diff options
author | Hans de Goede <hdegoede@redhat.com> | 2021-10-30 20:28:03 +0200 |
---|---|---|
committer | Sebastian Reichel <sebastian.reichel@collabora.com> | 2021-11-02 16:48:47 +0100 |
commit | d01363da53ebd1920a9676ea12e5c1168e292346 (patch) | |
tree | 5a198e7f39dfcc85ac16c34be04ec6dedb1a4b87 /drivers/power | |
parent | cdf10ffe8f626d8a2edc354abf063df0078b2d71 (diff) |
power: supply: bq25890: Fix race causing oops at boot
Before this commit the driver was registering its interrupt handler before
it registered the power_supply, causing bq->charger to potentially be NULL
when the interrupt handler runs, triggering a NULL pointer exception in
the interrupt handler:
[ 21.213531] BUG: kernel NULL pointer dereference, address: 0000000000000680
...
[ 21.213573] Hardware name: Xiaomi Inc Mipad2/Mipad, BIOS MIPad-P4.X64.0043.R03.1603071414 03/07/2016
[ 21.213576] RIP: 0010:__lock_acquire+0x5c5/0x1de0
...
[ 21.213629] Call Trace:
[ 21.213636] ? disable_irq_nosync+0x10/0x10
[ 21.213644] ? __mutex_unlock_slowpath+0x35/0x260
[ 21.213655] lock_acquire+0xb5/0x2b0
[ 21.213661] ? power_supply_changed+0x23/0x90
[ 21.213670] ? disable_irq_nosync+0x10/0x10
[ 21.213676] _raw_spin_lock_irqsave+0x48/0x60
[ 21.213682] ? power_supply_changed+0x23/0x90
[ 21.213687] power_supply_changed+0x23/0x90
[ 21.213697] __bq25890_handle_irq+0x5e/0xe0 [bq25890_charger]
[ 21.213709] bq25890_irq_handler_thread+0x26/0x40 [bq25890_charger]
[ 21.213718] irq_thread_fn+0x20/0x60
...
Fix this by moving the power_supply_register() call to above the
request_threaded_irq() call.
Note this fix includes making the following 2 (necessary) changes:
1. Switch to the devm version of power_supply_register() to avoid the
need to make the error-handling in probe() more complicated.
2. Rename the "irq_fail" label to "err_unregister_usb_notifier" since
the old name no longer makes sense after this fix.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Diffstat (limited to 'drivers/power')
-rw-r--r-- | drivers/power/supply/bq25890_charger.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/drivers/power/supply/bq25890_charger.c b/drivers/power/supply/bq25890_charger.c index 56815e6d5a9d..42d82bee9727 100644 --- a/drivers/power/supply/bq25890_charger.c +++ b/drivers/power/supply/bq25890_charger.c @@ -734,8 +734,9 @@ static int bq25890_power_supply_init(struct bq25890_device *bq) psy_cfg.supplied_to = bq25890_charger_supplied_to; psy_cfg.num_supplicants = ARRAY_SIZE(bq25890_charger_supplied_to); - bq->charger = power_supply_register(bq->dev, &bq25890_power_supply_desc, - &psy_cfg); + bq->charger = devm_power_supply_register(bq->dev, + &bq25890_power_supply_desc, + &psy_cfg); return PTR_ERR_OR_ZERO(bq->charger); } @@ -983,22 +984,22 @@ static int bq25890_probe(struct i2c_client *client, usb_register_notifier(bq->usb_phy, &bq->usb_nb); } + ret = bq25890_power_supply_init(bq); + if (ret < 0) { + dev_err(dev, "Failed to register power supply\n"); + goto err_unregister_usb_notifier; + } + ret = devm_request_threaded_irq(dev, client->irq, NULL, bq25890_irq_handler_thread, IRQF_TRIGGER_FALLING | IRQF_ONESHOT, BQ25890_IRQ_PIN, bq); if (ret) - goto irq_fail; - - ret = bq25890_power_supply_init(bq); - if (ret < 0) { - dev_err_probe(dev, ret, "Failed to register power supply.\n"); - goto irq_fail; - } + goto err_unregister_usb_notifier; return 0; -irq_fail: +err_unregister_usb_notifier: if (!IS_ERR_OR_NULL(bq->usb_phy)) usb_unregister_notifier(bq->usb_phy, &bq->usb_nb); @@ -1009,8 +1010,6 @@ static int bq25890_remove(struct i2c_client *client) { struct bq25890_device *bq = i2c_get_clientdata(client); - power_supply_unregister(bq->charger); - if (!IS_ERR_OR_NULL(bq->usb_phy)) usb_unregister_notifier(bq->usb_phy, &bq->usb_nb); |