All of lore.kernel.org
 help / color / mirror / Atom feed
* divide by zero in termios when setting bluetooth
@ 2009-12-01 15:13 Pavel Machek
  2009-12-01 15:52 ` Alan Cox
  0 siblings, 1 reply; 5+ messages in thread
From: Pavel Machek @ 2009-12-01 15:13 UTC (permalink / raw)
  To: kernel list; +Cc: linux-bluetooth, Marcel Holtmann

Hi!

I triggered this by mistake... "W" taint is from the  WARN_ON()
before.
							Pavel

root@amd:~# setserial /dev/ttyBT baud_base $[115200*1]
root@amd:~# echo $[115200/8]
14400
root@amd:~# hciattach -s 14400 /dev/ttyS0 bcsp 1440
divide error: 0000 [#1] SMP DEBUG_PAGEALLOC
last sysfs file:
/sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/firmware/0000:03:00.0/loading
Modules linked in:

Pid: 2058, comm: hciattach Tainted: G        W
(2.6.32-rc8-00165-g2471433-dirty #92) 17097HU
EIP: 0060:[<c043de2f>] EFLAGS: 00010246 CPU: 1
EIP is at uart_get_divisor+0x1f/0x40
EAX: 001c2000 EBX: 00000000 ECX: c0f9bf40 EDX: 00000000
ESI: c0f9bf40 EDI: f6316550 EBP: c5fe7d0c ESP: c5fe7d08
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process hciattach (pid: 2058, ti=c5fe6000 task=f6096680
task.ti=c5fe6000)
Stack:
 00000013 c5fe7d3c c0442780 00000007 00007080 00000000 00000001
00000000
<0> 00000001 c03e1d6b c09e6d80 c0f9bf40 c5fe7d98 c5fe7d50 c043deaf
f631f7f0
<0> c5fe7d98 f631f7f0 c5fe7d7c c043e57d f58fc7f0 f631f868 00001cb7
22222222
Call Trace:
 [<c0442780>] ? serial8250_set_termios+0x360/0x420
 [<c03e1d6b>] ? set_termios+0xcb/0x430
 [<c043deaf>] ? uart_change_speed+0x5f/0x90
 [<c043e57d>] ? uart_set_termios+0x3d/0x250
 [<c03e1efd>] ? set_termios+0x25d/0x430
 [<c03e2560>] ? tty_mode_ioctl+0x3c0/0x5b0
 [<c03dcf33>] ? tty_wakeup+0x33/0x70
 [<c03e299b>] ? tty_ldisc_try+0x1b/0x50
 [<c03e278a>] ? n_tty_ioctl_helper+0x3a/0x190
Dec  1 12:30:25 amd kernel:  [<c0594c5e>] ?
hci_uart_tty_ioctl+0x5e/0x240
Dec  1 12:30:25 amd kernel:  [<c0594c00>] ?
hci_uart_tty_ioctl+0x0/0x240
Dec  1 12:30:25 amd kernel:  [<c0594c00>] ?
hci_uart_tty_ioctl+0x0/0x240
Dec  1 12:30:25 amd kernel:  [<c03dd1be>] ? tty_ioctl+0xae/0x880
Dec  1 12:30:25 amd kernel:  [<c03dd110>] ? tty_ioctl+0x0/0x880
Dec  1 12:30:25 amd kernel:  [<c02a4ae8>] ? vfs_ioctl+0x28/0x80
Dec  1 12:30:25 amd kernel:  [<c02a4faa>] ? do_vfs_ioctl+0x39a/0x590
Dec  1 12:30:25 amd kernel:  [<c0282037>] ? handle_mm_fault+0xe7/0x5e0
Dec  1 12:30:25 amd kernel:  [<c0249646>] ? up_read+0x16/0x30
Dec  1 12:30:25 amd kernel:  [<c02a51d9>] ? sys_ioctl+0x39/0x70
Dec  1 12:30:25 amd kernel:  [<c0202e50>] ? sysenter_do_call+0x12/0x31
Dec  1 12:30:25 amd kernel: Code: 86 84 00 00 00 5e 5d c3 8d 74 26 00
55 81 fa 00 96 00 00 89 e5 89 c1 53 89 d3 74 18 8d 04 dd 00 00 00 00
31 d2 03 41 34 c1 e3 04 <f7> f3 5b 5d c3 8d 74 26 00 8b 40 7c 25
30 10 00 00 83 f8 30 75
Dec  1 12:30:25 amd kernel: EIP: [<c043de2f>]
uart_get_divisor+0x1f/0x40 SS:ESP 0068:c5fe7d08
Dec  1 12:30:25 amd kernel: ---[ end trace bab0b3b26c16fcf6 ]---

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: divide by zero in termios when setting bluetooth
  2009-12-01 15:13 divide by zero in termios when setting bluetooth Pavel Machek
@ 2009-12-01 15:52 ` Alan Cox
  2009-12-01 16:01   ` Pavel Machek
  0 siblings, 1 reply; 5+ messages in thread
From: Alan Cox @ 2009-12-01 15:52 UTC (permalink / raw)
  To: Pavel Machek; +Cc: kernel list, linux-bluetooth, Marcel Holtmann

On Tue, 1 Dec 2009 16:13:16 +0100
Pavel Machek <pavel@ucw.cz> wrote:

> Hi!
> 
> I triggered this by mistake... "W" taint is from the  WARN_ON()
> before.

This ought to fix it

serial: Fix crash if the minimum rate of the device is > 9600 baud

From: Alan Cox <alan@linux.intel.com>

In that situation if the old rate is invalid and the new rate is invalid
and the chip cannot do 9600 baud we report zero, which makes all the
drivers explode.

Instead force the rate based on min/max

Signed-off-by: Alan Cox <alan@linux.intel.com>
---

 drivers/serial/serial_core.c |   17 ++++++++++++-----
 1 files changed, 12 insertions(+), 5 deletions(-)


diff --git a/drivers/serial/serial_core.c b/drivers/serial/serial_core.c
index 047530b..bd7ec4b 100644
--- a/drivers/serial/serial_core.c
+++ b/drivers/serial/serial_core.c
@@ -385,13 +385,20 @@ uart_get_baud_rate(struct uart_port *port, struct ktermios *termios,
 		}
 
 		/*
-		 * As a last resort, if the quotient is zero,
-		 * default to 9600 bps
+		 * As a last resort, if the range cannot be met then clip to
+		 * the nearest chip supported rate.
 		 */
-		if (!hung_up)
-			tty_termios_encode_baud_rate(termios, 9600, 9600);
+		if (!hung_up) {
+			if (baud <= min)                
+				tty_termios_encode_baud_rate(termios,
+							min + 1, min + 1);
+			else
+				tty_termios_encode_baud_rate(termios,
+							max - 1, max - 1);
+		}
 	}
-
+	/* Should never happen */
+	WARN_ON(1);
 	return 0;
 }
 

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: divide by zero in termios when setting bluetooth
  2009-12-01 15:52 ` Alan Cox
@ 2009-12-01 16:01   ` Pavel Machek
  2009-12-01 19:00     ` Alan Cox
  0 siblings, 1 reply; 5+ messages in thread
From: Pavel Machek @ 2009-12-01 16:01 UTC (permalink / raw)
  To: Alan Cox; +Cc: kernel list, linux-bluetooth, Marcel Holtmann

Hi!

> > I triggered this by mistake... "W" taint is from the  WARN_ON()
> > before.
> 
> This ought to fix it
> 
> serial: Fix crash if the minimum rate of the device is > 9600 baud
> 
> From: Alan Cox <alan@linux.intel.com>
> 
> In that situation if the old rate is invalid and the new rate is invalid
> and the chip cannot do 9600 baud we report zero, which makes all the
> drivers explode.
> 
> Instead force the rate based on min/max
> 
> Signed-off-by: Alan Cox <alan@linux.intel.com>

>  		}
>  
>  		/*
> -		 * As a last resort, if the quotient is zero,
> -		 * default to 9600 bps
> +		 * As a last resort, if the range cannot be met then clip to
> +		 * the nearest chip supported rate.
>  		 */
> -		if (!hung_up)
> -			tty_termios_encode_baud_rate(termios, 9600, 9600);
> +		if (!hung_up) {
> +			if (baud <= min)                
> +				tty_termios_encode_baud_rate(termios,
> +							min + 1, min + 1);
> +			else
> +				tty_termios_encode_baud_rate(termios,
> +							max - 1, max - 1);
> +		}
>  	}
> -
> +	/* Should never happen */
> +	WARN_ON(1);
>  	return 0;

Does this mean WARN_ON() on user error? Maybe printk(KERN_ERR) with
explanation would be better?
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: divide by zero in termios when setting bluetooth
  2009-12-01 16:01   ` Pavel Machek
@ 2009-12-01 19:00     ` Alan Cox
  2009-12-01 20:36       ` Pavel Machek
  0 siblings, 1 reply; 5+ messages in thread
From: Alan Cox @ 2009-12-01 19:00 UTC (permalink / raw)
  To: Pavel Machek; +Cc: kernel list, linux-bluetooth, Marcel Holtmann

> > +	/* Should never happen */
> > +	WARN_ON(1);
> >  	return 0;
> 
> Does this mean WARN_ON() on user error? Maybe printk(KERN_ERR) with
> explanation would be better?

It shouldn't be possible to cause that case user error or otherwise.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: divide by zero in termios when setting bluetooth
  2009-12-01 19:00     ` Alan Cox
@ 2009-12-01 20:36       ` Pavel Machek
  0 siblings, 0 replies; 5+ messages in thread
From: Pavel Machek @ 2009-12-01 20:36 UTC (permalink / raw)
  To: Alan Cox; +Cc: kernel list, linux-bluetooth, Marcel Holtmann

On Tue 2009-12-01 19:00:10, Alan Cox wrote:
> > > +	/* Should never happen */
> > > +	WARN_ON(1);
> > >  	return 0;
> > 
> > Does this mean WARN_ON() on user error? Maybe printk(KERN_ERR) with
> > explanation would be better?
> 
> It shouldn't be possible to cause that case user error or otherwise.

You are right, I did not notice for() loop above. I actually tested
the change now, and it seems to fix the problem.

ACK.

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2009-12-01 20:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-12-01 15:13 divide by zero in termios when setting bluetooth Pavel Machek
2009-12-01 15:52 ` Alan Cox
2009-12-01 16:01   ` Pavel Machek
2009-12-01 19:00     ` Alan Cox
2009-12-01 20:36       ` Pavel Machek

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.