[2.6.30] Kernel bug with dock driver

Message ID	20090617123440.GA400@khazad-dum.debian.net (mailing list archive)
State	Not Applicable, archived
Headers	show Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n5HCZPAN025448 for <patchwork-acpi@patchwork.kernel.org>; Wed, 17 Jun 2009 12:35:25 GMT Date: Wed, 17 Jun 2009 09:34:40 -0300 From: Henrique de Moraes Holschuh <hmh@hmh.eng.br> To: Joerg Platte <jplatte@naasa.net> Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [2.6.30] Kernel bug with dock driver Message-ID: <20090617123440.GA400@khazad-dum.debian.net> References: <200906142100.48621.jplatte@naasa.net> <200906150936.41983.jplatte@naasa.net> <20090615202928.GA28319@khazad-dum.debian.net> <200906161125.00685.jplatte@naasa.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200906161125.00685.jplatte@naasa.net> User-Agent: Mutt/1.5.19 (2009-01-05) Sender: linux-acpi-owner@vger.kernel.org Precedence: bulk

Message ID

20090617123440.GA400@khazad-dum.debian.net (mailing list archive)

State

Not Applicable, archived

Headers

Date: Wed, 17 Jun 2009 09:34:40 -0300
From: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
To: Joerg Platte <jplatte@naasa.net>
Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [2.6.30] Kernel bug with dock driver
Message-ID: <20090617123440.GA400@khazad-dum.debian.net>
References: <200906142100.48621.jplatte@naasa.net>
	<200906150936.41983.jplatte@naasa.net>
	<20090615202928.GA28319@khazad-dum.debian.net>
	<200906161125.00685.jplatte@naasa.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200906161125.00685.jplatte@naasa.net>
User-Agent: Mutt/1.5.19 (2009-01-05)
Sender: linux-acpi-owner@vger.kernel.org
Precedence: bulk

Commit Message

Henrique de Moraes Holschuh June 17, 2009, 12:34 p.m. UTC

On Tue, 16 Jun 2009, Joerg Platte wrote:
> Pid: 52, comm: kacpi_notify Not tainted (2.6.30 #1) 2373G1G
> EIP: 0060:[<c01df5fa>] EFLAGS: 00010286 CPU: 0
> EIP is at strcpy+0xe/0x1b
> EAX: f302482c EBX: f3024800 ECX: f302482c EDX: 00000000
> ESI: 00000000 EDI: f302482c EBP: f70a4f34 ESP: f70a4f28
>  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
> Process kacpi_notify (pid: 52, ti=f70a4000 task=f704c980 task.ti=f70a4000)
> Stack:
>  f3024800 f3024814 f3024844 f70a4f64 c01fc898 010a4f54 00000000 f70c2879
>  00000004 f30e83c0 f3024818 00000014 f97c8132 f69b2600 00000000 f70a4f70
>  f97c814e 00000000 f70a4f7c f97c8023 f7070460 f70a4f8c c020199d f4e37ee0
> Call Trace:
>  [<c01fc898>] ? acpi_bus_generate_netlink_event+0x140/0x199
>  [<f97c8132>] ? bay_notify+0x0/0x1f [thinkpad_acpi]

Bay notify does this:

static void bay_notify(struct ibm_struct *ibm, u32 event)
{
	acpi_bus_generate_proc_event(ibm->acpi->device, event, 0);
	acpi_bus_generate_netlink_event(ibm->acpi->device->pnp.device_class,
					  dev_name(&ibm->acpi->device->dev),
					  event, 0);
}

If it causes a NULL derreference, it means someone has changed API and did
NOT change all callsites.  It is that simple.

Joerg, please apply this patch, and report the results...  WARNING: you will
not get bay events from thinkpad-acpi, so be careful to not remove from the
bay a device that is still active...

Comments

Joerg Platte June 18, 2009, 9:22 p.m. UTC | #1

Am Wednesday, 17. June 2009 schrieb Henrique de Moraes Holschuh:
Hi Henrique,

> If it causes a NULL derreference, it means someone has changed API and did
> NOT change all callsites.  It is that simple.
>
> Joerg, please apply this patch, and report the results...  WARNING: you
> will not get bay events from thinkpad-acpi, so be careful to not remove
> from the bay a device that is still active...

This time I got two BUGs while being on battery and without acpid:

------------[ cut here ]------------
WARNING: at drivers/platform/x86/thinkpad_acpi.c:4565 bay_notify+0x35/0x5e 
[thinkpad_acpi]()
Hardware name: 2373G1G
thinkpad_acpi: dev_name() is returning NULL
Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs radeon drm 
sco bridge stp llc bnep l2cap bluetooth ipt_MASQUERADE iptable_nat nf_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ipt_REJECT ipt_LOG xt_limit 
xt_tcpudp xt_mac xt_multiport iptable_filter iptable_mangle ip_tables x_tables 
nf_conntrack_ftp nf_conntrack vboxdrv binfmt_misc af_packet cpufreq_userspace 
cpufreq_stats cpufreq_powersave autofs4 nsc_ircc fuse nls_utf8 ntfs nls_base 
ext2 deadline_iosched as_iosched ircomm_tty ircomm tun acpi_cpufreq sbs sbshc 
joydev snd_intel8x0m snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss 
snd_mixer_oss snd_pcm snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event 
snd_seq snd_timer snd_seq_device irtty_sir thinkpad_acpi ipw2200 libipw 
yenta_socket sir_dev rfkill snd rsrc_nonstatic lib80211 soundcore pcmcia 
rtc_cmos psmouse led_class pcmcia_core snd_page_alloc i2c_i801 rng_core 
8250_pci irda pcspkr serio_raw nvram parport_pc 8250_pnp rtc_core parport 
button rtc_lib processor battery ac crc_ccitt 8250 serial_core evdev ext3 jbd 
mbcache sd_mod ata_generic pata_acpi ata_piix libata uhci_hcd ehci_hcd e1000 
scsi_mod usbcore intel_agp agpgart video output thermal fan unix 
cpufreq_conservative cpufreq_ondemand freq_table radeonfb fb_ddc backlight 
i2c_algo_bit cfbcopyarea i2c_core cfbimgblt cfbfillrect fbcon tileblit font 
bitblit softcursor fb
Pid: 52, comm: kacpi_notify Not tainted 2.6.30 #1
Call Trace:
 [<c011f839>] warn_slowpath_common+0x60/0x90
 [<f9767132>] ? bay_notify+0x0/0x5e [thinkpad_acpi]
 [<c011f89d>] warn_slowpath_fmt+0x24/0x27
 [<f9767167>] bay_notify+0x35/0x5e [thinkpad_acpi]
 [<f9767023>] dispatch_acpi_notify+0x23/0x26 [thinkpad_acpi]
 [<c02018cd>] acpi_ev_notify_dispatch+0x4c/0x57
 [<c01f4488>] acpi_os_execute_deferred+0x20/0x2c
 [<c012cff6>] worker_thread+0x15a/0x1fd
 [<c01f4468>] ? acpi_os_execute_deferred+0x0/0x2c
 [<c012fc7d>] ? autoremove_wake_function+0x0/0x33
 [<c012ce9c>] ? worker_thread+0x0/0x1fd
 [<c012f8bc>] kthread+0x42/0x67
 [<c012f87a>] ? kthread+0x0/0x67
 [<c01030d3>] kernel_thread_helper+0x7/0x10
---[ end trace 0469584017b9bddb ]---
sd 1:0:0:0: [sdb] Synchronizing SCSI cache
sd 1:0:0:0: [sdb] Stopping disk
ata2.00: disabled
ACPI: \_SB_.PCI0.IDE0.SCND.MSTR - undocking
ACPI Warning (nspredef-0290): \_SB_.PCI0.LPC_.EC__.BEEP: Excess arguments - 
needs 1, found 2 [20090320]
------------[ cut here ]------------
WARNING: at drivers/platform/x86/thinkpad_acpi.c:4565 bay_notify+0x35/0x5e 
[thinkpad_acpi]()
Hardware name: 2373G1G
thinkpad_acpi: dev_name() is returning NULL
Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs radeon drm 
sco bridge stp llc bnep l2cap bluetooth ipt_MASQUERADE iptable_nat nf_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ipt_REJECT ipt_LOG xt_limit 
xt_tcpudp xt_mac xt_multiport iptable_filter iptable_mangle ip_tables x_tables 
nf_conntrack_ftp nf_conntrack vboxdrv binfmt_misc af_packet cpufreq_userspace 
cpufreq_stats cpufreq_powersave autofs4 nsc_ircc fuse nls_utf8 ntfs nls_base 
ext2 deadline_iosched as_iosched ircomm_tty ircomm tun acpi_cpufreq sbs sbshc 
joydev snd_intel8x0m snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss 
snd_mixer_oss snd_pcm snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event 
snd_seq snd_timer snd_seq_device irtty_sir thinkpad_acpi ipw2200 libipw 
yenta_socket sir_dev rfkill snd rsrc_nonstatic lib80211 soundcore pcmcia 
rtc_cmos psmouse led_class pcmcia_core snd_page_alloc i2c_i801 rng_core 
8250_pci irda pcspkr serio_raw nvram parport_pc 8250_pnp rtc_core parport 
button rtc_lib processor battery ac crc_ccitt 8250 serial_core evdev ext3 jbd 
mbcache sd_mod ata_generic pata_acpi ata_piix libata uhci_hcd ehci_hcd e1000 
scsi_mod usbcore intel_agp agpgart video output thermal fan unix 
cpufreq_conservative cpufreq_ondemand freq_table radeonfb fb_ddc backlight 
i2c_algo_bit cfbcopyarea i2c_core cfbimgblt cfbfillrect fbcon tileblit font 
bitblit softcursor fb
Pid: 52, comm: kacpi_notify Tainted: G        W  2.6.30 #1
Call Trace:
 [<c011f839>] warn_slowpath_common+0x60/0x90
 [<f9767132>] ? bay_notify+0x0/0x5e [thinkpad_acpi]
 [<c011f89d>] warn_slowpath_fmt+0x24/0x27
 [<f9767167>] bay_notify+0x35/0x5e [thinkpad_acpi]
 [<f9767023>] dispatch_acpi_notify+0x23/0x26 [thinkpad_acpi]
 [<c02018cd>] acpi_ev_notify_dispatch+0x4c/0x57
 [<c01f4488>] acpi_os_execute_deferred+0x20/0x2c
 [<c012cff6>] worker_thread+0x15a/0x1fd
 [<c01f4468>] ? acpi_os_execute_deferred+0x0/0x2c
 [<c012fc7d>] ? autoremove_wake_function+0x0/0x33
 [<c012ce9c>] ? worker_thread+0x0/0x1fd
 [<c012f8bc>] kthread+0x42/0x67
 [<c012f87a>] ? kthread+0x0/0x67
 [<c01030d3>] kernel_thread_helper+0x7/0x10
---[ end trace 0469584017b9bddc ]---

Hope it helps...

Best regards,
JÃ¶rg
--
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Henrique de Moraes Holschuh June 18, 2009, 10:10 p.m. UTC | #2

On Thu, 18 Jun 2009, Joerg Platte wrote:
> Am Wednesday, 17. June 2009 schrieb Henrique de Moraes Holschuh:
> > If it causes a NULL derreference, it means someone has changed API and did
> > NOT change all callsites.  It is that simple.
> >
> thinkpad_acpi: dev_name() is returning NULL

There it is.  "Someone set us up the bomb."

> Hope it helps...

Yes, it does.  Thank you.  Now at least I know what to look for.

diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index 912be65..03e4d16 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -4556,6 +4556,14 @@  static int __init bay_init(struct ibm_init_struct *iibm)
 
 static void bay_notify(struct ibm_struct *ibm, u32 event)
 {
+	if (WARN(!ibm, TPACPI_ERR "ibm is NULL\n"))
+		return;
+	if (WARN(!ibm->acpi->device, TPACPI_ERR "ibm->acpi->device is NULL\n"))
+		return;
+	if (WARN(!ibm->acpi->device->pnp.device_class, TPACPI_ERR "ibm->acpi->device->pnp.device_class is NULL\n"))
+		return;
+	if (WARN(!dev_name(&ibm->acpi->device->dev), TPACPI_ERR "dev_name() is returning NULL\n"))
+		return;
 	acpi_bus_generate_proc_event(ibm->acpi->device, event, 0);
 	acpi_bus_generate_netlink_event(ibm->acpi->device->pnp.device_class,
 					  dev_name(&ibm->acpi->device->dev),

[2.6.30] Kernel bug with dock driver

Commit Message

Comments

Patch