* [BUG] BlueTooth socket busted in 2.6.0-test5
@ 2003-09-10 22:58 Jean Tourrilhes
2003-09-10 23:39 ` Marcel Holtmann
0 siblings, 1 reply; 7+ messages in thread
From: Jean Tourrilhes @ 2003-09-10 22:58 UTC (permalink / raw)
To: Max Krasnyansky, BlueZ mailing list, Linux kernel mailing list
Hi,
This is self explanatory :
-----------------------------------------------------------
kernel BUG at include/net/sock.h:459!
invalid operand: 0000 [#1]
CPU: 1
EIP: 0060:[<d08ae64e>] Not tainted
EFLAGS: 00010282
EIP is at l2cap_sock_alloc+0x36/0xb4 [l2cap]
eax: d08b3500 ebx: c6b4de40 ecx: 00000020 edx: d08ac440
esi: 00000000 edi: 00000000 ebp: ffffffa3 esp: c81abf1c
ds: 007b es: 007b ss: 0068
Process sdpd (pid: 390, threadinfo=c81aa000 task=ce634cc0)
Stack: 00000000 d08ac524 d08ae72c c20e7780 00000000 000000d0 d08a10f4 c20e7780
00000000 c20e7780 0000007c c033ecc0 ffffff9f c01e1236 c20e7780 00000000
0000001f bffff894 c81abfa8 00000001 c01e1325 0000001f 00000005 00000000
Call Trace:
[<d08ae72c>] l2cap_sock_create+0x60/0x7c [l2cap]
[<d08a10f4>] bt_sock_create+0x8c/0xd0 [bluetooth]
[<c01e1236>] sock_create+0x12e/0x200
[<c01e1325>] sys_socket+0x1d/0x50
[<c01e216c>] sys_socketcall+0xbc/0x260
[<c0108cd3>] syscall_call+0x7/0xb
Code: 0f 0b cb 01 e2 1a 8b d0 89 83 28 01 00 00 85 c0 74 30 50 e8
-----------------------------------------------------------
Basically, the socket is already owned by the 'bluetooth'
module in bt_sock_alloc(), and the 'l2cap' module try to change the
ownersip to itself in l2cap_sock_alloc(). The socket layer doesn't
like it. At least, that's the way I read it.
Without the ability to open BT socket, BT is pretty much
useless.
Good luck...
Jean
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] BlueTooth socket busted in 2.6.0-test5
2003-09-10 22:58 [BUG] BlueTooth socket busted in 2.6.0-test5 Jean Tourrilhes
@ 2003-09-10 23:39 ` Marcel Holtmann
2003-09-10 23:47 ` Jean Tourrilhes
2003-09-11 20:32 ` Jean Tourrilhes
0 siblings, 2 replies; 7+ messages in thread
From: Marcel Holtmann @ 2003-09-10 23:39 UTC (permalink / raw)
To: Jean Tourrilhes
Cc: Max Krasnyansky, BlueZ Mailing List, Linux Kernel Mailing List
Hi Jean,
> This is self explanatory :
> -----------------------------------------------------------
> kernel BUG at include/net/sock.h:459!
> invalid operand: 0000 [#1]
> CPU: 1
> EIP: 0060:[<d08ae64e>] Not tainted
> EFLAGS: 00010282
> EIP is at l2cap_sock_alloc+0x36/0xb4 [l2cap]
> eax: d08b3500 ebx: c6b4de40 ecx: 00000020 edx: d08ac440
> esi: 00000000 edi: 00000000 ebp: ffffffa3 esp: c81abf1c
> ds: 007b es: 007b ss: 0068
> Process sdpd (pid: 390, threadinfo=c81aa000 task=ce634cc0)
> Stack: 00000000 d08ac524 d08ae72c c20e7780 00000000 000000d0 d08a10f4 c20e7780
> 00000000 c20e7780 0000007c c033ecc0 ffffff9f c01e1236 c20e7780 00000000
> 0000001f bffff894 c81abfa8 00000001 c01e1325 0000001f 00000005 00000000
> Call Trace:
> [<d08ae72c>] l2cap_sock_create+0x60/0x7c [l2cap]
> [<d08a10f4>] bt_sock_create+0x8c/0xd0 [bluetooth]
> [<c01e1236>] sock_create+0x12e/0x200
> [<c01e1325>] sys_socket+0x1d/0x50
> [<c01e216c>] sys_socketcall+0xbc/0x260
> [<c0108cd3>] syscall_call+0x7/0xb
>
> Code: 0f 0b cb 01 e2 1a 8b d0 89 83 28 01 00 00 85 c0 74 30 50 e8
>
> -----------------------------------------------------------
>
> Basically, the socket is already owned by the 'bluetooth'
> module in bt_sock_alloc(), and the 'l2cap' module try to change the
> ownersip to itself in l2cap_sock_alloc(). The socket layer doesn't
> like it. At least, that's the way I read it.
> Without the ability to open BT socket, BT is pretty much
> useless.
yesterday David Woodhouse sent a patch which should fix this.
Regards
Marcel
===== net/bluetooth/af_bluetooth.c 1.22 vs edited =====
--- 1.22/net/bluetooth/af_bluetooth.c Sun Aug 31 03:30:42 2003
+++ edited/net/bluetooth/af_bluetooth.c Tue Sep 9 11:28:51 2003
@@ -130,7 +130,6 @@
}
sock_init_data(sock, sk);
- sk_set_owner(sk, THIS_MODULE);
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
sk->sk_zapped = 0;
===== net/bluetooth/hci_sock.c 1.24 vs edited =====
--- 1.24/net/bluetooth/hci_sock.c Sat Jul 5 07:52:58 2003
+++ edited/net/bluetooth/hci_sock.c Tue Sep 9 11:30:43 2003
@@ -587,6 +587,8 @@
if (!sk)
return -ENOMEM;
+ sk_set_owner(sk, THIS_MODULE);
+
sock->state = SS_UNCONNECTED;
sk->sk_state = BT_OPEN;
===== net/bluetooth/bnep/sock.c 1.11 vs edited =====
--- 1.11/net/bluetooth/bnep/sock.c Thu Jun 5 01:57:08 2003
+++ edited/net/bluetooth/bnep/sock.c Tue Sep 9 11:29:54 2003
@@ -175,6 +175,9 @@
if (!(sk = bt_sock_alloc(sock, PF_BLUETOOTH, 0, GFP_KERNEL)))
return -ENOMEM;
+
+ sk_set_owner(sk, THIS_MODULE);
+
sock->ops = &bnep_sock_ops;
sock->state = SS_UNCONNECTED;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] BlueTooth socket busted in 2.6.0-test5
2003-09-10 23:39 ` Marcel Holtmann
@ 2003-09-10 23:47 ` Jean Tourrilhes
2003-09-11 20:32 ` Jean Tourrilhes
1 sibling, 0 replies; 7+ messages in thread
From: Jean Tourrilhes @ 2003-09-10 23:47 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Max Krasnyansky, BlueZ Mailing List, Linux Kernel Mailing List
On Thu, Sep 11, 2003 at 01:39:28AM +0200, Marcel Holtmann wrote:
> Hi Jean,
>
> yesterday David Woodhouse sent a patch which should fix this.
>
> Regards
>
> Marcel
Yep that seems to have fixed the problem.
Thanks a lot !
Jean
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [BUG] BlueTooth socket busted in 2.6.0-test5
2003-09-10 23:39 ` Marcel Holtmann
2003-09-10 23:47 ` Jean Tourrilhes
@ 2003-09-11 20:32 ` Jean Tourrilhes
2003-09-12 5:21 ` [Bluez-devel] " David Woodhouse
1 sibling, 1 reply; 7+ messages in thread
From: Jean Tourrilhes @ 2003-09-11 20:32 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Max Krasnyansky, BlueZ mailing list, Linux Kernel Mailing List
On Thu, Sep 11, 2003 at 01:39:28AM +0200, Marcel Holtmann wrote:
>
> yesterday David Woodhouse sent a patch which should fix this.
>
> Regards
>
> Marcel
My testing was too light :
------------------------------------------------------
kernel BUG at include/linux/module.h:296!
invalid operand: 0000 [#1]
CPU: 0
EIP: 0060:[<d087b72d>] Not tainted
EFLAGS: 00010246
EIP is at bnep_sock_create+0x69/0xb2 [bnep]
eax: 00000000 ebx: cf46cd00 ecx: 00000020 edx: d087d860
esi: ceac3120 edi: 00000004 ebp: ffffffa3 esp: c4031f2c
ds: 007b es: 007b ss: 0068
Process pand (pid: 1945, threadinfo=c4030000 task=ccee20a0)
Stack: 00000010 d08ac544 d08a10f4 ceac3120 00000004 ceac3120 0000007c c033ecc0
ffffff9f c01e1236 ceac3120 00000004 0000001f bffff934 c4031fa8 00000001
c01e1325 0000001f 00000003 00000004 c4031f84 00000000 c4031fa8 c01e216c
Call Trace:
[<d08a10f4>] bt_sock_create+0x8c/0xd0 [bluetooth]
[<c01e1236>] sock_create+0x12e/0x200
[<c01e1325>] sys_socket+0x1d/0x50
[<c01e216c>] sys_socketcall+0xbc/0x260
[<c010973d>] error_code+0x2d/0x38
[<c0108cd3>] syscall_call+0x7/0xb
Code: 0f 0b 28 01 7c bf 87 d0 b8 00 e0 ff ff 21 e0 8b 40 10 c1 e0
------------------------------------------------------
On top of the previous patch, I've now added :
--------------------------------------------
diff -u -p linux/net/bluetooth/bnep/sock.m1.c linux/net/blueto
oth/bnep/sock.c
--- linux/net/bluetooth/bnep/sock.m1.c Thu Sep 11 13:12:02 2003
+++ linux/net/bluetooth/bnep/sock.c Thu Sep 11 13:22:23 2003
@@ -173,6 +173,13 @@ static int bnep_sock_create(struct socke
if (sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
+ /* sk_set_owner() will use __module_get(), that require
+ * the module to have *some* refcount... I would have though the
+ * code in bt_sock_create() would do that, but it seems to
+ * increase the refcount of bluetooth.o. Jean II */
+ if(!try_module_get(THIS_MODULE))
+ return -EPROTONOSUPPORT;
+
if (!(sk = bt_sock_alloc(sock, PF_BLUETOOTH, 0, GFP_KERNEL)))
return -ENOMEM;
@@ -184,6 +191,7 @@ static int bnep_sock_create(struct socke
sk->sk_destruct = NULL;
sk->sk_protocol = protocol;
+ module_put(THIS_MODULE);
return 0;
}
--------------------------------------------
This is of course a very gross hack, but with both patches I
now can use BNEP properly. Well, you get the idea...
Have fun...
Jean
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bluez-devel] Re: [BUG] BlueTooth socket busted in 2.6.0-test5
2003-09-11 20:32 ` Jean Tourrilhes
@ 2003-09-12 5:21 ` David Woodhouse
2003-09-12 8:19 ` David Woodhouse
0 siblings, 1 reply; 7+ messages in thread
From: David Woodhouse @ 2003-09-12 5:21 UTC (permalink / raw)
To: jt
Cc: Marcel Holtmann, Max Krasnyansky, BlueZ mailing list,
Linux Kernel Mailing List
On Thu, 2003-09-11 at 13:32 -0700, Jean Tourrilhes wrote:
> My testing was too light :
> ------------------------------------------------------
> kernel BUG at include/linux/module.h:296!
<...>
> EIP is at bnep_sock_create+0x69/0xb2 [bnep]
Er, if we're actually _running_ code from the bnep module, how can it
have a zero refcount? This bug is elsewhere, surely?
Either that or it affects _all_ users of sk_set_owner() and wants fixing
there.
--
dwmw2
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bluez-devel] Re: [BUG] BlueTooth socket busted in 2.6.0-test5
2003-09-12 5:21 ` [Bluez-devel] " David Woodhouse
@ 2003-09-12 8:19 ` David Woodhouse
2003-09-12 21:34 ` Jean Tourrilhes
0 siblings, 1 reply; 7+ messages in thread
From: David Woodhouse @ 2003-09-12 8:19 UTC (permalink / raw)
To: jt
Cc: Marcel Holtmann, Max Krasnyansky, BlueZ mailing list,
Linux Kernel Mailing List
On Fri, 2003-09-12 at 06:21 +0100, David Woodhouse wrote:
> Er, if we're actually _running_ code from the bnep module, how can it
> have a zero refcount? This bug is elsewhere, surely?
Please confirm this fixes it...
===== net/bluetooth/bnep/sock.c 1.11 vs edited =====
--- 1.11/net/bluetooth/bnep/sock.c Thu Jun 5 01:57:08 2003
+++ edited/net/bluetooth/bnep/sock.c Fri Sep 12 09:16:17 2003
@@ -186,7 +189,8 @@
static struct net_proto_family bnep_sock_family_ops = {
.family = PF_BLUETOOTH,
- .create = bnep_sock_create
+ .create = bnep_sock_create,
+ .owner = THIS_MODULE
};
int __init bnep_sock_init(void)
--
dwmw2
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bluez-devel] Re: [BUG] BlueTooth socket busted in 2.6.0-test5
2003-09-12 8:19 ` David Woodhouse
@ 2003-09-12 21:34 ` Jean Tourrilhes
0 siblings, 0 replies; 7+ messages in thread
From: Jean Tourrilhes @ 2003-09-12 21:34 UTC (permalink / raw)
To: David Woodhouse
Cc: Marcel Holtmann, Max Krasnyansky, BlueZ mailing list,
Linux Kernel Mailing List
On Fri, Sep 12, 2003 at 09:19:15AM +0100, David Woodhouse wrote:
> On Fri, 2003-09-12 at 06:21 +0100, David Woodhouse wrote:
> > Er, if we're actually _running_ code from the bnep module, how can it
> > have a zero refcount? This bug is elsewhere, surely?
>
> Please confirm this fixes it...
>
> ===== net/bluetooth/bnep/sock.c 1.11 vs edited =====
> --- 1.11/net/bluetooth/bnep/sock.c Thu Jun 5 01:57:08 2003
> +++ edited/net/bluetooth/bnep/sock.c Fri Sep 12 09:16:17 2003
> @@ -186,7 +189,8 @@
>
> static struct net_proto_family bnep_sock_family_ops = {
> .family = PF_BLUETOOTH,
> - .create = bnep_sock_create
> + .create = bnep_sock_create,
> + .owner = THIS_MODULE
> };
>
> int __init bnep_sock_init(void)
>
>
> --
> dwmw2
Sorry for the slow answer, but yes, this fixes the problem
(and yes, I've removed my temporary hack).
Thanks a lot !
Jean
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-09-12 21:34 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-09-10 22:58 [BUG] BlueTooth socket busted in 2.6.0-test5 Jean Tourrilhes
2003-09-10 23:39 ` Marcel Holtmann
2003-09-10 23:47 ` Jean Tourrilhes
2003-09-11 20:32 ` Jean Tourrilhes
2003-09-12 5:21 ` [Bluez-devel] " David Woodhouse
2003-09-12 8:19 ` David Woodhouse
2003-09-12 21:34 ` Jean Tourrilhes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).