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> >>> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> >>> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> >>> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
> >>> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> >>> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> >>> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> >>> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> >>> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> >>> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> >>> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >>> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> >>> [  819.773001] Stack:
> >>> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> >>> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> >>> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> >>> [  819.773387] Call Trace:
> >>> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> >>> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> >>> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> >>> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> >>> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> >>> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> >>> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> >>> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> >>> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> >>> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> >>> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> >>> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
> >>> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
> >>> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> >>> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> >>> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> >>> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
> >>> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> >>> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> >>> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> >>> [  819.775881]  RSP <ffff8804015cbc70>
> >>> [  819.775949] CR2: 0000000000000000
> >>> [  819.794175] ---[ end trace c4ef25127039952e ]---
> >>>
> >>> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
> >>> ---
> >>>   drivers/base/power/wakeup.c | 3 +++
> >>>   1 file changed, 3 insertions(+)
> >>>
> >>> diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
> >>> index 2d56f41..a605f0d 100644
> >>> --- a/drivers/base/power/wakeup.c
> >>> +++ b/drivers/base/power/wakeup.c
> >>> @@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
> >>>   	if (!dev || !dev->power.can_wakeup)
> >>>   		return -EINVAL;
> >>>
> >>> +	if (WARN_ON(!dev_name(dev)))
> >>> +		return -EINVAL;
> >>> +
> >>>   	ws = wakeup_source_register(dev_name(dev));
> >>
> >> Shouldn't wakeup_source_register() just handle a NULL for a name better?
> >
> > In fact, it does.
> >
> > The bug is in wakeup_source_activate() and that's because it passes ws->name
> > to trace_wakeup_source_activate() which then doesn't bother to check it against
> > NULL.
> >
> > So the solution here is to check ws->name before attempting to pass
> > it to trace_wakeup_source_activate() in wakeup_source_activate().  It is
> > actually valid to have a wakeup source with a NULL name and it shouldn't
> > blow up like this.
> >
> > Thanks,
> > Rafael
> >
> 
> Rafael beat me to it. Yes adding the following to 
> DECLARE_EVENT_CLASS(wakeup_source, should take care of the problem:
> 
> 
>                const char *tmp_i = name ? name : "ws no name";
> 
>                  __assign_str(name, tmp_i);
> 
> should make trace_wakeup_source_activate() not blow up. I did consider 
> this as one of the fixes to the oops. Would you rather see this fix 
> instead of this change to device_wakeup_enable()?

No, that's fine, it makes more sense now.

greg k-h

Re: [PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Rafael J. Wysocki]

On Tuesday, November 19, 2013 04:52:59 PM Shuah Khan wrote:
> On 11/19/2013 04:56 PM, Rafael J. Wysocki wrote:
> > On Tuesday, November 19, 2013 03:14:01 PM Greg KH wrote:
> >> On Tue, Nov 19, 2013 at 09:05:46AM -0700, Shuah Khan wrote:
> >>> device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
> >>> When it gets called with a device with its name not yet set, ws structure
> >>> with ws->name = NULL gets created.
> >>>
> >>> When kernel is booted with wakeup_source_activate enabled, it will panic
> >>> when the trace point code tries to dereferences ws->name.
> >>>
> >>> Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
> >>> to detect driver bugs that result in calling device_wakeup_enable() before
> >>> device is fully initialized with its name in device_wakeup_enable().
> >>>
> >>> This change without the power_supply_register() fix will result in early
> >>> boot panics when AC Adapter and Battery device drivers try to register
> >>> wakeup source.
> >>>
> >>> The following panic resulted from power_supply_register() registering
> >>> wakeup source with a null device name.
> >>>
> >>> [  819.769934] device: 'BAT1': device_add
> >>> [  819.770078] PM: Adding info for No Bus:BAT1
> >>> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
> >>> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> >>> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> >>> [  819.770716] Oops: 0000 [#1] SMP
> >>> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> >>> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> >>> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> >>> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> >>> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> >>> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
> >>> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> >>> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> >>> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> >>> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> >>> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> >>> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> >>> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >>> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> >>> [  819.773001] Stack:
> >>> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> >>> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> >>> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> >>> [  819.773387] Call Trace:
> >>> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> >>> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> >>> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> >>> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> >>> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> >>> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> >>> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> >>> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> >>> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> >>> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> >>> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> >>> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
> >>> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
> >>> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> >>> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> >>> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> >>> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
> >>> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> >>> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> >>> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> >>> [  819.775881]  RSP <ffff8804015cbc70>
> >>> [  819.775949] CR2: 0000000000000000
> >>> [  819.794175] ---[ end trace c4ef25127039952e ]---
> >>>
> >>> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
> >>> ---
> >>>   drivers/base/power/wakeup.c | 3 +++
> >>>   1 file changed, 3 insertions(+)
> >>>
> >>> diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
> >>> index 2d56f41..a605f0d 100644
> >>> --- a/drivers/base/power/wakeup.c
> >>> +++ b/drivers/base/power/wakeup.c
> >>> @@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
> >>>   	if (!dev || !dev->power.can_wakeup)
> >>>   		return -EINVAL;
> >>>
> >>> +	if (WARN_ON(!dev_name(dev)))
> >>> +		return -EINVAL;
> >>> +
> >>>   	ws = wakeup_source_register(dev_name(dev));
> >>
> >> Shouldn't wakeup_source_register() just handle a NULL for a name better?
> >
> > In fact, it does.
> >
> > The bug is in wakeup_source_activate() and that's because it passes ws->name
> > to trace_wakeup_source_activate() which then doesn't bother to check it against
> > NULL.
> >
> > So the solution here is to check ws->name before attempting to pass
> > it to trace_wakeup_source_activate() in wakeup_source_activate().  It is
> > actually valid to have a wakeup source with a NULL name and it shouldn't
> > blow up like this.
> >
> > Thanks,
> > Rafael
> >
> 
> Rafael beat me to it. Yes adding the following to 
> DECLARE_EVENT_CLASS(wakeup_source, should take care of the problem:
> 
> 
>                const char *tmp_i = name ? name : "ws no name";
> 
>                  __assign_str(name, tmp_i);
> 
> should make trace_wakeup_source_activate() not blow up. I did consider 
> this as one of the fixes to the oops. Would you rather see this fix 
> instead of this change to device_wakeup_enable()?

Obviously, I would. :-)

As I said, it should be possible to register a wakeup source without a name.

Also please find the commit that added trace_wakeup_source_activate() to
wakeup_source_activate() and add a Fixes: tag for it to the patch.

Thanks!

-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Re: [PATCH 2/2] power: Change device_wakeup_enable() to WARN_ON on null dev_name(dev)

[Rafael J. Wysocki]

On Wednesday, November 20, 2013 01:12:17 AM Rafael J. Wysocki wrote:
> On Tuesday, November 19, 2013 04:52:59 PM Shuah Khan wrote:
> > On 11/19/2013 04:56 PM, Rafael J. Wysocki wrote:
> > > On Tuesday, November 19, 2013 03:14:01 PM Greg KH wrote:
> > >> On Tue, Nov 19, 2013 at 09:05:46AM -0700, Shuah Khan wrote:
> > >>> device_wakeup_enable() uses dev_name(dev) as the wakeup source name.
> > >>> When it gets called with a device with its name not yet set, ws structure
> > >>> with ws->name = NULL gets created.
> > >>>
> > >>> When kernel is booted with wakeup_source_activate enabled, it will panic
> > >>> when the trace point code tries to dereferences ws->name.
> > >>>
> > >>> Change device_wakeup_enable() to WARN_ON on dev_name(dev) null condition
> > >>> to detect driver bugs that result in calling device_wakeup_enable() before
> > >>> device is fully initialized with its name in device_wakeup_enable().
> > >>>
> > >>> This change without the power_supply_register() fix will result in early
> > >>> boot panics when AC Adapter and Battery device drivers try to register
> > >>> wakeup source.
> > >>>
> > >>> The following panic resulted from power_supply_register() registering
> > >>> wakeup source with a null device name.
> > >>>
> > >>> [  819.769934] device: 'BAT1': device_add
> > >>> [  819.770078] PM: Adding info for No Bus:BAT1
> > >>> [  819.770235] BUG: unable to handle kernel NULL pointer dereference at           (null)
> > >>> [  819.770435] IP: [<ffffffff813381c0>] skip_spaces+0x30/0x30
> > >>> [  819.770572] PGD 3efd90067 PUD 3eff61067 PMD 0
> > >>> [  819.770716] Oops: 0000 [#1] SMP
> > >>> [  819.770829] Modules linked in: arc4 iwldvm mac80211 x86_pkg_temp_thermal coretemp kvm_intel joydev i915 kvm uvcvideo ghash_clmulni_intel videobuf2_vmalloc aesni_intel videobuf2_memops videobuf2_core aes_x86_64 ablk_helper cryptd videodev iwlwifi lrw rfcomm gf128mul glue_helper bnep btusb media bluetooth parport_pc hid_generic ppdev snd_hda_codec_hdmi drm_kms_helper snd_hda_codec_realtek cfg80211 drm tpm_infineon samsung_laptop snd_hda_intel usbhid snd_hda_codec hid snd_hwdep snd_pcm microcode snd_page_alloc snd_timer psmouse i2c_algo_bit lpc_ich tpm_tis video wmi mac_hid serio_raw ext2 lp parport r8169 mii
> > >>> [  819.771802] CPU: 0 PID: 2167 Comm: bash Not tainted 3.12.0+ #25
> > >>> [  819.771876] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D/SAMSUNG_NP1234567890, BIOS P03AAC 07/12/2012
> > >>> [  819.772022] task: ffff88002e6ddcc0 ti: ffff8804015ca000 task.ti: ffff8804015ca000
> > >>> [  819.772119] RIP: 0010:[<ffffffff813381c0>]  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> > >>> [  819.772242] RSP: 0018:ffff8804015cbc70  EFLAGS: 00010046
> > >>> [  819.772310] RAX: 0000000000000003 RBX: ffff88040cfd6d40 RCX: 0000000000000018
> > >>> [  819.772397] RDX: 0000000000020001 RSI: 0000000000000000 RDI: 0000000000000000
> > >>> [  819.772484] RBP: ffff8804015cbcc0 R08: 0000000000000000 R09: ffff8803f0768d40
> > >>> [  819.772570] R10: ffffea001033b800 R11: 0000000000000000 R12: ffffffff81c519c0
> > >>> [  819.772656] R13: 0000000000020001 R14: 0000000000000000 R15: 0000000000020001
> > >>> [  819.772744] FS:  00007ff98309b740(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> > >>> [  819.772845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > >>> [  819.772917] CR2: 0000000000000000 CR3: 00000003f59dc000 CR4: 00000000001407f0
> > >>> [  819.773001] Stack:
> > >>> [  819.773030]  ffffffff81114003 ffff8804015cbcb0 0000000000000000 0000000000000046
> > >>> [  819.773146]  ffff880409757a18 ffff8803f065a160 0000000000000000 0000000000020001
> > >>> [  819.773273]  0000000000000000 0000000000000000 ffff8804015cbce8 ffffffff8143e388
> > >>> [  819.773387] Call Trace:
> > >>> [  819.773434]  [<ffffffff81114003>] ? ftrace_raw_event_wakeup_source+0x43/0xe0
> > >>> [  819.773520]  [<ffffffff8143e388>] wakeup_source_report_event+0xb8/0xd0
> > >>> [  819.773595]  [<ffffffff8143e3cd>] __pm_stay_awake+0x2d/0x50
> > >>> [  819.773724]  [<ffffffff8153395c>] power_supply_changed+0x3c/0x90
> > >>> [  819.773795]  [<ffffffff8153407c>] power_supply_register+0x18c/0x250
> > >>> [  819.773869]  [<ffffffff813d8d18>] sysfs_add_battery+0x61/0x7b
> > >>> [  819.773935]  [<ffffffff813d8d69>] battery_notify+0x37/0x3f
> > >>> [  819.774001]  [<ffffffff816ccb7c>] notifier_call_chain+0x4c/0x70
> > >>> [  819.774071]  [<ffffffff81073ded>] __blocking_notifier_call_chain+0x4d/0x70
> > >>> [  819.774149]  [<ffffffff81073e26>] blocking_notifier_call_chain+0x16/0x20
> > >>> [  819.774227]  [<ffffffff8109397a>] pm_notifier_call_chain+0x1a/0x40
> > >>> [  819.774316]  [<ffffffff81095b66>] hibernate+0x66/0x1c0
> > >>> [  819.774407]  [<ffffffff81093931>] state_store+0x71/0xa0
> > >>> [  819.774507]  [<ffffffff81331d8f>] kobj_attr_store+0xf/0x20
> > >>> [  819.774613]  [<ffffffff811f8618>] sysfs_write_file+0x128/0x1c0
> > >>> [  819.774735]  [<ffffffff8118579d>] vfs_write+0xbd/0x1e0
> > >>> [  819.774841]  [<ffffffff811861d9>] SyS_write+0x49/0xa0
> > >>> [  819.774939]  [<ffffffff816d1052>] system_call_fastpath+0x16/0x1b
> > >>> [  819.775055] Code: 89 f8 48 89 e5 f6 82 c0 a6 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 c0 a6 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> > >>> [  819.775760] RIP  [<ffffffff813381c0>] skip_spaces+0x30/0x30
> > >>> [  819.775881]  RSP <ffff8804015cbc70>
> > >>> [  819.775949] CR2: 0000000000000000
> > >>> [  819.794175] ---[ end trace c4ef25127039952e ]---
> > >>>
> > >>> Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
> > >>> ---
> > >>>   drivers/base/power/wakeup.c | 3 +++
> > >>>   1 file changed, 3 insertions(+)
> > >>>
> > >>> diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
> > >>> index 2d56f41..a605f0d 100644
> > >>> --- a/drivers/base/power/wakeup.c
> > >>> +++ b/drivers/base/power/wakeup.c
> > >>> @@ -223,6 +223,9 @@ int device_wakeup_enable(struct device *dev)
> > >>>   	if (!dev || !dev->power.can_wakeup)
> > >>>   		return -EINVAL;
> > >>>
> > >>> +	if (WARN_ON(!dev_name(dev)))
> > >>> +		return -EINVAL;
> > >>> +
> > >>>   	ws = wakeup_source_register(dev_name(dev));
> > >>
> > >> Shouldn't wakeup_source_register() just handle a NULL for a name better?
> > >
> > > In fact, it does.
> > >
> > > The bug is in wakeup_source_activate() and that's because it passes ws->name
> > > to trace_wakeup_source_activate() which then doesn't bother to check it against
> > > NULL.
> > >
> > > So the solution here is to check ws->name before attempting to pass
> > > it to trace_wakeup_source_activate() in wakeup_source_activate().  It is
> > > actually valid to have a wakeup source with a NULL name and it shouldn't
> > > blow up like this.
> > >
> > > Thanks,
> > > Rafael
> > >
> > 
> > Rafael beat me to it. Yes adding the following to 
> > DECLARE_EVENT_CLASS(wakeup_source, should take care of the problem:
> > 
> > 
> >                const char *tmp_i = name ? name : "ws no name";

Well, please use something like "(no name)" here.

> > 
> >                  __assign_str(name, tmp_i);
> > 
> > should make trace_wakeup_source_activate() not blow up. I did consider 
> > this as one of the fixes to the oops. Would you rather see this fix 
> > instead of this change to device_wakeup_enable()?
> 
> Obviously, I would. :-)
> 
> As I said, it should be possible to register a wakeup source without a name.
> 
> Also please find the commit that added trace_wakeup_source_activate() to
> wakeup_source_activate() and add a Fixes: tag for it to the patch.

Thanks!

-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.