Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753336AbbFINU6 (ORCPT <rfc822;w@1wt.eu>);
	Tue, 9 Jun 2015 09:20:58 -0400
Received: from mail-vn0-f41.google.com ([209.85.216.41]:41887 "EHLO
	mail-vn0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751371AbbFINUt (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 9 Jun 2015 09:20:49 -0400
MIME-Version: 1.0
In-Reply-To: <5576E457.6020805@free.fr>
References: <5576E457.6020805@free.fr>
Date: Tue, 9 Jun 2015 15:20:48 +0200
Message-ID: <CAFLxGvyXVCd+tZ1APDJLw1UtuUQfTezqPt2pCY9JT=FPpngWEA@mail.gmail.com>
Subject: Re: [IRQ] Buggy driver makes __setup_irq segfault
From: Richard Weinberger <richard.weinberger@gmail.com>
To: Mason <slash.tmp@free.fr>
Cc: LKML <linux-kernel@vger.kernel.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Rafael J. Wysocki" <rjw@rjwysocki.net>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 8456
Lines: 144

On Tue, Jun 9, 2015 at 3:04 PM, Mason <slash.tmp@free.fr> wrote:
> I'm a noob, so I suppose this behavior is expected, but I'm reporting it,
> just in case. (I tested with 3.14.41)
>
> Consider this buggy driver, calling request_irq() multiple times,
> and not calling free_irq in the cleanup routine.
>
> static irqreturn_t scard_isr(int irq, void *dev_id)
> {
>         return IRQ_HANDLED;
> }
>
> static int __init zozo_init(void)
> {
>         printk("RET=%d\n", request_irq(64, scard_isr, 0, "scard", NULL));
>         printk("RET=%d\n", request_irq(64, scard_isr, 0, "scard", NULL));
>         printk("RET=%d\n", request_irq(64, scard_isr, 0, "scard", NULL));
>         return 0;
> }
>
> static void __exit zozo_cleanup(void)
> {
> }
>
> module_init(zozo_init);
> module_exit(zozo_cleanup);
>
>
> When the module is inserted for the first time, everything behaves as
> expected: the first call to request_irq() succeeds, and the next calls
> fail, with an error message from kernel/irq/manage.c:__setup_irq()
>
> # insmod zozo.ko
> [  402.477185] RET=0
> [  402.479131] new=e76f1580 old=e76f1400
> [  402.482809] genirq: Flags mismatch irq 64. 00000000 (scard) vs. 00000000 (scard)
> [  402.490239] OK
> [  402.491957] RET=-16
> [  402.494178] new=e76f1580 old=e76f1400
> [  402.497860] genirq: Flags mismatch irq 64. 00000000 (scard) vs. 00000000 (scard)
> [  402.505289] OK
> [  402.507006] RET=-16
>
> But the next time the module is inserted, the process segfaults
> trying to write the error message in __setup_irq()
>
> # rmmod zozo && insmod zozo.ko
> [  695.802972] new=e76f1540 old=e76f1400
> [  695.806676] Unable to handle kernel paging request at virtual address bf000024
> [  695.813934] pgd = e6e0c000
> [  695.816648] [bf000024] *pgd=a768e811, *pte=00000000, *ppte=00000000
> [  695.822957] Internal error: Oops: 7 [#1] PREEMPT SMP ARM
> [  695.828292] Modules linked in: zozo(O+) [last unloaded: zozo]
> [  695.834080] CPU: 0 PID: 848 Comm: insmod Tainted: G           O 3.14.41+ #8
> [  695.841077] task: e75d4da0 ti: e6c8e000 task.ti: e6c8e000
> [  695.846510] PC is at strnlen+0x14/0x68
> [  695.850277] LR is at string.isra.7+0x38/0xe4
> [  695.854567] pc : [<c01880c0>]    lr : [<c018a1a8>]    psr: a0000093
> [  695.854567] sp : e6c8fc38  ip : e6c8fc48  fp : e6c8fc44
> [  695.866106] r10: c02c8434  r9 : c03dc99c  r8 : 00000000
> [  695.871355] r7 : bf000024  r6 : c03dc5fc  r5 : c03dc99c  r4 : ffffffff
> [  695.877912] r3 : 00000000  r2 : bf000024  r1 : ffffffff  r0 : bf000024
> [  695.884473] Flags: NzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
> [  695.891731] Control: 10c5387d  Table: a6e0c04a  DAC: 00000015
> [  695.897503] Process insmod (pid: 848, stack limit = 0xe6c8e240)
> [  695.903450] Stack: (0xe6c8fc38 to 0xe6c90000)
> [  695.907826] fc20:                                                       e6c8fc6c e6c8fc48
> [  695.916048] fc40: c018a1a8 c01880b8 c03dc5fc c033f531 c033f533 00000002 e6c8fd78 c03dc99c
> [  695.924269] fc60: e6c8fcc4 e6c8fc70 c018b600 c018a17c ffffffff ffffffff 00000008 ffffffff
> [  695.932490] fc80: e6c8fcdc c03dc5bc c03d2367 000003e0 ff0a0004 ffffffff 00000010 000003e0
> [  695.940711] fca0: c03b7bc4 00000000 ffffffff 60000093 00000000 c03dbc88 e6c8fcdc e6c8fcc8
> [  695.948933] fcc0: c018bda4 c018b454 c03dbc88 c03b7bc4 e6c8fd3c e6c8fce0 c00678e4 c018bd9c
> [  695.957154] fce0: 00000000 00000000 00000000 00000000 c03dc5bc 00000019 e6c8e020 00000000
> [  695.965374] fd00: 00000000 c03dc5bc 00000000 00000000 ffffffff c03a48c0 e76f1540 e76f1400
> [  695.973595] fd20: fffffff0 00000040 c03a491c 60000013 e6c8fd5c e6c8fd40 c02b286c c0067848
> [  695.981816] fd40: c033f4fc e6c8fd64 e7402ec4 e6c8fd64 e6c8fdac e6c8fd70 c006b598 c02b2840
> [  695.990037] fd60: c033f4fc 00000040 00000000 bf004024 00000000 bf000024 00000004 e6c8fe18
> [  695.998258] fd80: e6dd8884 e76f1540 c03a48c0 bf004000 00000000 00000000 00000000 00000040
> [  696.006479] fda0: e6c8fddc e6c8fdb0 c006b6fc c006b0c8 00000000 00000000 bf00402c bf004000
> [  696.014700] fdc0: bf004024 00000001 e76f12e4 00000000 e6c8fe04 e6c8fde0 bf006048 c006b65c
> [  696.022921] fde0: bf004024 00000000 e6c8e008 bf006000 bf004064 e76f12c0 e6c8fe8c e6c8fe08
> [  696.031142] fe00: c00088b4 bf00600c c009daf4 c009b438 e76f1540 00000000 e76fd380 e885e000
> [  696.039363] fe20: 00000001 00000001 e76f12e4 bf004058 e6c8fe54 e6c8fe40 0000000e e76fd380
> [  696.047584] fe40: e885e000 00000001 e6c8fe74 e6c8fe58 c00c1698 c00ca918 e6c8ff48 00000001
> [  696.055805] fe60: bf004064 e6c8ff48 00000001 bf004064 e76f12c0 00000001 e76f12e4 bf004058
> [  696.064026] fe80: e6c8ff44 e6c8fe90 c00865b8 c00087c0 bf004064 00007fff c0083560 e6c8fefc
> [  696.072246] fea0: e76fd380 0000002f e6c8fedc 00000000 00000000 bf004194 e6c8ff48 e6c8e010
> [  696.080468] fec0: bf0040a0 00000000 000002d2 c0014328 e6c8e000 0000000e e6c8ff1c 00000000
> [  696.088689] fee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> [  696.096910] ff00: 00000000 00000000 00000000 00000000 00000000 00000000 c00c1e20 0000d412
> [  696.105130] ff20: 000a9018 000a9008 00000080 c0014328 e6c8e000 00000000 e6c8ffa4 e6c8ff48
> [  696.113351] ff40: c00869e0 c0084a54 e885e000 0000d412 e8867e80 e8867d4f e886b320 00000194
> [  696.121572] ff60: 00000244 00000000 00000000 00000000 0000001e 0000001f 00000008 00000000
> [  696.129793] ff80: 00000005 00000000 c0017a00 0000d412 be820c7a be820b64 00000000 e6c8ffa8
> [  696.138014] ffa0: c0014180 c008690c 0000d412 be820c7a 000a9018 0000d412 000a9008 be820c7a
> [  696.146235] ffc0: 0000d412 be820c7a be820b64 00000080 000a67e0 000821de 0000004d 00000000
> [  696.154456] ffe0: be8209a0 be820990 0001cee4 b6e68190 60000010 000a9018 13406dc4 c091bbe3
> [  696.162672] Backtrace:
> [  696.165134] [<c01880ac>] (strnlen) from [<c018a1a8>] (string.isra.7+0x38/0xe4)
> [  696.172398] [<c018a170>] (string.isra.7) from [<c018b600>] (vsnprintf+0x1b8/0x47c)
> [  696.180004]  r9:c03dc99c r8:e6c8fd78 r7:00000002 r6:c033f533 r5:c033f531 r4:c03dc5fc
> [  696.187806] [<c018b448>] (vsnprintf) from [<c018bda4>] (vscnprintf+0x14/0x2c)
> [  696.194974]  r10:c03dbc88 r9:00000000 r8:60000093 r7:ffffffff r6:00000000 r5:c03b7bc4
> [  696.202856]  r4:000003e0
> [  696.205409] [<c018bd90>] (vscnprintf) from [<c00678e4>] (vprintk_emit+0xa8/0x4f4)
> [  696.212926]  r5:c03b7bc4 r4:c03dbc88
> [  696.216529] [<c006783c>] (vprintk_emit) from [<c02b286c>] (printk+0x3c/0x44)
> [  696.223611]  r10:60000013 r9:c03a491c r8:00000040 r7:fffffff0 r6:e76f1400 r5:e76f1540
> [  696.231493]  r4:c03a48c0
> [  696.234040] [<c02b2834>] (printk) from [<c006b598>] (__setup_irq+0x4dc/0x504)
> [  696.241208]  r3:bf004024 r2:00000000 r1:00000040 r0:c033f4fc
> [  696.246908] [<c006b0bc>] (__setup_irq) from [<c006b6fc>] (request_threaded_irq+0xac/0x12c)
> [  696.255212]  r10:00000040 r9:00000000 r8:00000000 r7:00000000 r6:bf004000 r5:c03a48c0
> [  696.263093]  r4:e76f1540
> [  696.265644] [<c006b650>] (request_threaded_irq) from [<bf006048>] (zozo_init+0x48/0xb0 [zozo])
> [  696.274297]  r10:00000000 r9:e76f12e4 r8:00000001 r7:bf004024 r6:bf004000 r5:bf00402c
> [  696.282178]  r4:00000000 r3:00000000
> [  696.285779] [<bf006000>] (zozo_init [zozo]) from [<c00088b4>] (do_one_initcall+0x100/0x15c)
> [  696.294171]  r7:e76f12c0 r6:bf004064 r5:bf006000 r4:e6c8e008
> [  696.299874] [<c00087b4>] (do_one_initcall) from [<c00865b8>] (load_module+0x1b70/0x1eb8)
> [  696.308003]  r10:bf004058 r9:e76f12e4 r8:00000001 r7:e76f12c0 r6:bf004064 r5:00000001
> [  696.315884]  r4:e6c8ff48
> [  696.318430] [<c0084a48>] (load_module) from [<c00869e0>] (SyS_init_module+0xe0/0xf4)
> [  696.326210]  r10:00000000 r9:e6c8e000 r8:c0014328 r7:00000080 r6:000a9008 r5:000a9018
> [  696.334092]  r4:0000d412
> [  696.336645] [<c0086900>] (SyS_init_module) from [<c0014180>] (ret_fast_syscall+0x0/0x30)
> [  696.344774]  r6:be820b64 r5:be820c7a r4:0000d412
> [  696.349423] Code: e92dd800 e24cb004 e3510000 0a000010 (e5d03000)
> [  696.355558] ---[ end trace 4f268acdc5b20400 ]---
> [  696.360200] note: insmod[848] exited with preempt_count 2
> Segmentation fault
>
> Is this expected?

Yeah. Your driver is expected to cleanup everything it did in init().

-- 
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/