* kernel oops @ 2008-07-23 12:52 Andrei Popa 2008-07-23 13:23 ` [PATCH] cdc-acm: don't unlock acm->mutex on error path Alexey Dobriyan 2008-07-23 17:11 ` kernel oops Vegard Nossum 0 siblings, 2 replies; 6+ messages in thread From: Andrei Popa @ 2008-07-23 12:52 UTC (permalink / raw) To: Linux Kernel Mailing List Hello, I installed gnokii-0.6.22-r2 and gave the command "gnokii --identify" and the kernel oopsed: BUG: unable to handle kernel NULL pointer dereference at 00000458 IP: [<c0444b52>] mutex_unlock+0x0/0xb *pde = 00000000 Oops: 0002 [#1] PREEMPT SMP Pid: 19043, comm: gnokii Not tainted (2.6.26-ineo7 #2) EIP: 0060:[<c0444b52>] EFLAGS: 00010246 CPU: 0 EIP is at mutex_unlock+0x0/0xb EAX: 00000458 EBX: 00000000 ECX: df90a000 EDX: dc722100 ESI: df90a000 EDI: 00000458 EBP: 00000100 ESP: dc736e54 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process gnokii (pid: 19043, ti=dc736000 task=dfb3c6c0 task.ti=dc736000) Stack: c03830ae 00000000 dc736e84 00000000 ffffffea ffffffed c0383062 dc722100 00000100 c023cbfd 0902e0ff 0a600000 df90a000 00000000 df857544 dc713240 00000000 c023ca9e c016951c dc722100 00000000 dc722100 dc713240 00000000 Call Trace: [<c03830ae>] acm_tty_open+0x4c/0x214 [<c0383062>] acm_tty_open+0x0/0x214 [<c023cbfd>] tty_open+0x15f/0x2a6 [<c023ca9e>] tty_open+0x0/0x2a6 [<c016951c>] chrdev_open+0x98/0x149 [<c0169484>] chrdev_open+0x0/0x149 [<c0165dde>] __dentry_open+0xfd/0x222 [<c0165f96>] nameidata_to_filp+0x2e/0x53 [<c016f80b>] do_filp_open+0x1bb/0x64f [<c016610e>] get_unused_fd_flags+0xb3/0xe3 [<c016d383>] do_getname+0x4b/0x82 [<c0166239>] do_sys_open+0x50/0xdd [<c01662f2>] sys_open+0x2c/0x3c [<c0102eb1>] sysenter_past_esp+0x6a/0x91 [<c0440000>] init_chipset_sis5513+0x1b2/0x1c5 ======================= Code: 44 24 38 ec 2a 13 c0 e8 06 ff ff ff 8b 5c 24 48 8b 74 24 4c 8b 7c 24 50 8b 6c 24 54 83 c4 58 c3 f0 ff 08 79 05 e8 9e 00 00 00 c3 <f0> ff 00 7f 05 e8 01 00 00 00 c3 83 ec 08 89 74 24 04 8d 70 04 EIP: [<c0444b52>] mutex_unlock+0x0/0xb SS:ESP 0068:dc736e54 ---[ end trace 2723488af998d371 ]--- Nms ~ # ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] cdc-acm: don't unlock acm->mutex on error path 2008-07-23 12:52 kernel oops Andrei Popa @ 2008-07-23 13:23 ` Alexey Dobriyan 2008-07-23 13:36 ` Andrei Popa 2008-07-23 17:11 ` kernel oops Vegard Nossum 1 sibling, 1 reply; 6+ messages in thread From: Alexey Dobriyan @ 2008-07-23 13:23 UTC (permalink / raw) To: Andrei Popa; +Cc: linux-kernel, akpm, gregkh On Wed, Jul 23, 2008 at 03:52:36PM +0300, Andrei Popa wrote: > I installed gnokii-0.6.22-r2 and gave the command "gnokii --identify" > and the kernel oopsed: > > BUG: unable to handle kernel NULL pointer dereference at 00000458 > IP: [<c0444b52>] mutex_unlock+0x0/0xb > [<c03830ae>] acm_tty_open+0x4c/0x214 Try this: [PATCH] cdc-acm: don't unlock acm->mutex on error path Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- drivers/usb/class/cdc-acm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -595,8 +595,8 @@ static int acm_tty_open(struct tty_struct *tty, struct file *filp) tasklet_schedule(&acm->urb_task); done: -err_out: mutex_unlock(&acm->mutex); +err_out: mutex_unlock(&open_mutex); return rv; ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] cdc-acm: don't unlock acm->mutex on error path 2008-07-23 13:23 ` [PATCH] cdc-acm: don't unlock acm->mutex on error path Alexey Dobriyan @ 2008-07-23 13:36 ` Andrei Popa 0 siblings, 0 replies; 6+ messages in thread From: Andrei Popa @ 2008-07-23 13:36 UTC (permalink / raw) To: Alexey Dobriyan; +Cc: linux-kernel, akpm, gregkh It's ok now, thanks. On Wed, 2008-07-23 at 17:23 +0400, Alexey Dobriyan wrote: > On Wed, Jul 23, 2008 at 03:52:36PM +0300, Andrei Popa wrote: > > I installed gnokii-0.6.22-r2 and gave the command "gnokii --identify" > > and the kernel oopsed: > > > > BUG: unable to handle kernel NULL pointer dereference at 00000458 > > IP: [<c0444b52>] mutex_unlock+0x0/0xb > > [<c03830ae>] acm_tty_open+0x4c/0x214 > > Try this: > > [PATCH] cdc-acm: don't unlock acm->mutex on error path > > Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> > --- > > drivers/usb/class/cdc-acm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/drivers/usb/class/cdc-acm.c > +++ b/drivers/usb/class/cdc-acm.c > @@ -595,8 +595,8 @@ static int acm_tty_open(struct tty_struct *tty, struct file *filp) > tasklet_schedule(&acm->urb_task); > > done: > -err_out: > mutex_unlock(&acm->mutex); > +err_out: > mutex_unlock(&open_mutex); > return rv; > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: kernel oops 2008-07-23 12:52 kernel oops Andrei Popa 2008-07-23 13:23 ` [PATCH] cdc-acm: don't unlock acm->mutex on error path Alexey Dobriyan @ 2008-07-23 17:11 ` Vegard Nossum 2008-08-18 16:33 ` Vegard Nossum 1 sibling, 1 reply; 6+ messages in thread From: Vegard Nossum @ 2008-07-23 17:11 UTC (permalink / raw) To: Andrei Popa, Oliver Neukum, Greg Kroah-Hartman; +Cc: Linux Kernel Mailing List Hi, On Wed, Jul 23, 2008 at 2:52 PM, Andrei Popa <andrei.popa@i-neo.ro> wrote: > > Hello, > > I installed gnokii-0.6.22-r2 and gave the command "gnokii --identify" > and the kernel oopsed: > > BUG: unable to handle kernel NULL pointer dereference at 00000458 > IP: [<c0444b52>] mutex_unlock+0x0/0xb > *pde = 00000000 > Oops: 0002 [#1] PREEMPT SMP > > Pid: 19043, comm: gnokii Not tainted (2.6.26-ineo7 #2) > EIP: 0060:[<c0444b52>] EFLAGS: 00010246 CPU: 0 > EIP is at mutex_unlock+0x0/0xb ... > [<c03830ae>] acm_tty_open+0x4c/0x214 This shouldn't be too hard; the code is trying to unlock the mutex &acm->mutex even when "acm" is NULL. It seems that the label "err_out" is otherwise unused, so it makes sense to move this one step further down, so that it doesn't try to unlock the non-existant mutex. If the problem is reproducible, you could try the patch below! Vegard PS: I actually think the code has some other problems too. Shouldn't &acm->mutex be locked before we even inspect acm->dev? Reported-by: Andrei Popa <andrei.popa@i-neo.ro> Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 63c3404..74d03a7 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -525,8 +525,8 @@ static int acm_tty_open(struct tty_struct *tty, struct file *filp) tasklet_schedule(&acm->urb_task); done: -err_out: mutex_unlock(&acm->mutex); +err_out: mutex_unlock(&open_mutex); return rv; ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: kernel oops 2008-07-23 17:11 ` kernel oops Vegard Nossum @ 2008-08-18 16:33 ` Vegard Nossum 2008-08-18 16:39 ` Greg KH 0 siblings, 1 reply; 6+ messages in thread From: Vegard Nossum @ 2008-08-18 16:33 UTC (permalink / raw) To: Andrei Popa, Oliver Neukum, Greg Kroah-Hartman Cc: Andrew Morton, Linux Kernel Mailing List On Wed, Jul 23, 2008 at 7:11 PM, Vegard Nossum <vegard.nossum@gmail.com> wrote: > On Wed, Jul 23, 2008 at 2:52 PM, Andrei Popa <andrei.popa@i-neo.ro> wrote: >> >> I installed gnokii-0.6.22-r2 and gave the command "gnokii --identify" >> and the kernel oopsed: >> >> BUG: unable to handle kernel NULL pointer dereference at 00000458 >> IP: [<c0444b52>] mutex_unlock+0x0/0xb >> *pde = 00000000 >> Oops: 0002 [#1] PREEMPT SMP >> >> Pid: 19043, comm: gnokii Not tainted (2.6.26-ineo7 #2) >> EIP: 0060:[<c0444b52>] EFLAGS: 00010246 CPU: 0 >> EIP is at mutex_unlock+0x0/0xb > ... >> [<c03830ae>] acm_tty_open+0x4c/0x214 > > This shouldn't be too hard; the code is trying to unlock the mutex > &acm->mutex even when "acm" is NULL. It seems that the label "err_out" > is otherwise unused, so it makes sense to move this one step further > down, so that it doesn't try to unlock the non-existent mutex. > > If the problem is reproducible, you could try the patch below! > > > Vegard > > PS: I actually think the code has some other problems too. Shouldn't > &acm->mutex be locked before we even inspect acm->dev? > > > Reported-by: Andrei Popa <andrei.popa@i-neo.ro> > Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> > > diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c > index 63c3404..74d03a7 100644 > --- a/drivers/usb/class/cdc-acm.c > +++ b/drivers/usb/class/cdc-acm.c > @@ -525,8 +525,8 @@ static int acm_tty_open(struct tty_struct *tty, struct file *filp) > tasklet_schedule(&acm->urb_task); > > done: > -err_out: > mutex_unlock(&acm->mutex); > +err_out: > mutex_unlock(&open_mutex); > return rv; > > Hi, Latest -git seems to have the same problem, and this was about three weeks ago, so.. Ping? Vegard -- "The animistic metaphor of the bug that maliciously sneaked in while the programmer was not looking is intellectually dishonest as it disguises that the error is the programmer's own creation." -- E. W. Dijkstra, EWD1036 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: kernel oops 2008-08-18 16:33 ` Vegard Nossum @ 2008-08-18 16:39 ` Greg KH 0 siblings, 0 replies; 6+ messages in thread From: Greg KH @ 2008-08-18 16:39 UTC (permalink / raw) To: Vegard Nossum Cc: Andrei Popa, Oliver Neukum, Andrew Morton, Linux Kernel Mailing List On Mon, Aug 18, 2008 at 06:33:42PM +0200, Vegard Nossum wrote: > On Wed, Jul 23, 2008 at 7:11 PM, Vegard Nossum <vegard.nossum@gmail.com> wrote: > > On Wed, Jul 23, 2008 at 2:52 PM, Andrei Popa <andrei.popa@i-neo.ro> wrote: > >> > >> I installed gnokii-0.6.22-r2 and gave the command "gnokii --identify" > >> and the kernel oopsed: > >> > >> BUG: unable to handle kernel NULL pointer dereference at 00000458 > >> IP: [<c0444b52>] mutex_unlock+0x0/0xb > >> *pde = 00000000 > >> Oops: 0002 [#1] PREEMPT SMP > >> > >> Pid: 19043, comm: gnokii Not tainted (2.6.26-ineo7 #2) > >> EIP: 0060:[<c0444b52>] EFLAGS: 00010246 CPU: 0 > >> EIP is at mutex_unlock+0x0/0xb > > ... > >> [<c03830ae>] acm_tty_open+0x4c/0x214 > > > > This shouldn't be too hard; the code is trying to unlock the mutex > > &acm->mutex even when "acm" is NULL. It seems that the label "err_out" > > is otherwise unused, so it makes sense to move this one step further > > down, so that it doesn't try to unlock the non-existent mutex. > > > > If the problem is reproducible, you could try the patch below! > > > > > > Vegard > > > > PS: I actually think the code has some other problems too. Shouldn't > > &acm->mutex be locked before we even inspect acm->dev? > > > > > > Reported-by: Andrei Popa <andrei.popa@i-neo.ro> > > Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> > > > > diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c > > index 63c3404..74d03a7 100644 > > --- a/drivers/usb/class/cdc-acm.c > > +++ b/drivers/usb/class/cdc-acm.c > > @@ -525,8 +525,8 @@ static int acm_tty_open(struct tty_struct *tty, struct file *filp) > > tasklet_schedule(&acm->urb_task); > > > > done: > > -err_out: > > mutex_unlock(&acm->mutex); > > +err_out: > > mutex_unlock(&open_mutex); > > return rv; > > > > > > Hi, > > Latest -git seems to have the same problem, and this was about three > weeks ago, so.. Ping? Hm, I thought I took a patch to fix this a few weeks ago. Oliver, have I missed anything recently? thanks, greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-08-18 16:42 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2008-07-23 12:52 kernel oops Andrei Popa 2008-07-23 13:23 ` [PATCH] cdc-acm: don't unlock acm->mutex on error path Alexey Dobriyan 2008-07-23 13:36 ` Andrei Popa 2008-07-23 17:11 ` kernel oops Vegard Nossum 2008-08-18 16:33 ` Vegard Nossum 2008-08-18 16:39 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).