Linus,
could you please pull from 'for-linus' branch of
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid.git for-linus
to receive the following updates of HID code that have been planned for
2.6.29.
This batch contains mostly added support for new quirky devices and various
rather easy fixes all over the code.
Thanks!
drivers/hid/Kconfig | 70 ++++++++-------
drivers/hid/Makefile | 5 +-
drivers/hid/hid-bright.c | 71 ---------------
drivers/hid/hid-core.c | 120 +++++++++++++++++++++++---
drivers/hid/hid-dell.c | 76 ----------------
drivers/hid/hid-dummy.c | 6 ++
drivers/hid/hid-gaff.c | 185 +++++++++++++++++++++++++++++++++++++++
drivers/hid/hid-ids.h | 21 +++--
drivers/hid/hid-lg.c | 7 --
drivers/hid/hid-ntrig.c | 82 +++++++++++++++++
drivers/hid/hid-sony.c | 2 +-
drivers/hid/hid-topseed.c | 77 ++++++++++++++++
drivers/hid/hidraw.c | 32 ++++++-
drivers/hid/usbhid/Kconfig | 2 +-
drivers/hid/usbhid/hid-core.c | 34 +++++---
drivers/hid/usbhid/hid-quirks.c | 1 +
drivers/hid/usbhid/hiddev.c | 135 +++++++++++++++++++++--------
drivers/hid/usbhid/usbhid.h | 10 ++
include/linux/hid.h | 16 ++--
include/linux/hidraw.h | 2 +
20 files changed, 685 insertions(+), 269 deletions(-)
Alan Stern (1):
HID: automatically call usbhid_set_leds in usbhid driver
Alexey Klimov (1):
HID: don't allow DealExtreme usb-radio be handled by usb hid driver
David Brownell (1):
HID: switch specialized drivers from "default y" to !EMBEDDED
Hannes Eder (1):
HID: avoid sparse warning in HID_COMPAT_LOAD_DRIVER
Jiri Kosina (6):
HID: ignore mouse interface for unibody macbooks
HID: non-input reports can also be numbered
HID: add phys and name ioctls to hidraw
HID: set proper dev.parent in hidraw
HID: fix default Kconfig setting for TopSpeed driver
HID: fix error condition propagation in hid-sony driver
Jiri Slaby (4):
HID: move usbhid flags to usbhid.h
HID: usbhid, use usb_endpoint_xfer_int
HID: use GFP_KERNEL in hid_alloc_buffers
HID: add dynids facility
Kay Sievers (1):
HID: struct device - replace bus_id with dev_name(), dev_set_name()
Lev Babiev (1):
HID: driver for TopSeed Cyberlink quirky remote
Lukasz Lubojanski (1):
HID: force feedback driver for GreenAsia 0x12 PID
Matt Helsley (1):
HID: add proper support for pensketch 12x9 tablet
Oliver Neukum (2):
HID: hiddev cleanup -- handle all error conditions properly
HID: fix reference count leak hidraw
Parag Warudkar (1):
HID: make boot protocol drivers depend on EMBEDDED
Rafi Rubin (1):
HID: add n-trig digitizer support
[ Hmm, sorry, forgot to push yesterday ... synced out to kernel.org now ]
On Sun, 4 Jan 2009, Jiri Kosina wrote:
> Linus,
>
> could you please pull from 'for-linus' branch of
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid.git for-linus
>
> to receive the following updates of HID code that have been planned for
> 2.6.29.
>
> This batch contains mostly added support for new quirky devices and various
> rather easy fixes all over the code.
>
> Thanks!
>
> drivers/hid/Kconfig | 70 ++++++++-------
> drivers/hid/Makefile | 5 +-
> drivers/hid/hid-bright.c | 71 ---------------
> drivers/hid/hid-core.c | 120 +++++++++++++++++++++++---
> drivers/hid/hid-dell.c | 76 ----------------
> drivers/hid/hid-dummy.c | 6 ++
> drivers/hid/hid-gaff.c | 185 +++++++++++++++++++++++++++++++++++++++
> drivers/hid/hid-ids.h | 21 +++--
> drivers/hid/hid-lg.c | 7 --
> drivers/hid/hid-ntrig.c | 82 +++++++++++++++++
> drivers/hid/hid-sony.c | 2 +-
> drivers/hid/hid-topseed.c | 77 ++++++++++++++++
> drivers/hid/hidraw.c | 32 ++++++-
> drivers/hid/usbhid/Kconfig | 2 +-
> drivers/hid/usbhid/hid-core.c | 34 +++++---
> drivers/hid/usbhid/hid-quirks.c | 1 +
> drivers/hid/usbhid/hiddev.c | 135 +++++++++++++++++++++--------
> drivers/hid/usbhid/usbhid.h | 10 ++
> include/linux/hid.h | 16 ++--
> include/linux/hidraw.h | 2 +
> 20 files changed, 685 insertions(+), 269 deletions(-)
>
> Alan Stern (1):
> HID: automatically call usbhid_set_leds in usbhid driver
>
> Alexey Klimov (1):
> HID: don't allow DealExtreme usb-radio be handled by usb hid driver
>
> David Brownell (1):
> HID: switch specialized drivers from "default y" to !EMBEDDED
>
> Hannes Eder (1):
> HID: avoid sparse warning in HID_COMPAT_LOAD_DRIVER
>
> Jiri Kosina (6):
> HID: ignore mouse interface for unibody macbooks
> HID: non-input reports can also be numbered
> HID: add phys and name ioctls to hidraw
> HID: set proper dev.parent in hidraw
> HID: fix default Kconfig setting for TopSpeed driver
> HID: fix error condition propagation in hid-sony driver
>
> Jiri Slaby (4):
> HID: move usbhid flags to usbhid.h
> HID: usbhid, use usb_endpoint_xfer_int
> HID: use GFP_KERNEL in hid_alloc_buffers
> HID: add dynids facility
>
> Kay Sievers (1):
> HID: struct device - replace bus_id with dev_name(), dev_set_name()
>
> Lev Babiev (1):
> HID: driver for TopSeed Cyberlink quirky remote
>
> Lukasz Lubojanski (1):
> HID: force feedback driver for GreenAsia 0x12 PID
>
> Matt Helsley (1):
> HID: add proper support for pensketch 12x9 tablet
>
> Oliver Neukum (2):
> HID: hiddev cleanup -- handle all error conditions properly
> HID: fix reference count leak hidraw
>
> Parag Warudkar (1):
> HID: make boot protocol drivers depend on EMBEDDED
>
> Rafi Rubin (1):
> HID: add n-trig digitizer support
>
>
--
Jiri Kosina
SUSE Labs
Jiri Kosina wrote:
Hi Jiri ,
> [ Hmm, sorry, forgot to push yesterday ... synced out to kernel.org now ]
>
> On Sun, 4 Jan 2009, Jiri Kosina wrote:
>
>> Linus,
>>
>> could you please pull from 'for-linus' branch of
>>
>> git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid.git for-linus
>>
>> to receive the following updates of HID code that have been planned for
>> 2.6.29.
>>
>> This batch contains mostly added support for new quirky devices and various
>> rather easy fixes all over the code.
>>
>> Thanks!
>>
>> drivers/hid/Kconfig | 70 ++++++++-------
>> drivers/hid/Makefile | 5 +-
>> drivers/hid/hid-bright.c | 71 ---------------
>> drivers/hid/hid-core.c | 120 +++++++++++++++++++++++---
>> drivers/hid/hid-dell.c | 76 ----------------
>> drivers/hid/hid-dummy.c | 6 ++
>> drivers/hid/hid-gaff.c | 185 +++++++++++++++++++++++++++++++++++++++
>> drivers/hid/hid-ids.h | 21 +++--
>> drivers/hid/hid-lg.c | 7 --
>> drivers/hid/hid-ntrig.c | 82 +++++++++++++++++
>> drivers/hid/hid-sony.c | 2 +-
>> drivers/hid/hid-topseed.c | 77 ++++++++++++++++
>> drivers/hid/hidraw.c | 32 ++++++-
>> drivers/hid/usbhid/Kconfig | 2 +-
>> drivers/hid/usbhid/hid-core.c | 34 +++++---
>> drivers/hid/usbhid/hid-quirks.c | 1 +
>> drivers/hid/usbhid/hiddev.c | 135 +++++++++++++++++++++--------
>> drivers/hid/usbhid/usbhid.h | 10 ++
>> include/linux/hid.h | 16 ++--
>> include/linux/hidraw.h | 2 +
>> 20 files changed, 685 insertions(+), 269 deletions(-)
>>
>> Alan Stern (1):
>> HID: automatically call usbhid_set_leds in usbhid driver
>>
>> Alexey Klimov (1):
>> HID: don't allow DealExtreme usb-radio be handled by usb hid driver
>>
>> David Brownell (1):
>> HID: switch specialized drivers from "default y" to !EMBEDDED
>>
>> Hannes Eder (1):
>> HID: avoid sparse warning in HID_COMPAT_LOAD_DRIVER
>>
>> Jiri Kosina (6):
>> HID: ignore mouse interface for unibody macbooks
>> HID: non-input reports can also be numbered
>> HID: add phys and name ioctls to hidraw
>> HID: set proper dev.parent in hidraw
>> HID: fix default Kconfig setting for TopSpeed driver
>> HID: fix error condition propagation in hid-sony driver
>>
>> Jiri Slaby (4):
>> HID: move usbhid flags to usbhid.h
>> HID: usbhid, use usb_endpoint_xfer_int
>> HID: use GFP_KERNEL in hid_alloc_buffers
>> HID: add dynids facility
>>
>> Kay Sievers (1):
>> HID: struct device - replace bus_id with dev_name(), dev_set_name()
>>
>> Lev Babiev (1):
>> HID: driver for TopSeed Cyberlink quirky remote
>>
>> Lukasz Lubojanski (1):
>> HID: force feedback driver for GreenAsia 0x12 PID
>>
>> Matt Helsley (1):
>> HID: add proper support for pensketch 12x9 tablet
>>
>> Oliver Neukum (2):
>> HID: hiddev cleanup -- handle all error conditions properly
>> HID: fix reference count leak hidraw
>>
>> Parag Warudkar (1):
>> HID: make boot protocol drivers depend on EMBEDDED
>>
>> Rafi Rubin (1):
>> HID: add n-trig digitizer support
>>
>>
>
After this merge I get the following panic , by just touching my Wireless USB Mouse :
...
[ 223.999461] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
[ 224.000446] IP: [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
[ 224.000446] PGD 7b4a5067 PUD 7a24b067 PMD 0
[ 224.000446] Oops: 0002 [#1] PREEMPT SMP
[ 224.000446] last sysfs file: /sys/devices/pci0000:00/0000:00:19.0/irq
[ 224.000446] CPU 0
[ 224.000446] Modules linked in: i915 binfmt_misc acpi_cpufreq freq_table w83627ehf hwmon_vid fuse loop lp ppdev parport_pc parport joydev pcspkr i2c_i801 intel_agp button sg evdev processor
[ 224.000446] Pid: 0, comm: swapper Not tainted 2.6.28-06127-g238c6d5 #31
[ 224.000446] RIP: 0010:[<ffffffff80224e65>] [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
[ 224.000446] RSP: 0018:ffffffff807e3bd0 EFLAGS: 00010002
[ 224.000446] RAX: 0000000000000100 RBX: 0000000000000082 RCX: 0000000000000000
[ 224.000446] RDX: 0000000000000000 RSI: 0000000000000082 RDI: 0000000000000050
[ 224.000446] RBP: ffffffff807e3bd0 R08: ffff88007d254000 R09: ffffffff806db440
[ 224.000446] R10: ffffffff8023d95c R11: ffff88007e0a3d80 R12: 0000000000000050
[ 224.000446] R13: ffffffff807e3c70 R14: 0000000000000006 R15: 0000000000000050
[ 224.000446] FS: 0000000000000000(0000) GS:ffffffff807ec000(0000) knlGS:0000000000000000
[ 224.000446] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 224.000446] CR2: 0000000000000050 CR3: 000000007e1c0000 CR4: 00000000000006e0
[ 224.000446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 224.000446] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 224.000446] Process swapper (pid: 0, threadinfo ffffffff80772000, task ffffffff806d8340)
[ 224.000446] Stack:
[ 224.000446] ffffffff807e3be0 ffffffff80224f2f ffffffff807e3c00 ffffffff805673a7
[ 224.000446] ffff88007d22c180 0000000000000000 ffffffff807e3c50 ffffffff80496bc0
[ 224.000446] ffff880001014740 ffff88000101af00 ffff88000101af00 ffff88007d22c180
[ 224.000446] Call Trace:
[ 224.000446] <IRQ> <0> [<ffffffff80224f2f>] default_spin_lock_flags+0x9/0xe
[ 224.000446] [<ffffffff805673a7>] _spin_lock_irqsave+0x37/0x40
[ 224.000446] [<ffffffff80496bc0>] hiddev_send_event+0x2e/0xe9
[ 224.000446] [<ffffffff80496ccd>] hiddev_report_event+0x52/0x54
[ 224.000446] [<ffffffff8023211c>] ? resched_task+0x45/0x81
[ 224.000446] [<ffffffff8048cd93>] hid_report_raw_event+0xb3/0x3b3
[ 224.000446] [<ffffffff80235e86>] ? tg_shares_up+0x183/0x1a3
[ 224.000446] [<ffffffff80235b6b>] ? enqueue_entity+0x1f8/0x200
[ 224.000446] [<ffffffff8048d15c>] hid_input_report+0xc9/0xdc
[ 224.000446] [<ffffffff80494939>] hid_irq_in+0x90/0x194
[ 224.000446] [<ffffffff804535ef>] usb_hcd_giveback_urb+0x58/0x87
[ 224.000446] [<ffffffff80469f0f>] uhci_giveback_urb+0x108/0x19d
[ 224.000446] [<ffffffff8046a666>] uhci_scan_schedule+0x5a8/0x86b
[ 224.000446] [<ffffffff8023327e>] ? __wake_up+0x43/0x50
[ 224.000446] [<ffffffff8046c5bc>] uhci_irq+0x13f/0x158
[ 224.000446] [<ffffffff80453168>] usb_hcd_irq+0x42/0x90
[ 224.000446] [<ffffffff8056789b>] ? _spin_unlock+0x33/0x3e
[ 224.000446] [<ffffffff80278485>] handle_IRQ_event+0x2e/0x65
[ 224.000446] [<ffffffff80279994>] handle_fasteoi_irq+0x8b/0xcb
[ 224.000446] [<ffffffff8020f08c>] do_IRQ+0x70/0xe4
[ 224.000446] [<ffffffff8020ce93>] ret_from_intr+0x0/0x29
[ 224.000446] <EOI> <0>Code: 4c 22 80 44 89 c6 4c 89 cf e8 5e fc ff ff eb 0e 0f b7 f2 0f b6 f8 4c 89 ca e8 75 fc ff ff c9 c3 90 90 55 b8 00 01 00 00 48 89 e5 <f0> 66 0f c1 07 38 e0 74 06 f3 90 8a 07 eb f6 c9 c3 55 48 89 e5
[ 224.000446] RIP [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
[ 224.000446] RSP <ffffffff807e3bd0>
[ 224.000446] CR2: 0000000000000050
[ 224.000446] ---[ end trace 7f15bb0ad8b16dd9 ]---
[ 224.000446] Kernel panic - not syncing: Fatal exception in interrupt
[ 224.000446] ------------[ cut here ]------------
[ 224.000446] WARNING: at kernel/smp.c:299 smp_call_function_many+0x40/0x1ec()
[ 224.000446] Hardware name: P5E-VM DO
[ 224.000446] Modules linked in: i915 binfmt_misc acpi_cpufreq freq_table w83627ehf hwmon_vid fuse loop lp ppdev parport_pc parport joydev pcspkr i2c_i801 intel_agp button sg evdev processor
[ 224.000446] Pid: 0, comm: swapper Tainted: G D 2.6.28-06127-g238c6d5 #31
[ 224.000446] Call Trace:
[ 224.000446] <IRQ> [<ffffffff8024152d>] warn_slowpath+0xd3/0x10f
[ 224.000446] [<ffffffff80224f2f>] ? default_spin_lock_flags+0x9/0xe
[ 224.000446] [<ffffffff805677ea>] ? _spin_unlock_irqrestore+0x4f/0x53
[ 224.000446] [<ffffffff805677ea>] ? _spin_unlock_irqrestore+0x4f/0x53
[ 224.000446] [<ffffffff80241c5f>] ? release_console_sem+0x198/0x1cd
[ 224.000446] [<ffffffff802421af>] ? vprintk+0x2f0/0x31c
[ 224.000446] [<ffffffff802135cd>] ? stop_this_cpu+0x0/0x2c
[ 224.000446] [<ffffffff805677ea>] ? _spin_unlock_irqrestore+0x4f/0x53
[ 224.000446] [<ffffffff8026bbb6>] ? crash_kexec+0xe5/0xef
[ 224.000446] [<ffffffff80261af2>] smp_call_function_many+0x40/0x1ec
[ 224.000446] [<ffffffff802135cd>] ? stop_this_cpu+0x0/0x2c
[ 224.000446] [<ffffffff80261ccd>] smp_call_function+0x2f/0x65
[ 224.000446] [<ffffffff8021d312>] native_smp_send_stop+0x22/0x49
[ 224.000446] [<ffffffff80564f46>] panic+0xbe/0x163
[ 224.000446] [<ffffffff8020f460>] ? show_registers+0x20d/0x21c
[ 224.000446] [<ffffffff803dbec1>] ? do_unblank_screen+0xf/0x10d
[ 224.000446] [<ffffffff802101e6>] oops_end+0xb9/0xc9
[ 224.000446] [<ffffffff8022a011>] do_page_fault+0x9d5/0xab4
[ 224.000446] [<ffffffff80413dc3>] ? pci_map_single+0x57/0x60
[ 224.000446] [<ffffffff805677e1>] ? _spin_unlock_irqrestore+0x46/0x53
[ 224.000446] [<ffffffff804e3fe7>] ? dev_hard_start_xmit+0x1fc/0x280
[ 224.000446] [<ffffffff805674c5>] ? _spin_lock+0x18/0x1b
[ 224.000446] [<ffffffff804f4fad>] ? __qdisc_run+0x149/0x244
[ 224.000446] [<ffffffff804e45da>] ? dev_queue_xmit+0x45e/0x48f
[ 224.000446] [<ffffffff805095e8>] ? ip_finish_output2+0x1fe/0x244
[ 224.000446] [<ffffffff80554980>] ? csum_partial_copy_nocheck+0xf/0x11
[ 224.000446] [<ffffffff80509696>] ? ip_finish_output+0x68/0x6a
[ 224.000446] [<ffffffff80506e6a>] ? ip_cork_release+0x36/0x45
[ 224.000446] [<ffffffff80508cc5>] ? ip_push_pending_frames+0x36d/0x385
[ 224.000446] [<ffffffff8056789b>] ? _spin_unlock+0x33/0x3e
[ 224.000446] [<ffffffff80508f00>] ? ip_send_reply+0x223/0x243
[ 224.000446] [<ffffffff802316d6>] ? enqueue_task+0x50/0x5b
[ 224.000446] [<ffffffff80567c85>] page_fault+0x25/0x30
[ 224.000446] [<ffffffff8023d95c>] ? try_to_wake_up+0x2b0/0x2c2
[ 224.000446] [<ffffffff80224e65>] ? __ticket_spin_lock+0x9/0x1a
[ 224.000446] [<ffffffff80224f2f>] default_spin_lock_flags+0x9/0xe
[ 224.000446] [<ffffffff805673a7>] _spin_lock_irqsave+0x37/0x40
[ 224.000446] [<ffffffff80496bc0>] hiddev_send_event+0x2e/0xe9
[ 224.000446] [<ffffffff80496ccd>] hiddev_report_event+0x52/0x54
[ 224.000446] [<ffffffff8023211c>] ? resched_task+0x45/0x81
[ 224.000446] [<ffffffff8048cd93>] hid_report_raw_event+0xb3/0x3b3
[ 224.000446] [<ffffffff80235e86>] ? tg_shares_up+0x183/0x1a3
[ 224.000446] [<ffffffff80235b6b>] ? enqueue_entity+0x1f8/0x200
[ 224.000446] [<ffffffff8048d15c>] hid_input_report+0xc9/0xdc
[ 224.000446] [<ffffffff80494939>] hid_irq_in+0x90/0x194
[ 224.000446] [<ffffffff804535ef>] usb_hcd_giveback_urb+0x58/0x87
[ 224.000446] [<ffffffff80469f0f>] uhci_giveback_urb+0x108/0x19d
[ 224.000446] [<ffffffff8046a666>] uhci_scan_schedule+0x5a8/0x86b
[ 224.000446] [<ffffffff8023327e>] ? __wake_up+0x43/0x50
[ 224.000446] [<ffffffff8046c5bc>] uhci_irq+0x13f/0x158
[ 224.000446] [<ffffffff80453168>] usb_hcd_irq+0x42/0x90
[ 224.000446] [<ffffffff8056789b>] ? _spin_unlock+0x33/0x3e
[ 224.000446] [<ffffffff80278485>] handle_IRQ_event+0x2e/0x65
[ 224.000446] [<ffffffff80279994>] handle_fasteoi_irq+0x8b/0xcb
[ 224.000446] [<ffffffff8020f08c>] do_IRQ+0x70/0xe4
[ 224.000446] [<ffffffff8020ce93>] ret_from_intr+0x0/0x29
[ 224.000446] <EOI> <4>---[ end trace 7f15bb0ad8b16dd9 ]---
...
I've reverted this whole merge from Linus tree ( sorry I don't have any time right now to bisect ) and the problem gone.
Full dmesg and config can be found at http://frugalware.org/~crazy/kernel/
Please let me know if you need more infos.
Regards,
Gabriel C
On Wed, 7 Jan 2009, Gabriel C wrote:
>
> After this merge I get the following panic , by just touching my Wireless USB Mouse :
>
> ...
>
> [ 223.999461] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
> [ 224.000446] IP: [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
> [ 224.000446] PGD 7b4a5067 PUD 7a24b067 PMD 0
> [ 224.000446] Oops: 0002 [#1] PREEMPT SMP
> [ 224.000446] last sysfs file: /sys/devices/pci0000:00/0000:00:19.0/irq
> [ 224.000446] CPU 0
> [ 224.000446] Modules linked in: i915 binfmt_misc acpi_cpufreq freq_table w83627ehf hwmon_vid fuse loop lp ppdev parport_pc parport joydev pcspkr i2c_i801 intel_agp button sg evdev processor
> [ 224.000446] Pid: 0, comm: swapper Not tainted 2.6.28-06127-g238c6d5 #31
> [ 224.000446] RIP: 0010:[<ffffffff80224e65>] [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
> [ 224.000446] RSP: 0018:ffffffff807e3bd0 EFLAGS: 00010002
> [ 224.000446] RAX: 0000000000000100 RBX: 0000000000000082 RCX: 0000000000000000
> [ 224.000446] RDX: 0000000000000000 RSI: 0000000000000082 RDI: 0000000000000050
> [ 224.000446] RBP: ffffffff807e3bd0 R08: ffff88007d254000 R09: ffffffff806db440
> [ 224.000446] R10: ffffffff8023d95c R11: ffff88007e0a3d80 R12: 0000000000000050
> [ 224.000446] R13: ffffffff807e3c70 R14: 0000000000000006 R15: 0000000000000050
> [ 224.000446] FS: 0000000000000000(0000) GS:ffffffff807ec000(0000) knlGS:0000000000000000
> [ 224.000446] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
> [ 224.000446] CR2: 0000000000000050 CR3: 000000007e1c0000 CR4: 00000000000006e0
> [ 224.000446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 224.000446] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 224.000446] Process swapper (pid: 0, threadinfo ffffffff80772000, task ffffffff806d8340)
> [ 224.000446] Stack:
> [ 224.000446] ffffffff807e3be0 ffffffff80224f2f ffffffff807e3c00 ffffffff805673a7
> [ 224.000446] ffff88007d22c180 0000000000000000 ffffffff807e3c50 ffffffff80496bc0
> [ 224.000446] ffff880001014740 ffff88000101af00 ffff88000101af00 ffff88007d22c180
> [ 224.000446] Call Trace:
> [ 224.000446] <IRQ> <0> [<ffffffff80224f2f>] default_spin_lock_flags+0x9/0xe
> [ 224.000446] [<ffffffff805673a7>] _spin_lock_irqsave+0x37/0x40
> [ 224.000446] [<ffffffff80496bc0>] hiddev_send_event+0x2e/0xe9
Looks like "hiddev" is NULL in hiddev_send_event(), so then the
spin_lock_irqsave(&hiddev->list_lock, flags);
does an offset from NULL, and tries to access memory at 0x0050.
> [ 224.000446] [<ffffffff80496ccd>] hiddev_report_event+0x52/0x54
> [ 224.000446] [<ffffffff8048cd93>] hid_report_raw_event+0xb3/0x3b3
> [ 224.000446] [<ffffffff8048d15c>] hid_input_report+0xc9/0xdc
> [ 224.000446] [<ffffffff80494939>] hid_irq_in+0x90/0x194
> [ 224.000446] [<ffffffff804535ef>] usb_hcd_giveback_urb+0x58/0x87
> [ 224.000446] [<ffffffff80469f0f>] uhci_giveback_urb+0x108/0x19d
> [ 224.000446] [<ffffffff8046a666>] uhci_scan_schedule+0x5a8/0x86b
> [ 224.000446] [<ffffffff8046c5bc>] uhci_irq+0x13f/0x158
> [ 224.000446] [<ffffffff80453168>] usb_hcd_irq+0x42/0x90
> [ 224.000446] [<ffffffff80278485>] handle_IRQ_event+0x2e/0x65
> [ 224.000446] [<ffffffff80279994>] handle_fasteoi_irq+0x8b/0xcb
> [ 224.000446] [<ffffffff8020f08c>] do_IRQ+0x70/0xe4
> [ 224.000446] [<ffffffff8020ce93>] ret_from_intr+0x0/0x29
Jiri?
Linus
On Wed, 7 Jan 2009, Gabriel C wrote:
> After this merge I get the following panic , by just touching my Wireless USB Mouse :
>
> ...
>
> [ 223.999461] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
> [ 224.000446] IP: [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
> [ 224.000446] PGD 7b4a5067 PUD 7a24b067 PMD 0
> [ 224.000446] Oops: 0002 [#1] PREEMPT SMP
> [ 224.000446] last sysfs file: /sys/devices/pci0000:00/0000:00:19.0/irq
> [ 224.000446] CPU 0
> [ 224.000446] Modules linked in: i915 binfmt_misc acpi_cpufreq freq_table w83627ehf hwmon_vid fuse loop lp ppdev parport_pc parport joydev pcspkr i2c_i801 intel_agp button sg evdev processor
> [ 224.000446] Pid: 0, comm: swapper Not tainted 2.6.28-06127-g238c6d5 #31
> [ 224.000446] RIP: 0010:[<ffffffff80224e65>] [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
> [ 224.000446] RSP: 0018:ffffffff807e3bd0 EFLAGS: 00010002
> [ 224.000446] RAX: 0000000000000100 RBX: 0000000000000082 RCX: 0000000000000000
> [ 224.000446] RDX: 0000000000000000 RSI: 0000000000000082 RDI: 0000000000000050
> [ 224.000446] RBP: ffffffff807e3bd0 R08: ffff88007d254000 R09: ffffffff806db440
> [ 224.000446] R10: ffffffff8023d95c R11: ffff88007e0a3d80 R12: 0000000000000050
> [ 224.000446] R13: ffffffff807e3c70 R14: 0000000000000006 R15: 0000000000000050
> [ 224.000446] FS: 0000000000000000(0000) GS:ffffffff807ec000(0000) knlGS:0000000000000000
> [ 224.000446] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
> [ 224.000446] CR2: 0000000000000050 CR3: 000000007e1c0000 CR4: 00000000000006e0
> [ 224.000446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 224.000446] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 224.000446] Process swapper (pid: 0, threadinfo ffffffff80772000, task ffffffff806d8340)
> [ 224.000446] Stack:
> [ 224.000446] ffffffff807e3be0 ffffffff80224f2f ffffffff807e3c00 ffffffff805673a7
> [ 224.000446] ffff88007d22c180 0000000000000000 ffffffff807e3c50 ffffffff80496bc0
> [ 224.000446] ffff880001014740 ffff88000101af00 ffff88000101af00 ffff88007d22c180
> [ 224.000446] Call Trace:
> [ 224.000446] <IRQ> <0> [<ffffffff80224f2f>] default_spin_lock_flags+0x9/0xe
> [ 224.000446] [<ffffffff805673a7>] _spin_lock_irqsave+0x37/0x40
> [ 224.000446] [<ffffffff80496bc0>] hiddev_send_event+0x2e/0xe9
> [ 224.000446] [<ffffffff80496ccd>] hiddev_report_event+0x52/0x54
> [ 224.000446] [<ffffffff8023211c>] ? resched_task+0x45/0x81
> [ 224.000446] [<ffffffff8048cd93>] hid_report_raw_event+0xb3/0x3b3
> [ 224.000446] [<ffffffff80235e86>] ? tg_shares_up+0x183/0x1a3
> [ 224.000446] [<ffffffff80235b6b>] ? enqueue_entity+0x1f8/0x200
> [ 224.000446] [<ffffffff8048d15c>] hid_input_report+0xc9/0xdc
> [ 224.000446] [<ffffffff80494939>] hid_irq_in+0x90/0x194
> [ 224.000446] [<ffffffff804535ef>] usb_hcd_giveback_urb+0x58/0x87
> [ 224.000446] [<ffffffff80469f0f>] uhci_giveback_urb+0x108/0x19d
> [ 224.000446] [<ffffffff8046a666>] uhci_scan_schedule+0x5a8/0x86b
> [ 224.000446] [<ffffffff8023327e>] ? __wake_up+0x43/0x50
> [ 224.000446] [<ffffffff8046c5bc>] uhci_irq+0x13f/0x158
> [ 224.000446] [<ffffffff80453168>] usb_hcd_irq+0x42/0x90
> [ 224.000446] [<ffffffff8056789b>] ? _spin_unlock+0x33/0x3e
> [ 224.000446] [<ffffffff80278485>] handle_IRQ_event+0x2e/0x65
> [ 224.000446] [<ffffffff80279994>] handle_fasteoi_irq+0x8b/0xcb
> [ 224.000446] [<ffffffff8020f08c>] do_IRQ+0x70/0xe4
> [ 224.000446] [<ffffffff8020ce93>] ret_from_intr+0x0/0x29
> [ 224.000446] <EOI> <0>Code: 4c 22 80 44 89 c6 4c 89 cf e8 5e fc ff ff eb 0e 0f b7 f2 0f b6 f8 4c 89 ca e8 75 fc ff ff c9 c3 90 90 55 b8 00 01 00 00 48 89 e5 <f0> 66 0f c1 07 38 e0 74 06 f3 90 8a 07 eb f6 c9 c3 55 48 89 e5
> [ 224.000446] RIP [<ffffffff80224e65>] __ticket_spin_lock+0x9/0x1a
> [ 224.000446] RSP <ffffffff807e3bd0>
> [ 224.000446] CR2: 0000000000000050
[ ... ]
> I've reverted this whole merge from Linus tree ( sorry I don't have any
> time right now to bisect ) and the problem gone.
I believe this is caused by forgotten assignment in usb_register_dev()
error handling introduced in 079034073fa (added Oliver to CC).
Gabriel, could you please verify that the patch below fixes the problem
you are seeing? Thanks.
From: Jiri Kosina <[email protected]>
Subject: [PATCH] HID: fix hid->hiddev initialization in hiddev_connect()
Commit 079034073fa ("HID: hiddev cleanup -- handle all error conditions
properly") by mistake removed proper initialization of hid->hiddev pointer
in hiddev_connect() in case usb_register_dev() succeeds for the hiddev node.
Put it properly back in place.
Signed-off-by: Jiri Kosina <[email protected]>
---
drivers/hid/usbhid/hiddev.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index 6a98f9f..1928e8a 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -885,6 +885,7 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
} else {
hid->minor = usbhid->intf->minor;
hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
+ hid->hiddev = hiddev;
}
return 0;
--
1.5.6
Am Wednesday 07 January 2009 11:22:27 schrieb Jiri Kosina:
> On Wed, 7 Jan 2009, Gabriel C wrote:
> I believe this is caused by forgotten assignment in usb_register_dev()
> error handling introduced in 079034073fa (added Oliver to CC).
Yes, it seem I caused this. Sorry.
> Commit 079034073fa ("HID: hiddev cleanup -- handle all error conditions
> properly") by mistake removed proper initialization of hid->hiddev pointer
> in hiddev_connect() in case usb_register_dev() succeeds for the hiddev node.
> Put it properly back in place.
>
> Signed-off-by: Jiri Kosina <[email protected]>
> ---
> drivers/hid/usbhid/hiddev.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
> index 6a98f9f..1928e8a 100644
> --- a/drivers/hid/usbhid/hiddev.c
> +++ b/drivers/hid/usbhid/hiddev.c
> @@ -885,6 +885,7 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
> } else {
> hid->minor = usbhid->intf->minor;
> hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
> + hid->hiddev = hiddev;
It seems to me that this is still a race condition. What prevents open()
from being called before this is set?
Regards
Oliver
On Wed, 7 Jan 2009, Oliver Neukum wrote:
> > --- a/drivers/hid/usbhid/hiddev.c
> > +++ b/drivers/hid/usbhid/hiddev.c
> > @@ -885,6 +885,7 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
> > } else {
> > hid->minor = usbhid->intf->minor;
> > hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
> > + hid->hiddev = hiddev;
>
> It seems to me that this is still a race condition. What prevents open()
> from being called before this is set?
Right, there indeed is a tiny race window. Gabriel, could you please
verify with the patch below instead? Thanks.
From: Jiri Kosina <[email protected]>
Subject: [PATCH] HID: fix hid->hiddev initialization in hiddev_connect()
Commit 079034073fa ("HID: hiddev cleanup -- handle all error conditions
properly") by mistake removed proper initialization of hid->hiddev pointer
in hiddev_connect() in case usb_register_dev() succeeds for the hiddev node.
Put it properly back in place.
Reported-by: Gabriel C <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
---
drivers/hid/usbhid/hiddev.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index 6a98f9f..d73eea3 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -874,12 +874,14 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
INIT_LIST_HEAD(&hiddev->list);
spin_lock_init(&hiddev->list_lock);
mutex_init(&hiddev->existancelock);
+ hid->hiddev = hiddev;
hiddev->hid = hid;
hiddev->exist = 1;
retval = usb_register_dev(usbhid->intf, &hiddev_class);
if (retval) {
err_hid("Not able to get a minor for this device.");
+ hid->hiddev = NULL;
kfree(hiddev);
return -1;
} else {
--
1.5.6
Jiri Kosina wrote:
> On Wed, 7 Jan 2009, Oliver Neukum wrote:
>
>>> --- a/drivers/hid/usbhid/hiddev.c
>>> +++ b/drivers/hid/usbhid/hiddev.c
>>> @@ -885,6 +885,7 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
>>> } else {
>>> hid->minor = usbhid->intf->minor;
>>> hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
>>> + hid->hiddev = hiddev;
>> It seems to me that this is still a race condition. What prevents open()
>> from being called before this is set?
>
> Right, there indeed is a tiny race window. Gabriel, could you please
> verify with the patch below instead? Thanks.
Your patch fixed the panic for me.
Feel free to add my Tested-by: if needed.
>
>
> From: Jiri Kosina <[email protected]>
> Subject: [PATCH] HID: fix hid->hiddev initialization in hiddev_connect()
>
> Commit 079034073fa ("HID: hiddev cleanup -- handle all error conditions
> properly") by mistake removed proper initialization of hid->hiddev pointer
> in hiddev_connect() in case usb_register_dev() succeeds for the hiddev node.
> Put it properly back in place.
>
> Reported-by: Gabriel C <[email protected]>
> Signed-off-by: Jiri Kosina <[email protected]>
> ---
> drivers/hid/usbhid/hiddev.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
> index 6a98f9f..d73eea3 100644
> --- a/drivers/hid/usbhid/hiddev.c
> +++ b/drivers/hid/usbhid/hiddev.c
> @@ -874,12 +874,14 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
> INIT_LIST_HEAD(&hiddev->list);
> spin_lock_init(&hiddev->list_lock);
> mutex_init(&hiddev->existancelock);
> + hid->hiddev = hiddev;
> hiddev->hid = hid;
> hiddev->exist = 1;
>
> retval = usb_register_dev(usbhid->intf, &hiddev_class);
> if (retval) {
> err_hid("Not able to get a minor for this device.");
> + hid->hiddev = NULL;
> kfree(hiddev);
> return -1;
> } else {
Regards,
Gabriel C