* uinput oops and panic
@ 2003-08-12 22:10 Chad Kitching
2003-08-13 11:58 ` Aristeu Sergio Rozanski Filho
2003-08-13 21:37 ` Aristeu Sergio Rozanski Filho
0 siblings, 2 replies; 3+ messages in thread
From: Chad Kitching @ 2003-08-12 22:10 UTC (permalink / raw)
To: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 5543 bytes --]
Whenever I try to use the uinput sample program, I get an oops followed by a panic. The problem also exists in 2.6.0-test3-mm1, but it's a little difficult for me to get the oops reports on my laptop without a serial port, so a report from 2.6.0-test1-ac3 is all I have. I'm using uinput as a module, and preemptable or not, it still crashes.
ksymoops 2.4.9 on i686 2.6.0-test1-ac3. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.0-test1-ac3/ (default)
-m /proc/kallsyms (specified)
Error (regular_file): read_ksyms stat /proc/ksyms failed
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
Unable to handle kernel paging request at virtual address c642d000
c88488bf
*pde = 00019067
Oops: 0002 [#1]
CPU: 0
EIP: 0060:[<c88488bf>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00000246
eax: c642c004 ebx: c61fb004 ecx: ffffffea edx: 40045565
esi: 00007f00 edi: 00000000 ebp: c551ff80 esp: c551ff70
ds: 007b es: 007b ss: 0068
Stack: 0000007b c55ef004 40045565 c8848830 c551ffbc c01946d5 c55280c4 c55ef004
40045565 00007f00 bffffe24 c551e000 00000036 ffffffe7 00000001 c03621e0
00000003 400098bc bffffe24 c551e000 c010afff 00000003 40045565 00007f00
Call Trace:
[<c8848830>] uinput_ioctl+0x0/0x120 [uinput]
[<c01946d5>] sys_ioctl+0x205/0x3f0
[<c010afff>] syscall_call+0x7/0xb
Code: 0f ab 70 1c eb cd 8b 03 0f ab 70 18 eb c5 89 1c 24 e8 db f8
>>EIP; c88488bf <[uinput]uinput_ioctl+8f/120> <=====
>>eax; c642c004 <[ds]proc_bus+60067d4/83e67d0>
>>ebx; c61fb004 <[ds]proc_bus+5dd57d4/83e67d0>
>>ebp; c551ff80 <[ds]proc_bus+50fa750/83e67d0>
>>esp; c551ff70 <[ds]proc_bus+50fa740/83e67d0>
Trace; c8848830 <[uinput]uinput_ioctl+0/120>
Trace; c01946d5 <sys_ioctl+205/3f0>
Trace; c010afff <syscall_call+7/b>
Code; c88488bf <[uinput]uinput_ioctl+8f/120>
00000000 <_EIP>:
Code; c88488bf <[uinput]uinput_ioctl+8f/120> <=====
0: 0f ab 70 1c bts %esi,0x1c(%eax) <=====
Code; c88488c3 <[uinput]uinput_ioctl+93/120>
4: eb cd jmp ffffffd3 <_EIP+0xffffffd3>
Code; c88488c5 <[uinput]uinput_ioctl+95/120>
6: 8b 03 mov (%ebx),%eax
Code; c88488c7 <[uinput]uinput_ioctl+97/120>
8: 0f ab 70 18 bts %esi,0x18(%eax)
Code; c88488cb <[uinput]uinput_ioctl+9b/120>
c: eb c5 jmp ffffffd3 <_EIP+0xffffffd3>
Code; c88488cd <[uinput]uinput_ioctl+9d/120>
e: 89 1c 24 mov %ebx,(%esp,1)
Code; c88488d0 <[uinput]uinput_ioctl+a0/120>
11: e8 db f8 00 00 call f8f1 <_EIP+0xf8f1>
CPU: 0
EIP: 0060:[<c8842351>] Not tainted
EFLAGS: 00000216
eax: 0000003c ebx: c65cc000 ecx: 0000000f edx: 00000002
esi: ffffffff edi: c63a6016 ebp: c563bea4 esp: c563be80
ds: 007b es: 007b ss: 0068
Stack: 0000004e 00000020 c013338d 0000003c c5ab1004 00000002 c72188e8 c65cc000
00000000 c563bef0 c8841f81 c65cb004 00000000 000004b0 00000001 c0364328
c563bef0 c03621e0 20000001 00000000 000004f3 00000000 0000004f 00000000
Call Trace:
[<c013338d>] update_wall_time+0xd/0x40
[<c8841f81>] pcnet32_interrupt+0x3a1/0x580 [pcnet32]
[<c010d37b>] handle_IRQ_event+0x3b/0x70
[<c010d990>] do_IRQ+0x140/0x3a0
[<c0133843>] run_timer_softirq+0x303/0x430
[<c010b96c>] common_interrupt+0x18/0x20
[<c010b96c>] common_interrupt+0x18/0x20
[<c0194730>] sys_ioctl+0x260/0x3f0
[<c010afff>] syscall_call+0x7/0xb
Code: f3 a5 a8 02 74 02 66 a5 a8 01 74 01 a4 8b 4d ec 8b 41 64 01
>>EIP; c8842351 <[pcnet32]pcnet32_rx+1f1/350> <=====
>>ebx; c65cc000 <[ds]proc_bus+61a67d0/83e67d0>
>>edi; c63a6016 <[ds]proc_bus+5f807e6/83e67d0>
>>ebp; c563bea4 <[ds]proc_bus+5216674/83e67d0>
>>esp; c563be80 <[ds]proc_bus+5216650/83e67d0>
Trace; c013338d <update_wall_time+d/40>
Trace; c8841f81 <[pcnet32]pcnet32_interrupt+3a1/580>
Trace; c010d37b <handle_IRQ_event+3b/70>
Trace; c010d990 <do_IRQ+140/3a0>
Trace; c0133843 <run_timer_softirq+303/430>
Trace; c010b96c <common_interrupt+18/20>
Trace; c010b96c <common_interrupt+18/20>
Trace; c0194730 <sys_ioctl+260/3f0>
Trace; c010afff <syscall_call+7/b>
Code; c8842351 <[pcnet32]pcnet32_rx+1f1/350>
00000000 <_EIP>:
Code; c8842351 <[pcnet32]pcnet32_rx+1f1/350> <=====
0: f3 a5 repz movsl %ds:(%esi),%es:(%edi) <=====
Code; c8842353 <[pcnet32]pcnet32_rx+1f3/350>
2: a8 02 test $0x2,%al
Code; c8842355 <[pcnet32]pcnet32_rx+1f5/350>
4: 74 02 je 8 <_EIP+0x8>
Code; c8842357 <[pcnet32]pcnet32_rx+1f7/350>
6: 66 a5 movsw %ds:(%esi),%es:(%edi)
Code; c8842359 <[pcnet32]pcnet32_rx+1f9/350>
8: a8 01 test $0x1,%al
Code; c884235b <[pcnet32]pcnet32_rx+1fb/350>
a: 74 01 je d <_EIP+0xd>
Code; c884235d <[pcnet32]pcnet32_rx+1fd/350>
c: a4 movsb %ds:(%esi),%es:(%edi)
Code; c884235e <[pcnet32]pcnet32_rx+1fe/350>
d: 8b 4d ec mov 0xffffffec(%ebp),%ecx
Code; c8842361 <[pcnet32]pcnet32_rx+201/350>
10: 8b 41 64 mov 0x64(%ecx),%eax
Code; c8842364 <[pcnet32]pcnet32_rx+204/350>
13: 01 00 add %eax,(%eax)
<0>Kernel panic: Fatal exception in interrupt
1 error issued. Results may not be reliable.
[-- Attachment #2: uinput_sample.c --]
[-- Type: application/octet-stream, Size: 981 bytes --]
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <asm/types.h>
#include <linux/input.h>
#include <linux/uinput.h>
int main(int argn, char *argv[])
{
struct uinput_user_dev device;
struct input_event event;
int fd, cnt = 0;
unsigned char aux;
char buff[80];
/* open uinput device file */
fd = open("/dev/input/uinput", O_RDWR);
if (fd < 0) {
perror("open");
return fd;
}
/* sets the name of our device */
strcpy(device.name, "test keyboard");
/* inform that we'll generate key events */
ioctl(fd, UI_SET_EVBIT, EV_KEY);
/* set key events we can generate (in this case, all) */
for (aux = 1; aux < 207; cnt ++)
ioctl(fd, UI_SET_KEYBIT, cnt);
exit(0);
/* write down information for creating a new device */
if (write(fd, &device, sizeof(struct uinput_user_dev)) < 0) {
perror("write");
close(fd);
return 1;
}
/* actually creates the device */
ioctl(fd, UI_DEV_CREATE);
close(fd);
return 0;
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: uinput oops and panic
2003-08-12 22:10 uinput oops and panic Chad Kitching
@ 2003-08-13 11:58 ` Aristeu Sergio Rozanski Filho
2003-08-13 21:37 ` Aristeu Sergio Rozanski Filho
1 sibling, 0 replies; 3+ messages in thread
From: Aristeu Sergio Rozanski Filho @ 2003-08-13 11:58 UTC (permalink / raw)
To: Chad Kitching; +Cc: linux-kernel
> Whenever I try to use the uinput sample program, I get an oops followed by a panic. The problem also exists in 2.6.0-test3-mm1, but it's a little difficult for me to get the oops reports on my laptop without a serial port, so a report from 2.6.0-test1-ac3 is all I have. I'm using uinput as a module, and preemptable or not, it still crashes.
i'm checking this, thanks Chad
--
aris
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: uinput oops and panic
2003-08-12 22:10 uinput oops and panic Chad Kitching
2003-08-13 11:58 ` Aristeu Sergio Rozanski Filho
@ 2003-08-13 21:37 ` Aristeu Sergio Rozanski Filho
1 sibling, 0 replies; 3+ messages in thread
From: Aristeu Sergio Rozanski Filho @ 2003-08-13 21:37 UTC (permalink / raw)
To: Chad Kitching; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 135 bytes --]
hi,
this patch solves the problem, thanks for reporting
(i already sent it to Vojtech Pavlik that will submit it to linus)
--
aris
[-- Attachment #2: uinput-setbit.patch --]
[-- Type: text/plain, Size: 1947 bytes --]
# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.1149 -> 1.1150
# drivers/input/misc/uinput.c 1.11 -> 1.12
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/08/13 aris@cathedrallabs.org 1.1150
# verify maximum number of bits before using set_bit
# --------------------------------------------
#
diff -Nru a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
--- a/drivers/input/misc/uinput.c Wed Aug 13 17:50:03 2003
+++ b/drivers/input/misc/uinput.c Wed Aug 13 17:50:03 2003
@@ -323,36 +323,67 @@
retval = uinput_destroy_device(udev);
break;
-
case UI_SET_EVBIT:
+ if (arg > EV_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->evbit);
break;
case UI_SET_KEYBIT:
+ if (arg > KEY_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->keybit);
break;
case UI_SET_RELBIT:
+ if (arg > REL_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->relbit);
break;
case UI_SET_ABSBIT:
+ if (arg > ABS_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->absbit);
break;
case UI_SET_MSCBIT:
+ if (arg > MSC_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->mscbit);
break;
case UI_SET_LEDBIT:
+ if (arg > LED_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->ledbit);
break;
case UI_SET_SNDBIT:
+ if (arg > SND_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->sndbit);
break;
case UI_SET_FFBIT:
+ if (arg > FF_MAX) {
+ retval = -EINVAL;
+ break;
+ }
set_bit(arg, udev->dev->ffbit);
break;
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-13 21:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-12 22:10 uinput oops and panic Chad Kitching
2003-08-13 11:58 ` Aristeu Sergio Rozanski Filho
2003-08-13 21:37 ` Aristeu Sergio Rozanski Filho
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).