2005-04-05 09:09:45

by Michal Rokos

[permalink] [raw]
Subject: [IrDA] Oops with NULL deref in irda_device_set_media_busy

Hello,

I've problems with IrDA - when debug is off, I'm getting oops for obvious
reason...
(I don't have a log, this is just rewrite from screen:
EIP: irda_device_set_media_busy+0x15/0x40 [irda]
ali_ircc_sir_receive+0x4a/0x70
ali_ircc_sir_interrupt+0x66/0x70
ali_ircc_interrupt+0x5e/0x80
.....
)
When I turn debug on, I get just
Assertion failed! net/irda/irda_device.c:irda_device_set_media_busy:128
self != NULL

The obvious reason is that I don't have irlap module in that inits
dev->atalk_ptr, so I'm getting assertion exception in irda_device.c:489.

A few info that could be handy:

$ uname -a # It's yesterday bk snapshot
Linux csas 2.6.12-rc1-mr #14 Mon Apr 4 13:42:14 CEST 2005 i686 GNU/Linux

$ lsmod | grep ir
ircomm_tty 39176 3
ircomm 22404 1 ircomm_tty
ali_ircc 26032 0
irda 192316 3 ircomm_tty,ircomm,ali_ircc
crc_ccitt 2176 2 ppp_async,irda

$ grep IR .config
CONFIG_IRDA=m
# CONFIG_IRLAN is not set
CONFIG_IRNET=m
CONFIG_IRCOMM=m
CONFIG_IRDA_ULTRA=y
CONFIG_IRDA_CACHE_LAST_LSAP=y
CONFIG_IRDA_FAST_RR=y
CONFIG_IRDA_DEBUG=y
# SIR device drivers
# CONFIG_IRTTY_SIR is not set
# Old SIR device drivers
# CONFIG_IRPORT_SIR is not set
# FIR device drivers
# CONFIG_USB_IRDA is not set
# CONFIG_SIGMATEL_FIR is not set
# CONFIG_NSC_FIR is not set
# CONFIG_WINBOND_FIR is not set
# CONFIG_TOSHIBA_FIR is not set
# CONFIG_SMC_IRCC_FIR is not set
CONFIG_ALI_FIR=m
# CONFIG_VLSI_FIR is not set
# CONFIG_VIA_FIR is not set
# CONFIG_USB_SERIAL_IR is not set

Michal


2005-04-05 17:17:26

by Jean Tourrilhes

[permalink] [raw]
Subject: Re: [IrDA] Oops with NULL deref in irda_device_set_media_busy

On Tue, Apr 05, 2005 at 11:02:26AM +0200, Michal Rokos wrote:
> Hello,
>
> I've problems with IrDA - when debug is off, I'm getting oops for obvious
> reason...
> (I don't have a log, this is just rewrite from screen:
> EIP: irda_device_set_media_busy+0x15/0x40 [irda]
> ali_ircc_sir_receive+0x4a/0x70
> ali_ircc_sir_interrupt+0x66/0x70
> ali_ircc_interrupt+0x5e/0x80
> .....
> )
> When I turn debug on, I get just
> Assertion failed! net/irda/irda_device.c:irda_device_set_media_busy:128
> self != NULL
>
> The obvious reason is that I don't have irlap module in that inits
> dev->atalk_ptr, so I'm getting assertion exception in irda_device.c:489.

I'm unclear here. The default IrDA stack intitialise properly
dev->atalk_ptr in every case, and is not expected to work if you
don't. I don't understand why dev->atalk_ptr would not be initialised,
is it something you did or something specific to the mr kernel (I only
test mainline kernels).

> A few info that could be handy:
>
> $ uname -a # It's yesterday bk snapshot
> Linux csas 2.6.12-rc1-mr #14 Mon Apr 4 13:42:14 CEST 2005 i686 GNU/Linux

Have fun...

Jean

2005-04-06 07:29:44

by Michal Rokos

[permalink] [raw]
Subject: Re: [IrDA] Oops with NULL deref in irda_device_set_media_busy

Hello again,

I'm gonna provide more info this time...

On Tuesday 05 April 2005 19:01, Jean Tourrilhes wrote:
> On Tue, Apr 05, 2005 at 11:02:26AM +0200, Michal Rokos wrote:
> > I've problems with IrDA - when debug is off, I'm getting oops for obvious
> > reason...
> > (I don't have a log, this is just rewrite from screen:
> > EIP: irda_device_set_media_busy+0x15/0x40 [irda]
> > ali_ircc_sir_receive+0x4a/0x70
> > ali_ircc_sir_interrupt+0x66/0x70
> > ali_ircc_interrupt+0x5e/0x80
and continues with:
handle_IRQ_event+0x2a/0x60
__do_IRQ+0xda/0x150
do_IRQ+0x4a/0x70
================
common_interrupt+0x1a/0x20
dev_open+0x74/0x90
dev_change_flags+0x52/0x120
devinet_ioctl+0x245/0x570
inet_ioctl+0x63/0xb0
sock_ioctl+0xb1/0x150
do_ioctl+0x69/0x80
vfs_ioctl+0x59/0x1b0
sys_ioctl+0x51/0x80
sysenter_past_esp+0x54/0x75

So it has something to do with ioctl. Could it be caused by
ali_ircc_net_ioctl() when cmd is SIOCSMEDIABUSY (in
drivers/net/irda/ali-ircc.c:2282)?

> > .....
> > )
> > When I turn debug on, I get just
> > Assertion failed! net/irda/irda_device.c:irda_device_set_media_busy:128
> > self != NULL
> >
> > The obvious reason is that I don't have irlap module in that inits
> > dev->atalk_ptr, so I'm getting assertion exception in irda_device.c:489.

The assertion is seen when ifup -a is called so it's when 'ifconfig irda0 up'
is used.

>
> I'm unclear here. The default IrDA stack intitialise properly
> dev->atalk_ptr in every case, and is not expected to work if you
> don't. I don't understand why dev->atalk_ptr would not be initialised,
> is it something you did or something specific to the mr kernel (I only
> test mainline kernels).
>
Hehe, no it's mainstream... There's just
CONFIG_LOCALVERSION="-mr"
in the .config.

>From the syslog:
...
Apr 6 08:59:01 michal kernel: irda_init()
Apr 6 08:59:01 michal kernel: NET: Registered protocol family 23
Apr 6 08:59:01 michal kernel: ali-ircc, driver loaded (Benjamin Kong)
Apr 6 08:59:01 michal kernel: IrDA: Registered device irda0
Apr 6 08:59:01 michal kernel: ali_ircc_open(), ali-ircc, Found dongle: HP
HSDL-3600
Apr 6 08:59:01 michal kernel: IrCOMM protocol (Dag Brattli)
...
Apr 6 08:59:01 michal kernel: Assertion failed!
net/irda/irda_device.c:irda_device_set_media_busy:128 self != NULL
Apr 6 08:59:01 michal kernel: irlap_change_speed(), setting speed to 9600
...

and when connecting via gprs:
Apr 6 09:01:13 michal kernel: ircomm_tty_attach_cable()
Apr 6 09:01:13 michal kernel: ircomm_tty_ias_register()
Apr 6 09:01:13 michal kernel: irlap_change_speed(), setting speed to 115200
Apr 6 09:01:14 michal kernel: ircomm_param_service_type(), services in
common=04
Apr 6 09:01:14 michal kernel: ircomm_param_service_type(), resulting service
type=0x04
Apr 6 09:01:14 michal kernel: ircomm_param_port_type(), port type=1
Apr 6 09:01:14 michal kernel: ircomm_param_port_type(), port type=1
Apr 6 09:01:14 michal kernel: ircomm_param_xon_xoff(), XON/XOFF = 0x11,0x13
Apr 6 09:01:14 michal kernel: ircomm_param_enq_ack(), ENQ/ACK = 0x13,0x11
Apr 6 09:01:14 michal kernel: ircomm_tty_check_modem_status()
Apr 6 09:01:34 michal last message repeated 4 times
Apr 6 09:01:37 michal kernel: CSLIP: code copyright 1989 Regents of the
University of California
Apr 6 09:01:37 michal kernel: PPP generic driver version 2.4.2
Apr 6 09:01:37 michal kernel: ircomm_tty_close()
Apr 6 09:01:37 michal kernel: ircomm_tty_close(), open count > 0
Apr 6 09:01:40 michal kernel: PPP BSD Compression module registered
Apr 6 09:01:40 michal kernel: PPP Deflate Compression module registered

Michal

2005-04-06 16:49:53

by Jean Tourrilhes

[permalink] [raw]
Subject: Re: [IrDA] Oops with NULL deref in irda_device_set_media_busy

On Wed, Apr 06, 2005 at 09:22:48AM +0200, Michal Rokos wrote:
> Hello again,
>
> I'm gonna provide more info this time...
>
> > > When I turn debug on, I get just
> > > Assertion failed! net/irda/irda_device.c:irda_device_set_media_busy:128
> > > self != NULL
> > >
> > > The obvious reason is that I don't have irlap module in that inits
> > > dev->atalk_ptr, so I'm getting assertion exception in irda_device.c:489.
>
> The assertion is seen when ifup -a is called so it's when 'ifconfig irda0 up'
> is used.

That was the crucial bit that was missing. Now I get it. A
good night of sleep also did help.
Patch attached.

Jean

-----------------------------------------------------

diff -u -p linux/net/irda/irda_device.d2.c linux/net/irda/irda_device.c
--- linux/net/irda/irda_device.d2.c Wed Apr 6 09:40:09 2005
+++ linux/net/irda/irda_device.c Wed Apr 6 09:45:22 2005
@@ -125,8 +125,15 @@ void irda_device_set_media_busy(struct n

self = (struct irlap_cb *) dev->atalk_ptr;

- IRDA_ASSERT(self != NULL, return;);
- IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
+ /* Some drivers may enable the receive interrupt before calling
+ * irlap_open(), or they may disable the receive interrupt
+ * after calling irlap_close().
+ * The IrDA stack is protected from this in irlap_driver_rcv().
+ * However, the driver calls directly the wrapper, that calls
+ * us directly. Make sure we protect ourselves.
+ * Jean II */
+ if (!self || self->magic != LAP_MAGIC)
+ return;

if (status) {
self->media_busy = TRUE;

2005-04-07 06:29:28

by Michal Rokos

[permalink] [raw]
Subject: Re: [IrDA] Oops with NULL deref in irda_device_set_media_busy

Hello,

On Wednesday 06 April 2005 18:49, Jean Tourrilhes wrote:
> Patch attached.

and is working fine - of course.

Thank you for patience. :)

Michal

2005-04-07 16:34:17

by Jean Tourrilhes

[permalink] [raw]
Subject: Re: [IrDA] Oops with NULL deref in irda_device_set_media_busy

On Thu, Apr 07, 2005 at 08:22:52AM +0200, Michal Rokos wrote:
> Hello,
>
> On Wednesday 06 April 2005 18:49, Jean Tourrilhes wrote:
> > Patch attached.
>
> and is working fine - of course.
>
> Thank you for patience. :)
>
> Michal

No, thank you for pushing me harder ;-) Note that the comments
is in my mind more important than the patch, next time someone hack in
there, he will need to be aware of that. I've also decided that it was
harder to enforce an ordering on the driver...
Have fun...

Jean