* [FYI] Unaligned memory access in DVB-X code causes immediate kernel panic on arm 32-bit
@ 2020-07-04 13:39 Hans Petter Selasky
2020-07-04 19:23 ` Sean Young
0 siblings, 1 reply; 2+ messages in thread
From: Hans Petter Selasky @ 2020-07-04 13:39 UTC (permalink / raw)
To: Linux Media Mailing List
Hi,
Plugging the "TeVii S660" on ARM v7 (32-bit) causes an immediate kernel
panic, because of unaligned memory access.
For more information see the following thread:
https://forums.freebsd.org/threads/tevii-s660-usb-dvb-s2-working.75977/
The backtrace goes like this (Linux 5.7, Torvald's)
#0 0x002dafbc in ts2020_read_tuner_gain (fe=<optimized out>, v_agc=0,
_gain=0x207b31de)
at media_tree/drivers/media/dvb-frontends/ts2020.c:380
380 *_gain = -((__s64)gain1 * 2650 +
[Current thread is 1 (LWP 100158)]
(gdb) bt
#0 0x002dafbc in ts2020_read_tuner_gain (fe=<optimized out>, v_agc=0,
_gain=0x207b31de)
at media_tree/drivers/media/dvb-frontends/ts2020.c:380
#1 ts2020_get_tuner_gain (fe=<optimized out>, _gain=0x207b31de)
at media_tree/drivers/media/dvb-frontends/ts2020.c:421
#2 ts2020_stat_work (work=<optimized out>) at
media_tree/drivers/media/dvb-frontends/ts2020.c:437
#3 0x002db21c in ts2020_init (fe=<optimized out>) at
media_tree/drivers/media/dvb-frontends/ts2020.c:148
#4 0x00350cc4 in dvb_frontend_init (fe=0x207b2f08) at
media_tree/drivers/media/dvb-core/dvb_frontend.c:336
#5 dvb_frontend_thread (data=0x207b2f08) at
media_tree/drivers/media/dvb-core/dvb_frontend.c:664
#6 0x00113d98 in kthread_wrapper (arg=0x20c56000) at
kernel/linux_thread.c:531
#7 0x2058cd84 in thread_start (curthread=0x20c57000) at
/usr/src/lib/libthr/thread/thr_create.c:292
#8 0x2058c830 in _pthread_create (thread=<error reading variable:
Cannot access memory at address 0xbdae500c>,
attr=<optimized out>, start_routine=<optimized out>, arg=<optimized
out>)
at /usr/src/lib/libthr/thread/thr_create.c:188
--HPS
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [FYI] Unaligned memory access in DVB-X code causes immediate kernel panic on arm 32-bit
2020-07-04 13:39 [FYI] Unaligned memory access in DVB-X code causes immediate kernel panic on arm 32-bit Hans Petter Selasky
@ 2020-07-04 19:23 ` Sean Young
0 siblings, 0 replies; 2+ messages in thread
From: Sean Young @ 2020-07-04 19:23 UTC (permalink / raw)
To: Hans Petter Selasky; +Cc: Linux Media Mailing List
Hi,
On Sat, Jul 04, 2020 at 03:39:50PM +0200, Hans Petter Selasky wrote:
> Hi,
>
> Plugging the "TeVii S660" on ARM v7 (32-bit) causes an immediate kernel
> panic, because of unaligned memory access.
>
> For more information see the following thread:
>
> https://forums.freebsd.org/threads/tevii-s660-usb-dvb-s2-working.75977/
>
> The backtrace goes like this (Linux 5.7, Torvald's)
>
> #0 0x002dafbc in ts2020_read_tuner_gain (fe=<optimized out>, v_agc=0,
> _gain=0x207b31de)
> at media_tree/drivers/media/dvb-frontends/ts2020.c:380
> 380 *_gain = -((__s64)gain1 * 2650 +
So this is a reference to s64 svalue in struct dtv_stats. This is unaligned
because the struct is packed. Making the struct packed seems like a terrible
idea, but it's in the uapi so we can't change it.
Now, what I don't understand is why this hasn't been spotted before. There
are a few dvb drivers that use struct dtv_stats, and surely someone must
have tried them on arm at some point. Unless they just return bogus stats
on Linux since unaligned does not trap?
The correct solution is wrap all of these in {get,put}_unaligned().
It would be nice to hear what happens on Linux (arm) rather than FreeBSD.
Sean
> [Current thread is 1 (LWP 100158)]
> (gdb) bt
> #0 0x002dafbc in ts2020_read_tuner_gain (fe=<optimized out>, v_agc=0,
> _gain=0x207b31de)
> at media_tree/drivers/media/dvb-frontends/ts2020.c:380
> #1 ts2020_get_tuner_gain (fe=<optimized out>, _gain=0x207b31de)
> at media_tree/drivers/media/dvb-frontends/ts2020.c:421
> #2 ts2020_stat_work (work=<optimized out>) at
> media_tree/drivers/media/dvb-frontends/ts2020.c:437
> #3 0x002db21c in ts2020_init (fe=<optimized out>) at
> media_tree/drivers/media/dvb-frontends/ts2020.c:148
> #4 0x00350cc4 in dvb_frontend_init (fe=0x207b2f08) at
> media_tree/drivers/media/dvb-core/dvb_frontend.c:336
> #5 dvb_frontend_thread (data=0x207b2f08) at
> media_tree/drivers/media/dvb-core/dvb_frontend.c:664
> #6 0x00113d98 in kthread_wrapper (arg=0x20c56000) at
> kernel/linux_thread.c:531
> #7 0x2058cd84 in thread_start (curthread=0x20c57000) at
> /usr/src/lib/libthr/thread/thr_create.c:292
> #8 0x2058c830 in _pthread_create (thread=<error reading variable: Cannot
> access memory at address 0xbdae500c>,
> attr=<optimized out>, start_routine=<optimized out>, arg=<optimized
> out>)
> at /usr/src/lib/libthr/thread/thr_create.c:188
>
> --HPS
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-04 19:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-04 13:39 [FYI] Unaligned memory access in DVB-X code causes immediate kernel panic on arm 32-bit Hans Petter Selasky
2020-07-04 19:23 ` Sean Young
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).