Commit Graph

14 Commits

Author SHA1 Message Date
Dmitry Eremin-Solenikov ce992369cf power_supply: fix oops in collie_battery driver
Fix an oops happening due to typo in 297d716f62
[power_supply: Change ownership from driver to core].

Unable to handle kernel NULL pointer dereference at virtual address 00000050
pgd = c0004000
[00000050] *pgd=00000000
Internal error: Oops: 17 [#1] ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 4.1.0-rc1+ #35
Hardware name: Sharp-Collie
task: c381a720 ti: c381e000 task.ti: c381e000
PC is at collie_bat_get_property+0x10/0x258
LR is at collie_bat_get_property+0x10/0x258
pc : [<c0235d28>]    lr : [<c0235d28>]    psr: 20000013
sp : c381fd60  ip : 00000001  fp : 00000000
r10: c37b84c0  r9 : c068c9b8  r8 : c37b84a0
r7 : c37b84c0  r6 : c381fd84  r5 : 00000000  r4 : 00000000
r3 : c0369380  r2 : c381fd84  r1 : 00000000  r0 : 00000000
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 0000717f  Table: c3784000  DAC: 00000017
Process swapper (pid: 1, stack limit = 0xc381e190)
Stack: (0xc381fd60 to 0xc3820000)
fd60: c0369380 00000000 c37c0000 c068c9b8 c37b84c0 c0234380 00000000 c0234bc0
fd80: c042fcec c37b84a0 c0357c64 00000000 c37b84c0 c37c0000 c37b84a0 c0234e98
fda0: c37be020 00000000 ff0a0004 c37b84c8 c37be020 c37b84c0 c042fcec c383dbc0
fdc0: c0364060 00000000 00000000 c01be6a8 00000000 c015b220 c37b84c8 c381fdf0
fde0: c37b84c8 c37b84c8 c37b84c8 c37be020 c041e278 c015b478 c04a45b4 c0045290
fe00: c381a720 c0345d50 00000001 c37bf020 c0e511d8 c00453c0 c0688058 c37b84c8
fe20: 00000000 c37b84c0 c37780c0 c0e511d8 c38e2f60 c0e52d24 c04a45b4 c01be134
fe40: c37b8550 c37b8550 00000000 c0347a8c c37b84a0 00000000 c37b84c0 c0369380
fe60: c37780c0 00000001 00000061 c02347a0 00000001 c0e52e6c c068d144 c37b77a0
fe80: 00000000 c068d164 00000000 c0235b3c 00000000 c067fbb4 00000000 c068d1e4
fea0: 00000000 00000000 00000000 00000000 00000000 00000000 c37b77a0 c068d144
fec0: c3778020 c06953c0 c049de68 c01d5f54 c0688800 c3778020 c068d144 c0688700
fee0: c06953c0 c01d6000 c0675b80 c0675b80 c37b77a0 c0009624 c381a720 c000d8dc
ff00: 00000001 c381ff54 c048a500 c00453c0 c00095a0 20000153 ffffffff c000d8dc
ff20: c049cbd0 00000001 c04aa064 00000007 c04a9fb0 00000006 c06953c0 c06953c0
ff40: c048a590 c04a45c0 c04a9ffc 00000006 c06953c0 c06953c0 c048a590 c04a45c0
ff60: 00000061 c048adf8 00000006 00000006 c048a590 c0036450 00000001 00000000
ff80: c00363ec 00000000 c033ee7c 00000000 00000000 00000000 00000000 00000000
ffa0: 00000000 c033ee84 00000000 c000a3c8 00000000 00000000 00000000 00000000
ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[<c0235d28>] (collie_bat_get_property) from [<c0234380>] (power_supply_get_property+0x1c/0x28)
[<c0234380>] (power_supply_get_property) from [<c0234bc0>] (power_supply_show_property+0x50/0x1dc)
[<c0234bc0>] (power_supply_show_property) from [<c0234e98>] (power_supply_uevent+0x9c/0x1cc)
[<c0234e98>] (power_supply_uevent) from [<c01be6a8>] (dev_uevent+0xb4/0x1d0)
[<c01be6a8>] (dev_uevent) from [<c015b478>] (kobject_uevent_env+0x1cc/0x4f8)
[<c015b478>] (kobject_uevent_env) from [<c01be134>] (device_add+0x374/0x524)
[<c01be134>] (device_add) from [<c02347a0>] (__power_supply_register+0x120/0x180)
[<c02347a0>] (__power_supply_register) from [<c0235b3c>] (collie_bat_probe+0xe8/0x1b4)
[<c0235b3c>] (collie_bat_probe) from [<c01d5f54>] (ucb1x00_add_dev+0x30/0x88)
[<c01d5f54>] (ucb1x00_add_dev) from [<c01d6000>] (ucb1x00_register_driver+0x54/0x78)
[<c01d6000>] (ucb1x00_register_driver) from [<c0009624>] (do_one_initcall+0x84/0x1f4)
[<c0009624>] (do_one_initcall) from [<c048adf8>] (kernel_init_freeable+0xf8/0x1b4)
[<c048adf8>] (kernel_init_freeable) from [<c033ee84>] (kernel_init+0x8/0xec)
[<c033ee84>] (kernel_init) from [<c000a3c8>] (ret_from_fork+0x14/0x2c)
Code: e92d40f8 e1a05001 e1a06002 ebfff9bc (e5903050)
---[ end trace 447ee06b251d66b2 ]---

Fixes: 297d716f62 ("power_supply: Change ownership from driver to core")
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
2015-04-30 17:39:40 +02:00
Krzysztof Kozlowski 297d716f62 power_supply: Change ownership from driver to core
Change the ownership of power_supply structure from each driver
implementing the class to the power supply core.

The patch changes power_supply_register() function thus all drivers
implementing power supply class are adjusted.

Each driver provides the implementation of power supply. However it
should not be the owner of power supply class instance because it is
exposed by core to other subsystems with power_supply_get_by_name().
These other subsystems have no knowledge when the driver will unregister
the power supply. This leads to several issues when driver is unbound -
mostly because user of power supply accesses freed memory.

Instead let the core own the instance of struct 'power_supply'.  Other
users of this power supply will still access valid memory because it
will be freed when device reference count reaches 0. Currently this
means "it will leak" but power_supply_put() call in next patches will
solve it.

This solves invalid memory references in following race condition
scenario:

Thread 1: charger manager
Thread 2: power supply driver, used by charger manager

THREAD 1 (charger manager)         THREAD 2 (power supply driver)
==========================         ==============================
psy = power_supply_get_by_name()
                                   Driver unbind, .remove
                                     power_supply_unregister()
                                     Device fully removed
psy->get_property()

The 'get_property' call is executed in invalid context because the driver was
unbound and struct 'power_supply' memory was freed.

This could be observed easily with charger manager driver (here compiled
with max17040 fuel gauge):

$ cat /sys/devices/virtual/power_supply/cm-battery/capacity &
$ echo "1-0036" > /sys/bus/i2c/drivers/max17040/unbind
[   55.725123] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   55.732584] pgd = d98d4000
[   55.734060] [00000000] *pgd=5afa2831, *pte=00000000, *ppte=00000000
[   55.740318] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
[   55.746210] Modules linked in:
[   55.749259] CPU: 1 PID: 2936 Comm: cat Tainted: G        W       3.19.0-rc1-next-20141226-00048-gf79f475f3c44-dirty #1496
[   55.760190] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[   55.766270] task: d9b76f00 ti: daf54000 task.ti: daf54000
[   55.771647] PC is at 0x0
[   55.774182] LR is at charger_get_property+0x2f4/0x36c
[   55.779201] pc : [<00000000>]    lr : [<c034b0b4>]    psr: 60000013
[   55.779201] sp : daf55e90  ip : 00000003  fp : 00000000
[   55.790657] r10: 00000000  r9 : c06e2878  r8 : d9b26c68
[   55.795865] r7 : dad81610  r6 : daec7410  r5 : daf55ebc  r4 : 00000000
[   55.802367] r3 : 00000000  r2 : daf55ebc  r1 : 0000002a  r0 : d9b26c68
[   55.808879] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   55.815994] Control: 10c5387d  Table: 598d406a  DAC: 00000015
[   55.821723] Process cat (pid: 2936, stack limit = 0xdaf54210)
[   55.827451] Stack: (0xdaf55e90 to 0xdaf56000)
[   55.831795] 5e80:                                     60000013 c01459c4 0000002a c06f8ef8
[   55.839956] 5ea0: db651000 c06f8ef8 daebac00 c04cb668 daebac08 c0346864 00000000 c01459c4
[   55.848115] 5ec0: d99eaa80 c06f8ef8 00000fff 00001000 db651000 c027f25c c027f240 d99eaa80
[   55.856274] 5ee0: d9a06c00 c0146218 daf55f18 00001000 d99eaa80 db4c18c0 00000001 00000001
[   55.864468] 5f00: daf55f80 c0144c78 c0144c54 c0107f90 00015000 d99eaab0 00000000 00000000
[   55.872603] 5f20: 000051c7 00000000 db4c18c0 c04a9370 00015000 00001000 daf55f80 00001000
[   55.880763] 5f40: daf54000 00015000 00000000 c00e53dc db4c18c0 c00e548c 0000000d 00008124
[   55.888937] 5f60: 00000001 00000000 00000000 db4c18c0 db4c18c0 00001000 00015000 c00e5550
[   55.897099] 5f80: 00000000 00000000 00001000 00001000 00015000 00000003 00000003 c000f364
[   55.905239] 5fa0: 00000000 c000f1a0 00001000 00015000 00000003 00015000 00001000 0001333c
[   55.913399] 5fc0: 00001000 00015000 00000003 00000003 00000002 00000000 00000000 00000000
[   55.921560] 5fe0: 7fffe000 be999850 0000a225 b6f3c19c 60000010 00000003 00000000 00000000
[   55.929744] [<c034b0b4>] (charger_get_property) from [<c0346864>] (power_supply_show_property+0x48/0x20c)
[   55.939286] [<c0346864>] (power_supply_show_property) from [<c027f25c>] (dev_attr_show+0x1c/0x48)
[   55.948130] [<c027f25c>] (dev_attr_show) from [<c0146218>] (sysfs_kf_seq_show+0x84/0x104)
[   55.956298] [<c0146218>] (sysfs_kf_seq_show) from [<c0144c78>] (kernfs_seq_show+0x24/0x28)
[   55.964536] [<c0144c78>] (kernfs_seq_show) from [<c0107f90>] (seq_read+0x1b0/0x484)
[   55.972172] [<c0107f90>] (seq_read) from [<c00e53dc>] (__vfs_read+0x18/0x4c)
[   55.979188] [<c00e53dc>] (__vfs_read) from [<c00e548c>] (vfs_read+0x7c/0x100)
[   55.986304] [<c00e548c>] (vfs_read) from [<c00e5550>] (SyS_read+0x40/0x8c)
[   55.993164] [<c00e5550>] (SyS_read) from [<c000f1a0>] (ret_fast_syscall+0x0/0x48)
[   56.000626] Code: bad PC value
[   56.011652] ---[ end trace 7b64343fbdae8ef1 ]---

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reviewed-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

[for the nvec part]
Reviewed-by: Marc Dietrich <marvin24@gmx.de>

[for compal-laptop.c]
Acked-by: Darren Hart <dvhart@linux.intel.com>

[for the mfd part]
Acked-by: Lee Jones <lee.jones@linaro.org>

[for the hid part]
Acked-by: Jiri Kosina <jkosina@suse.cz>

[for the acpi part]
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

Signed-off-by: Sebastian Reichel <sre@kernel.org>
2015-03-13 23:15:51 +01:00
Krzysztof Kozlowski 2dc9215d7c power_supply: Move run-time configuration to separate structure
Add new structure 'power_supply_config' for holding run-time
initialization data like of_node, supplies and private driver data.

The power_supply_register() function is changed so all power supply
drivers need updating.

When registering the power supply this new 'power_supply_config' should be
used instead of directly initializing 'struct power_supply'. This allows
changing the ownership of power_supply structure from driver to the
power supply core in next patches.

When a driver does not use of_node or supplies then it should use NULL
as config. If driver uses of_node or supplies then it should allocate
config on stack and initialize it with proper values.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reviewed-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Acked-by: Pavel Machek <pavel@ucw.cz>

[for the nvec part]
Reviewed-by: Marc Dietrich <marvin24@gmx.de>

[for drivers/platform/x86/compal-laptop.c]
Reviewed-by: Darren Hart <dvhart@linux.intel.com>

[for drivers/hid/*]
Reviewed-by: Jiri Kosina <jkosina@suse.cz>

Signed-off-by: Sebastian Reichel <sre@kernel.org>
2015-03-13 23:15:12 +01:00
Dmitry Eremin-Solenikov f1300e7f62 power: collie_battery: support generating wakeup event
Teach collie_battery driver to communicate to the kernel that it can
generate wakeup events. Handle enabling/disabling wakeup on battery full
event in suspend/resume callbacks.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
2015-01-20 13:58:32 +01:00
Andrea Adami 1ba6411497 power supply: collie_battery: Convert to use dev_pm_ops
This commit fixes the following warnings:

 linux/drivers/power/collie_battery.c:372:2: warning: initialization from
 incompatible pointer type [enabled by default]
 linux/drivers/power/collie_battery.c:372:2: warning: (near initialization
 for 'collie_bat_driver.suspend') [enabled by default]

Referencess:

MFD: ucb1x00-core: convert to use dev_pm_ops
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/include/linux/mfd?id=5a09b7120a965a7d7e8494d0ed509135bbce0118

MFD: mcp-core: remove legacy driver suspend/resume methods
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/include/linux/mfd?id=cf4abfcc0df2985ff6061f74e63b8353f2a1d0bc

Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Anton Vorontsov <anton@enomsg.org>
2013-08-09 13:41:06 -07:00
Bill Pemberton 415ec69fb1 power: remove use of __devexit
CONFIG_HOTPLUG is going away as an option so __devexit is no
longer needed.

Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Cc: Anton Vorontsov <cbou@mail.ru>
Cc: David Woodhouse <dwmw2@infradead.org>
Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-28 11:43:22 -08:00
Bill Pemberton c8afa6406e power: remove use of __devinit
CONFIG_HOTPLUG is going away as an option so __devinit is no longer
needed.

Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Cc: Anton Vorontsov <cbou@mail.ru>
Cc: David Woodhouse <dwmw2@infradead.org>
Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-28 11:43:22 -08:00
Bill Pemberton 28ea73f4c6 power: remove use of __devexit_p
CONFIG_HOTPLUG is going away as an option so __devexit_p is no longer
needed.

Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Cc: Anton Vorontsov <cbou@mail.ru>
Cc: David Woodhouse <dwmw2@infradead.org>
Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-28 11:43:22 -08:00
Tejun Heo 43829731dd workqueue: deprecate flush[_delayed]_work_sync()
flush[_delayed]_work_sync() are now spurious.  Mark them deprecated
and convert all users to flush[_delayed]_work().

If you're cc'd and wondering what's going on: Now all workqueues are
non-reentrant and the regular flushes guarantee that the work item is
not pending or running on any CPU on return, so there's no reason to
use the sync flushes at all and they're going away.

This patch doesn't make any functional difference.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Mattia Dongili <malattia@linux.it>
Cc: Kent Yoder <key@linux.vnet.ibm.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Karsten Keil <isdn@linux-pingi.de>
Cc: Bryan Wu <bryan.wu@canonical.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Alasdair Kergon <agk@redhat.com>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-wireless@vger.kernel.org
Cc: Anton Vorontsov <cbou@mail.ru>
Cc: Sangbeom Kim <sbkim73@samsung.com>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Petr Vandrovec <petr@vandrovec.name>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Avi Kivity <avi@redhat.com>
2012-08-20 14:51:24 -07:00
Anton Vorontsov 913272b386 Merge git://git.infradead.org/users/cbou/battery-urgent 2012-01-10 20:55:11 +04:00
Jochen Friedrich 629bcb4b72 collie_battery: Get rid of irq_to_gpio usage
Since 9d08d5d77a, irq_to_gpio() is no
longer available but still in use by collie_battery.c. As it's just
for a debug message, just get rid of this call.

Signed-off-by: Jochen Friedrich <jochen@scram.de>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
2011-11-25 02:20:57 +04:00
Axel Lin 389cd203d6 collie_battery: Convert to gpio_request_array() / gpio_free_array()
As suggested by Igor Grinberg, this change make the implementation looks
simpler.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
2011-11-24 23:30:22 +04:00
Tejun Heo bc51e7ff52 power_supply: Don't use flush_scheduled_work()
flush_scheduled_work() is deprecated and scheduled to be removed.

In battery drivers, the work can be canceled on probe failure and
removal and should be flushed on suspend.  Replace
flush_scheduled_work() usages with direct cancels and flushes.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
2010-12-22 02:39:56 +03:00
Thomas Kunze f1fce597e6 collie: add battery driver
This driver is based on tosa_battery.c.
2009-11-27 21:07:23 +01:00