Skip to content

dwc_otg.fiq_enable=0 on Raspberry Pi 2, crash on boot #878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Clouded opened this issue Mar 10, 2015 · 0 comments
Closed

dwc_otg.fiq_enable=0 on Raspberry Pi 2, crash on boot #878

Clouded opened this issue Mar 10, 2015 · 0 comments
Assignees
@P33M

Comments

@Clouded
Copy link

Clouded commented Mar 10, 2015

Hello,

I wanted to use bare dwc_otg driver on Raspberry Pi 2, but it crashes on boot with "Unable to handle kernel NULL pointer dereference at virtual address 00000000". Should it work at all?

I've used untouched 2015-02-16-raspbian-wheezy and added the following to the cmdline (also tried without nak_holdoff):

dwc_otg.fiq_enable=0 dwc_otg.fiq_fsm_enable=0 dwc_otg.nak_holdoff=0

Bootlog:

Uncompressing Linux... done, booting the kernel.
[    0.000000] Booting Linux on physical CPU 0xf00
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Initializing cgroup subsys cpuacct
[    0.000000] Linux version 3.18.7-v7+ (dc4@dc4-XPS13-9333) (gcc version 4.8.3 20140303 (prerelease) (crosstool-NG linaro-1.13.1+b
zr2650 - Linaro GCC 2014.03) ) #755 SMP PREEMPT Thu Feb 12 17:20:48 GMT 2015
[    0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] Machine model: Raspberry Pi 2 Model B
[    0.000000] cma: Reserved 8 MiB at 0x3a800000
[    0.000000] Memory policy: Data cache writealloc
[    0.000000] [bcm2709_smp_init_cpus] enter (8620->f3003010)
[    0.000000] [bcm2709_smp_init_cpus] ncores=4
[    0.000000] PERCPU: Embedded 11 pages/cpu @ba05d000 s12864 r8192 d24000 u45056
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 239776
[    0.000000] Kernel command line: dma.dmachans=0x7f35 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=416 bcm2709.boardrev=0xa21041 bc
m2709.serial=0xac0bf87e smsc95xx.macaddr=B8:27:EB:0B:F8:7E bcm2708_fb.fbswap=1 bcm2709.disk_led_gpio=47 bcm2709.disk_led_active_low
=0 sdhci-bcm2708.emmc_clock_freq=250000000 vc_mem.mem_base=0x3dc00000 vc_mem.mem_size=0x3f000000  dwc_otg.fiq_enable=0 dwc_otg.fiq_
fsm_enable=0 dwc_otg.nak_holdoff=0 dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 ele
vator=deadline rootwait
[    0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
[    0.000000] Memory: 940740K/966656K available (5785K kernel code, 377K rwdata, 1760K rodata, 396K init, 771K bss, 25916K reserve
d)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xffe00000   (2048 kB)
[    0.000000]     vmalloc : 0xbb800000 - 0xff000000   (1080 MB)
[    0.000000]     lowmem  : 0x80000000 - 0xbb000000   ( 944 MB)
[    0.000000]     modules : 0x7f000000 - 0x80000000   (  16 MB)
[    0.000000]       .text : 0x80008000 - 0x80766748   (7546 kB)
[    0.000000]       .init : 0x80767000 - 0x807ca000   ( 396 kB)
[    0.000000]       .data : 0x807ca000 - 0x808287ec   ( 378 kB)
[    0.000000]        .bss : 0x808287ec - 0x808e96d4   ( 772 kB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] Preemptible hierarchical RCU implementation.
[    0.000000] NR_IRQS:480
[    0.000000] Architected cp15 timer(s) running at 19.20MHz (virt).
[    0.000013] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 3579139424256ns
[    0.000036] Switching to timer-based delay loop, resolution 52ns
[    0.000336] Console: colour dummy device 80x30
[    0.001796] console [tty1] enabled
[    0.001848] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[    0.001931] pid_max: default: 32768 minimum: 301
[    0.002352] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.002411] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.003711] Initializing cgroup subsys memory
[    0.003802] Initializing cgroup subsys devices
[    0.003857] Initializing cgroup subsys freezer
[    0.003909] Initializing cgroup subsys net_cls
[    0.003973] Initializing cgroup subsys blkio
[    0.004096] CPU: Testing write buffer coherency: ok
[    0.004210] ftrace: allocating 19969 entries in 59 pages
[    0.053583] CPU0: update cpu_capacity 1024
[    0.053657] CPU0: thread -1, cpu 0, socket 15, mpidr 80000f00
[    0.053695] [bcm2709_smp_prepare_cpus] enter
[    0.053860] Setting up static identity map for 0x536c78 - 0x536cd0
[    0.113548] [bcm2709_boot_secondary] cpu:1 started (0) 18
[    0.113865] CPU1: Booted secondary processor
[    0.113874] [bcm2709_secondary_init] enter cpu:1
[    0.113927] CPU1: update cpu_capacity 1024
[    0.113937] CPU1: thread -1, cpu 1, socket 15, mpidr 80000f01
[    0.133516] [bcm2709_boot_secondary] cpu:2 started (0) 16
[    0.133768] CPU2: Booted secondary processor
[    0.133775] [bcm2709_secondary_init] enter cpu:2
[    0.133805] CPU2: update cpu_capacity 1024
[    0.133813] CPU2: thread -1, cpu 2, socket 15, mpidr 80000f02
[    0.153571] [bcm2709_boot_secondary] cpu:3 started (0) 17
[    0.153812] CPU3: Booted secondary processor
[    0.153819] [bcm2709_secondary_init] enter cpu:3
[    0.153852] CPU3: update cpu_capacity 1024
[    0.153861] CPU3: thread -1, cpu 3, socket 15, mpidr 80000f03
[    0.153955] Brought up 4 CPUs
[    0.154075] SMP: Total of 4 processors activated (153.60 BogoMIPS).
[    0.154108] CPU: All CPU(s) started in SVC mode.
[    0.155123] devtmpfs: initialized
[    0.178403] VFP support v0.3: implementor 41 architecture 2 part 30 variant 7 rev 5
[    0.180573] pinctrl core: initialized pinctrl subsystem
[    0.183614] NET: Registered protocol family 16
[    0.189301] DMA: preallocated 4096 KiB pool for atomic coherent allocations
[    0.213350] cpuidle: using governor ladder
[    0.243382] cpuidle: using governor menu
[    0.243847] bcm2709.uart_clock = 3000000
[    0.246631] No ATAGs?
[    0.246694] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[    0.246749] hw-breakpoint: maximum watchpoint size is 8 bytes.
[    0.246813] mailbox: Broadcom VideoCore Mailbox driver
[    0.246945] bcm2708_vcio: mailbox at f300b880
[    0.247327] bcm_power: Broadcom power driver
[    0.247370] bcm_power_open() -> 0
[    0.247399] bcm_power_request(0, 8)
[    0.748103] bcm_mailbox_read -> 00000080, 0
[    0.748135] bcm_power_request -> 0
[    0.748290] Serial: AMBA PL011 UART driver
[    0.748449] dev:f1: ttyAMA0 at MMIO 0x3f201000 (irq = 83, base_baud = 0) is a PL011 rev3
[    1.272662] console [ttyAMA0] enabled
[    1.346810] SCSI subsystem initialized
[    1.350831] usbcore: registered new interface driver usbfs
[    1.356492] usbcore: registered new interface driver hub
[    1.361951] usbcore: registered new device driver usb
[    1.368972] Switched to clocksource arch_sys_counter
[    1.403814] FS-Cache: Loaded
[    1.407068] CacheFiles: Loaded
[    1.422486] NET: Registered protocol family 2
[    1.428115] TCP established hash table entries: 8192 (order: 3, 32768 bytes)
[    1.435369] TCP bind hash table entries: 8192 (order: 4, 65536 bytes)
[    1.442070] TCP: Hash tables configured (established 8192 bind 8192)
[    1.448539] TCP: reno registered
[    1.451819] UDP hash table entries: 512 (order: 2, 16384 bytes)
[    1.457804] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[    1.464561] NET: Registered protocol family 1
[    1.469410] RPC: Registered named UNIX socket transport module.
[    1.475351] RPC: Registered udp transport module.
[    1.480142] RPC: Registered tcp transport module.
[    1.484864] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    1.492441] bcm2708_dma: DMA manager at f3007000
[    1.497255] vc-mem: phys_addr:0x00000000 mem_base=0x3dc00000 mem_size:0x3f000000(1008 MiB)
[    1.507205] futex hash table entries: 1024 (order: 4, 65536 bytes)
[    1.513669] audit: initializing netlink subsys (disabled)
[    1.519194] audit: type=2000 audit(1.299:1): initialized
[    1.540792] VFS: Disk quotas dquot_6.5.2
[    1.545103] Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[    1.554770] FS-Cache: Netfs 'nfs' registered for caching
[    1.561156] NFS: Registering the id_resolver key type
[    1.566289] Key type id_resolver registered
[    1.570516] Key type id_legacy registered
[    1.575636] msgmni has been set to 1853
[    1.581247] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[    1.588858] io scheduler noop registered
[    1.592841] io scheduler deadline registered (default)
[    1.598313] io scheduler cfq registered
[    1.604848] BCM2708FB: allocated DMA memory fac00000
[    1.609910] BCM2708FB: allocated DMA channel 0 @ f3007000
[    1.621811] Console: switching to colour frame buffer device 82x26
[    1.634116] bcm2708-dmaengine bcm2708-dmaengine: Load BCM2835 DMA engine driver
[    1.643444] uart-pl011 dev:f1: no DMA platform data
[    1.650516] vc-cma: Videocore CMA driver
[    1.656020] vc-cma: vc_cma_base      = 0x00000000
[    1.662298] vc-cma: vc_cma_size      = 0x00000000 (0 MiB)
[    1.669244] vc-cma: vc_cma_initial   = 0x00000000 (0 MiB)
[    1.687987] brd: module loaded
[    1.698644] loop: module loaded
[    1.703568] vchiq: vchiq_init_state: slot_zero = 0xba800000, is_master = 0
[    1.712754] Loading iSCSI transport class v2.0-870.
[    1.720148] usbcore: registered new interface driver smsc95xx
[    1.727476] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
[    1.935095] Core Release: 2.80a
[    1.939755] Setting default values for core params
[    1.946024] Finished setting default values for core params
[    2.153504] Using Buffer DMA mode
[    2.158285] Periodic Transfer Interrupt Enhancement - disabled
[    2.165662] Multiprocessor Interrupt Enhancement - disabled
[    2.172788] OTG VER PARAM: 0, OTG VER FLAG: 0
[    2.178700] Dedicated Tx FIFOs mode
[    2.184083] dwc_otg bcm2708_usb: DWC OTG Controller
[    2.190536] dwc_otg bcm2708_usb: new USB bus registered, assigned bus number 1
[    2.199341] dwc_otg bcm2708_usb: irq 75, io mem 0x00000000
[    2.206355] Init: Port Power? op_state=1
[    2.211781] Init: Power Port (0)
[    2.216784] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    2.225216] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    2.234077] usb usb1: Product: DWC OTG Controller
[    2.240428] usb usb1: Manufacturer: Linux 3.18.7-v7+ dwc_otg_hcd
[    2.248049] usb usb1: SerialNumber: bcm2708_usb
[    2.255136] hub 1-0:1.0: USB hub found
[    2.260550] hub 1-0:1.0: 1 port detected
[    2.266942] usbcore: registered new interface driver usb-storage
[    2.274864] mousedev: PS/2 mouse device common for all mice
[    2.282776] bcm2835-cpufreq: min=600000 max=900000
[    2.289508] sdhci: Secure Digital Host Controller Interface driver
[    2.297244] sdhci: Copyright(c) Pierre Ossman
[    2.303327] DMA channels allocated for the MMC driver
[    2.339021] Load BCM2835 MMC driver
[    2.345747] sdhci-pltfm: SDHCI platform and OF driver helper
[    2.354623] ledtrig-cpu: registered to indicate activity on CPUs
[    2.363472] hidraw: raw HID events driver (C) Jiri Kosina
[    2.370758] usbcore: registered new interface driver usbhid
[    2.377923] usbhid: USB HID core driver
[    2.385726] TCP: cubic registered
[    2.392683] Initializing XFRM netlink socket
[    2.398541] NET: Registered protocol family 17
[    2.404738] Key type dns_resolver registered
[    2.411080] Registering SWP/SWPB emulation handler
[    2.418322] registered taskstats version 1
[    2.424204] vc-sm: Videocore shared memory driver
[    2.430485] [vc_sm_connected_init]: start
[    2.436732] [vc_sm_connected_init]: end - returning 0
[    2.444454] Waiting for root device /dev/mmcblk0p2...
[    2.459121] Indeed it is in host mode hprt0 = 00021501
[    2.469017] mmc0: host does not support reading read-only switch, assuming write-enable
[    2.483084] mmc0: new high speed SDHC card at address e624
[    2.490757] mmcblk0: mmc0:e624 SL08G 7.40 GiB
[    2.498232]  mmcblk0: p1 p2
[    2.570801] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
[    2.582051] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[    2.591341] devtmpfs: mounted
[    2.596560] Freeing unused kernel memory: 396K (80767000 - 807ca000)
[    2.639114] usb 1-1: new high-speed USB device number 2 using dwc_otg
[    2.647535] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.659100] pgd = 80004000
[    2.663531] [00000000] *pgd=00000000
[    2.668854] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[    2.676017] Modules linked in:
[    2.680834] CPU: 1 PID: 32 Comm: kworker/1:1 Not tainted 3.18.7-v7+ #755
[    2.689402] Workqueue: usb_hub_wq hub_event
[    2.695441] task: b994c500 ti: b9a94000 task.ti: b9a94000
[    2.702710] PC is at fiq_fsm_spin_lock+0x14/0x50
[    2.709152] LR is at assign_and_init_hc+0x2a8/0x610
[    2.715799] pc : [<803e34fc>]    lr : [<803d7d04>]    psr: 600001d3
[    2.715799] sp : b9a95b60  ip : b9a95b70  fp : b9a95b6c
[    2.730817] r10: b9ba11a8  r9 : 00000000  r8 : b9ba0b80
[    2.737812] r7 : b9acd000  r6 : b9ba1180  r5 : 60000193  r4 : b9b88e80
[    2.746098] r3 : 807e9ccc  r2 : 00000000  r1 : 00000000  r0 : 00000000
[    2.754338] Flags: nZCv  IRQs off  FIQs off  Mode SVC_32  ISA ARM  Segment kernel
[    2.765146] Control: 10c5387d  Table: 3903c06a  DAC: 00000015
[    2.772597] Process kworker/1:1 (pid: 32, stack limit = 0xb9a94238)
[    2.780572] Stack: (0xb9a95b60 to 0xb9a96000)
[    2.786601] 5b60: b9a95ba4 b9a95b70 803d7d04 803e34f4 b9a95b94 b9a95b80 80534044 800d14d8
[    2.798135] 5b80: b9b93180 8081248a b9ba1180 b9acd014 b9acd060 b9acd000 b9a95bec b9a95ba8
[    2.809918] 5ba0: 803d9c10 803d7a68 b9ba0b80 00000008 b9acd038 b9acd01c b9acdc38 20000193
[    2.821845] 5bc0: b9a95bec b9acd000 b9ba0b80 00000000 b9acdc50 00000001 b9acdc38 b9ba1100
[    2.833875] 5be0: b9a95c1c b9a95bf0 803da29c 803d99d8 b9a95c44 803afd1c b9a95c1c 00000000
[    2.846084] 5c00: 00000040 b9ba0b40 b9acd000 b9b7fe00 b9a95c74 b9a95c20 803dbe54 803da144
[    2.858448] 5c20: 00000040 b9ba0b00 f9ba0b00 00000001 00000000 8001b6c4 00000000 b9acdc50
[    2.871009] 5c40: b9a95cb4 60000113 80067a68 b9ba1100 b9b7fe00 b9ba1108 00000000 00000010
[    2.883716] 5c60: 00000002 00000100 b9a95d24 b9a95c78 803b1844 803dbc88 00000000 00000000
[    2.896476] 5c80: b9a95cc8 00000000 b9a95cac b9acdc68 0000000d 00000006 8068da40 b9a95d94
[    2.909354] 5ca0: b9a95cc8 8065f2c4 b9a95d74 b9a95cb8 8034d518 80067728 8068da40 b9a95d94
[    2.922284] 5cc0: 00000001 0000000e 53425553 45545359 73753d4d 45440062 45434956 73752b3d
[    2.935211] 5ce0: 2d313a62 b9a90031 803b2a34 803b29c0 b9a95d3c b9a95d00 803b379c b9ba1100
[    2.948139] 5d00: 00000010 00000000 00000200 b9acdc00 00000002 00000100 b9a95d6c b9a95d28
[    2.961066] 5d20: 803b3118 803b1788 00000001 00000014 b9a95d7c 80135404 b9ba0b00 00000000
[    2.973995] 5d40: b9a95d94 b9ba1100 b9a95d74 00000000 b9a95dbc 00001388 00000006 00000100
[    2.986923] 5d60: b9a95dac b9a95d70 803b3760 803b2e50 00000040 00000000 00000000 b9a95d7c
[    2.999851] 5d80: b9a95d7c 00000100 b9a95dac b9ba0b00 00000040 00000000 80000080 b9acdc00
[    3.012777] 5da0: b9a95dec b9a95db0 803b3888 803b3718 00003c91 00000080 8034d9dc b9a94028
[    3.025704] 5dc0: b9acdc68 b9acdc00 00000040 b9ba0ac0 00000003 00000000 b9a86400 00000001
[    3.038632] 5de0: b9a95e54 b9a95df0 803ab458 803b37e4 00000100 00000000 b9ba0ac0 00000040
[    3.051560] 5e00: 00001388 b9a86544 80811aa0 00000000 b9acd400 00000032 b9b7fe00 00000003
[    3.064488] 5e20: 00000002 00000002 803a9be0 b9acdc00 b9b7fe38 b9a8671c 00000001 b9a86544
[    3.077419] 5e40: 00000000 b9acd400 b9a95edc b9a95e58 803ae2d4 803ab038 00000000 b9a86400
[    3.090349] 5e60: b9a72e80 ba06a640 00000002 b9a95e78 b9a86220 b9b7fe00 b9a862bc b9a8671c
[    3.103279] 5e80: b9acd49c b9a86444 b9acd400 b9a86438 b9a8643c b9a86400 b9a8671c b9a86600
[    3.116210] 5ea0: 00000064 b9a86400 00000101 b9a86544 b9a72e80 b9a86544 b9a72e80 ba06a640
[    3.129143] 5ec0: b9a94020 ba06ef00 00000000 00000000 b9a95f1c b9a95ee0 8003b2d0 803ade20
[    3.142074] 5ee0: ba06a640 b9a94020 b9a94000 00000000 00000008 ba06a640 ba06a654 b9a94020
[    3.155007] 5f00: b9a94000 b9a72e98 00000008 b9a72e80 b9a95f5c b9a95f20 8003bd14 8003b1a4
[    3.167941] 5f20: 8053407c b9a6fb80 00000000 b9a72e80 8003bcc8 b9a6fb80 00000000 b9a72e80
[    3.180876] 5f40: 8003bcc8 00000000 00000000 00000000 b9a95fac b9a95f60 80040530 8003bcd4
[    3.193807] 5f60: 805340c4 00000000 b9a95f94 b9a72e80 00000000 00000000 b9a95f78 b9a95f78
[    3.206740] 5f80: 00000000 00000000 b9a95f88 b9a95f88 b9a6fb80 80040450 00000000 00000000
[    3.219670] 5fa0: 00000000 b9a95fb0 8000ec88 8004045c 00000000 00000000 00000000 00000000
[    3.232613] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.245541] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 55555555 55555555
[    3.258490] [<803e34fc>] (fiq_fsm_spin_lock) from [<803d7d04>] (assign_and_init_hc+0x2a8/0x610)
[    3.271954] [<803d7d04>] (assign_and_init_hc) from [<803d9c10>] (dwc_otg_hcd_select_transactions+0x244/0x370)
[    3.286642] [<803d9c10>] (dwc_otg_hcd_select_transactions) from [<803da29c>] (dwc_otg_hcd_urb_enqueue+0x164/0x1f0)
[    3.301762] [<803da29c>] (dwc_otg_hcd_urb_enqueue) from [<803dbe54>] (dwc_otg_urb_enqueue+0x1d8/0x2d4)
[    3.315819] [<803dbe54>] (dwc_otg_urb_enqueue) from [<803b1844>] (usb_hcd_submit_urb+0xc8/0x848)
[    3.329342] [<803b1844>] (usb_hcd_submit_urb) from [<803b3118>] (usb_submit_urb+0x2d4/0x4b8)
[    3.342505] [<803b3118>] (usb_submit_urb) from [<803b3760>] (usb_start_wait_urb+0x54/0xcc)
[    3.355483] [<803b3760>] (usb_start_wait_urb) from [<803b3888>] (usb_control_msg+0xb0/0xe8)
[    3.368542] [<803b3888>] (usb_control_msg) from [<803ab458>] (hub_port_init+0x42c/0xb38)
[    3.381329] [<803ab458>] (hub_port_init) from [<803ae2d4>] (hub_event+0x4c0/0xe80)
[    3.393584] [<803ae2d4>] (hub_event) from [<8003b2d0>] (process_one_work+0x138/0x408)
[    3.406097] [<8003b2d0>] (process_one_work) from [<8003bd14>] (worker_thread+0x4c/0x4d0)
[    3.418876] [<8003bd14>] (worker_thread) from [<80040530>] (kthread+0xe0/0xfc)
[    3.428504] [<80040530>] (kthread) from [<8000ec88>] (ret_from_fork+0x14/0x20)
[    3.438099] Code: e92dd800 e24cb004 f57ff05a f590f000 (e1903f9f)
[    3.446532] ---[ end trace f6fb4df865b190ad ]---
[    3.453436] note: kworker/1:1[32] exited with preempt_count 1
[    3.461620] Unable to handle kernel paging request at virtual address ffffffec
[    3.471144] pgd = 80004000
[    3.476053] [ffffffec] *pgd=3a7fa821, *pte=00000000, *ppte=00000000
[    3.484620] Internal error: Oops: 17 [#2] PREEMPT SMP ARM
[    3.492198] Modules linked in:
[    3.497398] CPU: 1 PID: 32 Comm: kworker/1:1 Tainted: G      D        3.18.7-v7+ #755
[    3.509420] task: b994c500 ti: b9a94000 task.ti: b9a94000
[    3.516920] PC is at kthread_data+0x18/0x20
[    3.523140] LR is at wq_worker_sleeping+0x1c/0xe0
[    3.529824] pc : [<80040c14>]    lr : [<8003c244>]    psr: 000001d3
[    3.529824] sp : b9a957f8  ip : b9a95808  fp : b9a95804
[    3.545205] r10: b994c7d0  r9 : 00000001  r8 : 807ea228
[    3.552306] r7 : 807c7ac0  r6 : b9a94020  r5 : ba06aac0  r4 : 00000001
[    3.560675] r3 : 00000000  r2 : 00000000  r1 : 00000001  r0 : b994c500
[    3.569012] Flags: nzcv  IRQs off  FIQs off  Mode SVC_32  ISA ARM  Segment user
[    3.578136] Control: 10c5387d  Table: 3903c06a  DAC: 00000015
[    3.585716] Process kworker/1:1 (pid: 32, stack limit = 0xb9a94238)
[    3.593848] Stack: (0xb9a957f8 to 0xb9a96000)
[    3.599977] 57e0:                                                       b9a9581c b9a95808
[    3.611576] 5800: 8003c244 80040c08 00000020 b994c500 b9a958c4 b9a95820 8052fed4 8003c234
[    3.623174] 5820: b994ca38 60000153 807f5c80 00000000 b9a95864 b9a95840 80072fc4 800d13ac
[    3.634901] 5840: 805301a8 807c7ac0 807c7ac0 807c7ac0 000004d8 b994c500 b9a95874 b9a95868
[    3.646743] 5860: 80073194 80072edc b9a958d4 b9a95878 80026518 80073180 ffffffff 00000000
[    3.658700] 5880: b994c500 807f6de0 8053bfa8 00000000 00000000 807c52e8 b9951f64 b9a94000
[    3.670851] 58a0: 00000001 b994c74c b994c4f8 b9890000 b994c500 b994c4f8 b9a958d4 b9a958c8
[    3.683165] 58c0: 805301a8 8052faec b9a95924 b9a958d8 80027e1c 80530174 b9a95914 b994c74c
[    3.695645] 58e0: 00000001 b9a958f0 b9a95914 b994c794 b9a958f0 b9a958f0 807edb20 b9a95b18
[    3.708207] 5900: b9a94000 0000000b 807edb20 00000001 803e34fe 80828ac4 b9a959ac b9a95928
[    3.720874] 5920: 80013014 8002774c b9a94238 0000000b b9a94018 00000008 00000000 00000000
[    3.733748] 5940: 600001d3 b9a94028 6594c500 64643239 20303038 63343265 34303062 37356620
[    3.746677] 5960: 35306666 35662061 30663039 28203030 30393165 66396633 80002029 8052bedc
[    3.759604] 5980: 8069f8e8 00000000 00000017 b9a95b18 00000000 00000000 b994c500 b9ba11a8
[    3.772532] 59a0: b9a959c4 b9a959b0 8052b74c 80012c50 b9a95b18 00000000 b9a95a64 b9a959c8
[    3.785460] 59c0: 80536968 8052b6f4 b9a05c00 00000000 00002900 00000020 b9a95a08 80317a20
[    3.798388] 59e0: bbc84ee0 b9a05c00 00002900 80060888 807c53b0 007d792d b9a95a24 b9a95a08
[    3.811316] 5a00: 80060888 8006fad0 007d792d 00000000 b994c548 ba06ab08 b9a95a5c b9a95a28
[    3.824245] 5a20: 8005092c 80060834 00003579 0000000a b9a95a5c b9a95a40 80050b80 00000017
[    3.837175] 5a40: 8053675c 807eea5c 00000000 b9a95b18 00000000 b9ba11a8 b9a95b14 b9a95a68
[    3.850103] 5a60: 8000842c 80536768 00000000 80050f30 b9a95aa4 b9a95a80 80089d98 804228e0
[    3.863031] 5a80: b9890048 b994c548 b994c500 80050f8c ba06ab08 b9890048 b9a95ad4 b9a95aa8
[    3.875961] 5aa0: 80050f8c 80051d24 3a22b349 00000000 b9a95adc 80051eb8 00000001 00002837
[    3.888890] 5ac0: 00000000 000025cf 00009ab9 b994c548 b9a95b24 b9a95ae0 80051eb8 800501b8
[    3.901822] 5ae0: b9a95b24 0000b800 00000001 803e34fc 600001d3 803e34fc 600001d3 ffffffff
[    3.914754] 5b00: b9a95b4c b9ba0b80 b9a95b6c b9a95b18 8053495c 800083f4 00000000 00000000
[    3.927687] 5b20: 00000000 807e9ccc b9b88e80 60000193 b9ba1180 b9acd000 b9ba0b80 00000000
[    3.940619] 5b40: b9ba11a8 b9a95b6c b9a95b70 b9a95b60 803d7d04 803e34fc 600001d3 ffffffff
[    3.953552] 5b60: b9a95ba4 b9a95b70 803d7d04 803e34f4 b9a95b94 b9a95b80 80534044 800d14d8
[    3.966484] 5b80: b9b93180 8081248a b9ba1180 b9acd014 b9acd060 b9acd000 b9a95bec b9a95ba8
[    3.979414] 5ba0: 803d9c10 803d7a68 b9ba0b80 00000008 b9acd038 b9acd01c b9acdc38 20000193
[    3.992344] 5bc0: b9a95bec b9acd000 b9ba0b80 00000000 b9acdc50 00000001 b9acdc38 b9ba1100
[    4.005272] 5be0: b9a95c1c b9a95bf0 803da29c 803d99d8 b9a95c44 803afd1c b9a95c1c 00000000
[    4.018200] 5c00: 00000040 b9ba0b40 b9acd000 b9b7fe00 b9a95c74 b9a95c20 803dbe54 803da144
[    4.031126] 5c20: 00000040 b9ba0b00 f9ba0b00 00000001 00000000 8001b6c4 00000000 b9acdc50
[    4.044051] 5c40: b9a95cb4 60000113 80067a68 b9ba1100 b9b7fe00 b9ba1108 00000000 00000010
[    4.056976] 5c60: 00000002 00000100 b9a95d24 b9a95c78 803b1844 803dbc88 00000000 00000000
[    4.069904] 5c80: b9a95cc8 00000000 b9a95cac b9acdc68 0000000d 00000006 8068da40 b9a95d94
[    4.082832] 5ca0: b9a95cc8 8065f2c4 b9a95d74 b9a95cb8 8034d518 80067728 8068da40 b9a95d94
[    4.095759] 5cc0: 00000001 0000000e 53425553 45545359 73753d4d 45440062 45434956 73752b3d
[    4.108687] 5ce0: 2d313a62 b9a90031 803b2a34 803b29c0 b9a95d3c b9a95d00 803b379c b9ba1100
[    4.121616] 5d00: 00000010 00000000 00000200 b9acdc00 00000002 00000100 b9a95d6c b9a95d28
[    4.134543] 5d20: 803b3118 803b1788 00000001 00000014 b9a95d7c 80135404 b9ba0b00 00000000
[    4.147471] 5d40: b9a95d94 b9ba1100 b9a95d74 00000000 b9a95dbc 00001388 00000006 00000100
[    4.160400] 5d60: b9a95dac b9a95d70 803b3760 803b2e50 00000040 00000000 00000000 b9a95d7c
[    4.173330] 5d80: b9a95d7c 00000100 b9a95dac b9ba0b00 00000040 00000000 80000080 b9acdc00
[    4.186262] 5da0: b9a95dec b9a95db0 803b3888 803b3718 00003c91 00000080 8034d9dc b9a94028
[    4.199192] 5dc0: b9acdc68 b9acdc00 00000040 b9ba0ac0 00000003 00000000 b9a86400 00000001
[    4.212119] 5de0: b9a95e54 b9a95df0 803ab458 803b37e4 00000100 00000000 b9ba0ac0 00000040
[    4.225047] 5e00: 00001388 b9a86544 80811aa0 00000000 b9acd400 00000032 b9b7fe00 00000003
[    4.237974] 5e20: 00000002 00000002 803a9be0 b9acdc00 b9b7fe38 b9a8671c 00000001 b9a86544
[    4.250900] 5e40: 00000000 b9acd400 b9a95edc b9a95e58 803ae2d4 803ab038 00000000 b9a86400
[    4.263828] 5e60: b9a72e80 ba06a640 00000002 b9a95e78 b9a86220 b9b7fe00 b9a862bc b9a8671c
[    4.276756] 5e80: b9acd49c b9a86444 b9acd400 b9a86438 b9a8643c b9a86400 b9a8671c b9a86600
[    4.289683] 5ea0: 00000064 b9a86400 00000101 b9a86544 b9a72e80 b9a86544 b9a72e80 ba06a640
[    4.302608] 5ec0: b9a94020 ba06ef00 00000000 00000000 b9a95f1c b9a95ee0 8003b2d0 803ade20
[    4.315531] 5ee0: ba06a640 b9a94020 b9a94000 00000000 00000008 ba06a640 ba06a654 b9a94020
[    4.328454] 5f00: b9a94000 b9a72e98 00000008 b9a72e80 b9a95f5c b9a95f20 8003bd14 8003b1a4
[    4.341380] 5f20: 8053407c b9a6fb80 00000000 b9a72e80 8003bcc8 b9a6fb80 00000000 b9a72e80
[    4.354304] 5f40: 8003bcc8 00000000 00000000 00000000 b9a95fac b9a95f60 80040530 8003bcd4
[    4.367229] 5f60: 805340c4 00000000 b9a95f94 b9a72e80 00000000 00000000 b9a95f78 b9a95f78
[    4.380155] 5f80: 00000001 00010001 b9a95f88 b9a95f88 b9a6fb80 80040450 00000000 00000000
[    4.393080] 5fa0: 00000000 b9a95fb0 8000ec88 8004045c 00000000 00000000 00000000 00000000
[    4.406005] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    4.418932] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 55555555 55555555
[    4.431880] [<80040c14>] (kthread_data) from [<8003c244>] (wq_worker_sleeping+0x1c/0xe0)
[    4.444730] [<8003c244>] (wq_worker_sleeping) from [<8052fed4>] (__schedule+0x3f4/0x688)
[    4.457569] [<8052fed4>] (__schedule) from [<805301a8>] (schedule+0x40/0x8c)
[    4.467044] [<805301a8>] (schedule) from [<80027e1c>] (do_exit+0x6dc/0x9ec)
[    4.476405] [<80027e1c>] (do_exit) from [<80013014>] (die+0x3d0/0x424)
[    4.485301] [<80013014>] (die) from [<8052b74c>] (__do_kernel_fault.part.11+0x64/0x84)
[    4.497798] [<8052b74c>] (__do_kernel_fault.part.11) from [<80536968>] (do_page_fault+0x20c/0x458)
[    4.511345] [<80536968>] (do_page_fault) from [<8000842c>] (do_DataAbort+0x44/0xa8)
[    4.523561] [<8000842c>] (do_DataAbort) from [<8053495c>] (__dabt_svc+0x3c/0x60)
[    4.535494] Exception stack(0xb9a95b18 to 0xb9a95b60)
[    4.542803] 5b00:                                                       00000000 00000000
[    4.555314] 5b20: 00000000 807e9ccc b9b88e80 60000193 b9ba1180 b9acd000 b9ba0b80 00000000
[    4.567755] 5b40: b9ba11a8 b9a95b6c b9a95b70 b9a95b60 803d7d04 803e34fc 600001d3 ffffffff
[    4.580208] [<8053495c>] (__dabt_svc) from [<803e34fc>] (fiq_fsm_spin_lock+0x14/0x50)
[    4.592313] [<803e34fc>] (fiq_fsm_spin_lock) from [<803d7d04>] (assign_and_init_hc+0x2a8/0x610)
[    4.605328] [<803d7d04>] (assign_and_init_hc) from [<803d9c10>] (dwc_otg_hcd_select_transactions+0x244/0x370)
[    4.619672] [<803d9c10>] (dwc_otg_hcd_select_transactions) from [<803da29c>] (dwc_otg_hcd_urb_enqueue+0x164/0x1f0)
[    4.634477] [<803da29c>] (dwc_otg_hcd_urb_enqueue) from [<803dbe54>] (dwc_otg_urb_enqueue+0x1d8/0x2d4)
[    4.648225] [<803dbe54>] (dwc_otg_urb_enqueue) from [<803b1844>] (usb_hcd_submit_urb+0xc8/0x848)
[    4.661445] [<803b1844>] (usb_hcd_submit_urb) from [<803b3118>] (usb_submit_urb+0x2d4/0x4b8)
[    4.674353] [<803b3118>] (usb_submit_urb) from [<803b3760>] (usb_start_wait_urb+0x54/0xcc)
[    4.687257] [<803b3760>] (usb_start_wait_urb) from [<803b3888>] (usb_control_msg+0xb0/0xe8)
[    4.700312] [<803b3888>] (usb_control_msg) from [<803ab458>] (hub_port_init+0x42c/0xb38)
[    4.713097] [<803ab458>] (hub_port_init) from [<803ae2d4>] (hub_event+0x4c0/0xe80)
[    4.725351] [<803ae2d4>] (hub_event) from [<8003b2d0>] (process_one_work+0x138/0x408)
[    4.737869] [<8003b2d0>] (process_one_work) from [<8003bd14>] (worker_thread+0x4c/0x4d0)
[    4.750651] [<8003bd14>] (worker_thread) from [<80040530>] (kthread+0xe0/0xfc)
[    4.760281] [<80040530>] (kthread) from [<8000ec88>] (ret_from_fork+0x14/0x20)
[    4.769877] Code: e24cb004 e52de004 e8bd4000 e59032a4 (e5130014)
[    4.778311] ---[ end trace f6fb4df865b190ae ]---
[    4.785209] Fixing recursive fault but reboot is needed!
@Clouded Clouded mentioned this issue Mar 30, 2015
Merged
@Clouded Clouded closed this as completed Mar 30, 2015
popcornmix pushed a commit that referenced this issue Jan 9, 2017
@mszyprow @gregkh
s5p-mfc: fix failure path of s5p_mfc_alloc_memdev()
3fbe140 
commit 3467c9a upstream.

s5p_mfc_alloc_memdev() function lacks proper releasing
of allocated device in case of reserved memory initialization
failure. This results in NULL pointer dereference:

[    2.828457] Unable to handle kernel NULL pointer dereference at virtual address 00000001
[    2.835089] pgd = c0004000
[    2.837752] [00000001] *pgd=00000000
[    2.844696] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[    2.848680] Modules linked in:
[    2.851722] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.8.0-rc6-00002-gafa1b97 #878
[    2.859357] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[    2.865433] task: ef080000 task.stack: ef06c000
[    2.869952] PC is at strcmp+0x0/0x30
[    2.873508] LR is at platform_match+0x84/0xac
[    2.877847] pc : [<c032621c>]    lr : [<c03f65e8>]    psr: 20000013
[    2.877847] sp : ef06dea0  ip : 00000000  fp : 00000000
[    2.889303] r10: 00000000  r9 : c0b34848  r8 : c0b1e968
[    2.894511] r7 : 00000000  r6 : 00000001  r5 : c086e7fc  r4 : eeb8e010
[    2.901021] r3 : 0000006d  r2 : 00000000  r1 : c086e7fc  r0 : 00000001
[    2.907533] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[    2.914649] Control: 10c5387d  Table: 4000404a  DAC: 00000051
[    2.920378] Process swapper/0 (pid: 1, stack limit = 0xef06c210)
[    2.926367] Stack: (0xef06dea0 to 0xef06e000)
[    2.930711] dea0: eeb8e010 c0c2d91c c03f4a6c c03f4a8c 00000000 c0c2d91c c03f4a6c c03f2fc8
[    2.938870] dec0: ef003274 ef10c4c0 c0c2d91c ef10cc80 c0c21270 c03f3fa4 c09c1be8 c0c2d91c
[    2.947028] dee0: 00000006 c0c2d91c 00000006 c0b3483c c0c47000 c03f5314 c0c2d908 c0b5fed8
[    2.955188] df00: 00000006 c010178c 60000013 c0a4ef14 00000000 c06feaa0 ef080000 60000013
[    2.963347] df20: 00000000 c0c095c8 efffca7 c0816b8c 000000d5 c0134098 c0b34848 c09d6cdc
[    2.971506] df40: c0a4de70 00000000 00000006 00000006 c0c09568 efffca40 c0b5fed8 00000006
[    2.979665] df60: c0b3483c c0c47000 000000d5 c0b34848 c0b005a4 c0b00d84 00000006 00000006
[    2.987824] df80: 00000000 c0b005a4 00000000 c06fb4d8 00000000 00000000 00000000 00000000
[    2.995983] dfa0: 00000000 c06fb4e0 00000000 c01079b8 00000000 00000000 00000000 00000000
[    3.004142] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.012302] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff
[    3.020469] [<c032621c>] (strcmp) from [<c03f65e8>] (platform_match+0x84/0xac)
[    3.027672] [<c03f65e8>] (platform_match) from [<c03f4a8c>] (__driver_attach+0x20/0xb0)
[    3.035654] [<c03f4a8c>] (__driver_attach) from [<c03f2fc8>] (bus_for_each_dev+0x54/0x88)
[    3.043812] [<c03f2fc8>] (bus_for_each_dev) from [<c03f3fa4>] (bus_add_driver+0xe8/0x1f4)
[    3.051971] [<c03f3fa4>] (bus_add_driver) from [<c03f5314>] (driver_register+0x78/0xf4)
[    3.059958] [<c03f5314>] (driver_register) from [<c010178c>] (do_one_initcall+0x3c/0x16c)
[    3.068123] [<c010178c>] (do_one_initcall) from [<c0b00d84>] (kernel_init_freeable+0x120/0x1ec)
[    3.076802] [<c0b00d84>] (kernel_init_freeable) from [<c06fb4e0>] (kernel_init+0x8/0x118)
[    3.084958] [<c06fb4e0>] (kernel_init) from [<c01079b8>] (ret_from_fork+0x14/0x3c)
[    3.092506] Code: 1afffffb e12fff1e e1a03000 eafffff7 (e4d03001)
[    3.098618] ---[ end trace 511bf9d750810709 ]---
[    3.103207] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

This patch fixes this issue.

Fixes: c79667d ("media: s5p-mfc: replace custom
	reserved memory handling code with generic one")

Signed-off-by: Marek Szyprowski <[email protected]>
Signed-off-by: Sylwester Nawrocki <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
popcornmix pushed a commit that referenced this issue Nov 18, 2019
@virtuoso
perf/aux: Fix the aux_output group inheritance fix
00496fe 
Commit

  f733c6b ("perf/core: Fix inheritance of aux_output groups")

adds a NULL pointer dereference in case inherit_group() races with
perf_release(), which causes the below crash:

 > BUG: kernel NULL pointer dereference, address: 000000000000010b
 > #PF: supervisor read access in kernel mode
 > #PF: error_code(0x0000) - not-present page
 > PGD 3b203b067 P4D 3b203b067 PUD 3b2040067 PMD 0
 > Oops: 0000 [#1] SMP KASAN
 > CPU: 0 PID: 315 Comm: exclusive-group Tainted: G B 5.4.0-rc3-00181-g72e1839403cb-dirty #878
 > RIP: 0010:perf_get_aux_event+0x86/0x270
 > Call Trace:
 >  ? __perf_read_group_add+0x3b0/0x3b0
 >  ? __kasan_check_write+0x14/0x20
 >  ? __perf_event_init_context+0x154/0x170
 >  inherit_task_group.isra.0.part.0+0x14b/0x170
 >  perf_event_init_task+0x296/0x4b0

Fix this by skipping over events that are getting closed, in the
inheritance path.

Signed-off-by: Alexander Shishkin <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: David Ahern <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Mark Rutland <[email protected]>
Cc: Namhyung Kim <[email protected]>
Cc: Stephane Eranian <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Vince Weaver <[email protected]>
Fixes: f733c6b ("perf/core: Fix inheritance of aux_output groups")
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
popcornmix pushed a commit that referenced this issue Sep 28, 2020
@yonghong-song
bpf: Fix a rcu warning for bpffs map pretty-print
ce880cb 
Running selftest
  ./btf_btf -p
the kernel had the following warning:
  [   51.528185] WARNING: CPU: 3 PID: 1756 at kernel/bpf/hashtab.c:717 htab_map_get_next_key+0x2eb/0x300
  [   51.529217] Modules linked in:
  [   51.529583] CPU: 3 PID: 1756 Comm: test_btf Not tainted 5.9.0-rc1+ #878
  [   51.530346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.el7.centos 04/01/2014
  [   51.531410] RIP: 0010:htab_map_get_next_key+0x2eb/0x300
  ...
  [   51.542826] Call Trace:
  [   51.543119]  map_seq_next+0x53/0x80
  [   51.543528]  seq_read+0x263/0x400
  [   51.543932]  vfs_read+0xad/0x1c0
  [   51.544311]  ksys_read+0x5f/0xe0
  [   51.544689]  do_syscall_64+0x33/0x40
  [   51.545116]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

The related source code in kernel/bpf/hashtab.c:
  709 static int htab_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
  710 {
  711         struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
  712         struct hlist_nulls_head *head;
  713         struct htab_elem *l, *next_l;
  714         u32 hash, key_size;
  715         int i = 0;
  716
  717         WARN_ON_ONCE(!rcu_read_lock_held());

In kernel/bpf/inode.c, bpffs map pretty print calls map->ops->map_get_next_key()
without holding a rcu_read_lock(), hence causing the above warning.
To fix the issue, just surrounding map->ops->map_get_next_key() with rcu read lock.

Fixes: a26ca7c ("bpf: btf: Add pretty print support to the basic arraymap")
Reported-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Yonghong Song <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Cc: Martin KaFai Lau <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
popcornmix pushed a commit that referenced this issue Oct 2, 2020
@yonghong-song @gregkh
bpf: Fix a rcu warning for bpffs map pretty-print
43cdb64 
[ Upstream commit ce880cb ]

Running selftest
  ./btf_btf -p
the kernel had the following warning:
  [   51.528185] WARNING: CPU: 3 PID: 1756 at kernel/bpf/hashtab.c:717 htab_map_get_next_key+0x2eb/0x300
  [   51.529217] Modules linked in:
  [   51.529583] CPU: 3 PID: 1756 Comm: test_btf Not tainted 5.9.0-rc1+ #878
  [   51.530346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.el7.centos 04/01/2014
  [   51.531410] RIP: 0010:htab_map_get_next_key+0x2eb/0x300
  ...
  [   51.542826] Call Trace:
  [   51.543119]  map_seq_next+0x53/0x80
  [   51.543528]  seq_read+0x263/0x400
  [   51.543932]  vfs_read+0xad/0x1c0
  [   51.544311]  ksys_read+0x5f/0xe0
  [   51.544689]  do_syscall_64+0x33/0x40
  [   51.545116]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

The related source code in kernel/bpf/hashtab.c:
  709 static int htab_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
  710 {
  711         struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
  712         struct hlist_nulls_head *head;
  713         struct htab_elem *l, *next_l;
  714         u32 hash, key_size;
  715         int i = 0;
  716
  717         WARN_ON_ONCE(!rcu_read_lock_held());

In kernel/bpf/inode.c, bpffs map pretty print calls map->ops->map_get_next_key()
without holding a rcu_read_lock(), hence causing the above warning.
To fix the issue, just surrounding map->ops->map_get_next_key() with rcu read lock.

Fixes: a26ca7c ("bpf: btf: Add pretty print support to the basic arraymap")
Reported-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Yonghong Song <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Cc: Martin KaFai Lau <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
popcornmix pushed a commit that referenced this issue Oct 2, 2020
@yonghong-song @gregkh
bpf: Fix a rcu warning for bpffs map pretty-print
bf75119 
[ Upstream commit ce880cb ]

Running selftest
  ./btf_btf -p
the kernel had the following warning:
  [   51.528185] WARNING: CPU: 3 PID: 1756 at kernel/bpf/hashtab.c:717 htab_map_get_next_key+0x2eb/0x300
  [   51.529217] Modules linked in:
  [   51.529583] CPU: 3 PID: 1756 Comm: test_btf Not tainted 5.9.0-rc1+ #878
  [   51.530346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.el7.centos 04/01/2014
  [   51.531410] RIP: 0010:htab_map_get_next_key+0x2eb/0x300
  ...
  [   51.542826] Call Trace:
  [   51.543119]  map_seq_next+0x53/0x80
  [   51.543528]  seq_read+0x263/0x400
  [   51.543932]  vfs_read+0xad/0x1c0
  [   51.544311]  ksys_read+0x5f/0xe0
  [   51.544689]  do_syscall_64+0x33/0x40
  [   51.545116]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

The related source code in kernel/bpf/hashtab.c:
  709 static int htab_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
  710 {
  711         struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
  712         struct hlist_nulls_head *head;
  713         struct htab_elem *l, *next_l;
  714         u32 hash, key_size;
  715         int i = 0;
  716
  717         WARN_ON_ONCE(!rcu_read_lock_held());

In kernel/bpf/inode.c, bpffs map pretty print calls map->ops->map_get_next_key()
without holding a rcu_read_lock(), hence causing the above warning.
To fix the issue, just surrounding map->ops->map_get_next_key() with rcu read lock.

Fixes: a26ca7c ("bpf: btf: Add pretty print support to the basic arraymap")
Reported-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Yonghong Song <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Cc: Martin KaFai Lau <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@P33M P33M

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@P33M @Clouded