[asterisk-bugs] [DAHDI-linux 0017669]: [patch] oops after driver is removed
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Sep 20 15:32:31 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17669
======================================================================
Reported By: tzafrir
Assigned To: sruffell
======================================================================
Project: DAHDI-linux
Issue ID: 17669
Category: General
Reproducibility: always
Severity: minor
Priority: normal
Status: acknowledged
JIRA:
Reviewboard Link:
======================================================================
Date Submitted: 2010-07-18 11:37 CDT
Last Modified: 2010-09-20 15:32 CDT
======================================================================
Summary: [patch] oops after driver is removed
Description:
The 'bind' and 'unbind' properties allow (un)binding a device to a driver
at runtime:
zavadi:~# dahdi_hardware
pci:0000:00:09.0 wcb4xxp+ 1397:08b4 Junghanns QuadBRI ISDN card
zavadi:~# echo -n 0000:00:09.0 >/sys/bus/pci/drivers/wcb4xxp/unbind
zavadi:~# dahdi_hardware
pci:0000:00:09.0 wcb4xxp- 1397:08b4 Junghanns QuadBRI ISDN card
zavadi:~# echo -n 0000:00:09.0 >/sys/bus/pci/drivers/wcb4xxp/bind
zavadi:~# dahdi_hardware
pci:0000:00:09.0 wcb4xxp+ 1397:08b4 Junghanns QuadBRI ISDN card
However if any of the channels used by the device had a channel that was
open at unbind time, userspace is left with invalid file handles. You'll
probably soon get something along the lines of:
wcb4xxp 0000:00:09.0: Driver unloaded.
BUG: unable to handle kernel NULL pointer dereference at 00000080
IP: [<cc98c11e>] :dahdi:dahdi_chan_ioctl+0x18/0x819
*pde = 00000000
Oops: 0000 [https://issues.asterisk.org/view.php?id=1] SMP
Modules linked in: dahdi_echocan_oslec echo ipv6 xpp_usb xpp wctdm wct4xxp
firmware_class loop parport_pc parport snd_via82xx gameport snd_ac97_codec
ac97_bus snd_pcm snd_page_alloc snd_mpu401_uart snd_seq_midi
snd_seq_midi_event serio_raw pcspkr snd_rawmidi snd_seq snd_timer
snd_seq_device psmouse snd i2c_viapro i2c_core soundcore button wcb4xxp
dahdi crc_ccitt shpchp pci_hotplug via_agp agpgart evdev ext3 jbd mbcache
dm_mirror dm_log dm_snapshot dm_mod ide_cd_mod cdrom sd_mod via82cxxx
ide_pci_generic ide_core sata_via floppy via_rhine mii ehci_hcd ata_generic
uhci_hcd usbcore libata scsi_mod dock thermal processor fan thermal_sys
[last unloaded: scsi_wait_scan]
Pid: 2827, comm: asterisk Not tainted (2.6.26-2-686
https://issues.asterisk.org/view.php?id=1)
EIP: 0060:[<cc98c11e>] EFLAGS: 00210286 CPU: 0
EIP is at dahdi_chan_ioctl+0x18/0x819 [dahdi]
EAX: ffffffff EBX: b29608d8 ECX: b29608d8 EDX: 8004da08
ESI: 8004da08 EDI: c87d2280 EBP: 00000000 ESP: c629de24
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process asterisk (pid: 2827, ti=c629c000 task=cb4a6660 task.ti=c629c000)
Stack: 00000000 00000000 00000000 00000000 00000000 00000000 8004da08
000000fe
c87d2280 8004da08 cc98e068 ffffffff 00000009 b29608d8 b2960886
00000005
00000000 ffffffff ffffffff c1188fc0 ca3574e0 00000001 ca3574e8
c011be2d
Call Trace:
[<cc98e068>] dahdi_ioctl+0x1749/0x17e9 [dahdi]
[<c011be2d>] push_rt_task+0xff/0x1ac
[<c011bee4>] push_rt_tasks+0xa/0x10
[<c011b733>] try_to_wake_up+0xe8/
[<c0118511>] __wake_up_common+0x2
[<c011a6fb>] __wake_up+0x29/0x39
[<c013ab0a>] wake_futex+0x1c/0x26
[<c013baa2>] do_futex+0x303/0x70e
[<c01dd39a>] __next_cpu+0x12/0x21
[<c011a0d3>] find_lowest_rq+0xb0/
[<cc98c91f>] dahdi_ioctl+0x0/0x17
[<c017e83c>] vfs_ioctl+0x1c/0x5d
[<c017eac7>] do_vfs_ioctl+0x24a/0
[<c017eb1f>] sys_ioctl+0x41/0x5a
[<c0103857>] sysenter_past_esp+0x
[<c02b0000>] quirk_ali7101_acpi+0
=======================
Code: 00 89 95 98 05 00 00 31 f6 83 c4 60 89 f0 5b 5e 5f 5d c3 55 57 89 c7
56 89 d6 53 89 cb 83 ec 18 8b 44 24 2c 8b 2c 85 60 09 9b cc <83> bd 80 00
00 00 00 75 0f ba eb 14 00 00 b8 99 fe 98 cc e8 bd
EIP: [<cc98c11e>] dahdi_chan_ioctl+0x18/0x819 [dahdi] SS:ESP
0068:c629de24
---[ end trace 4cc6bfb9265c52fd ]---
Only tested with wcb4xxp, and not the latest, but I suspect it has not
changed recently.
======================================================================
----------------------------------------------------------------------
(0127139) svnbot (reporter) - 2010-09-20 15:32
https://issues.asterisk.org/view.php?id=17669#c127139
----------------------------------------------------------------------
Repository: dahdi
Revision: 9353
U linux/trunk/drivers/dahdi/dahdi-base.c
------------------------------------------------------------------------
r9353 | sruffell | 2010-09-20 15:32:29 -0500 (Mon, 20 Sep 2010) | 27 lines
dahdi: Be more tolerant of surprise removal of channels.
Enable DAHDI to detect if an operation on a file handle refers to a
channel that may have been unregistered. This can occur, for example,
when a board driver is hot-swapped out in a live system.
This patch ensures that file->private_data is always properly set for
any open channel, and it's set back to NULL when a channel is
unregistered. This way file->private_data can be used to check whether
it's valid to perform an operation on the channel. (NOTE: There is
still a race condition here if the driver was unbound on one processor
during the window of time between when file->private_data was checked
and the system call finishes).
Also, since DAHDI should only return -ENODEV on read or write when there
was a surprise device removal on a running system this sleep can prevent
the system from becoming unresponsive if the userspace application does
not check for the -ENODEV error and constantly tries to call read with
elevated privileges.
(issue https://issues.asterisk.org/view.php?id=17669)
Reported by: tzafrir
Tested by: sruffell
Review: https://reviewboard.asterisk.org/r/905/
Signed-off-by: Shaun Ruffell <sruffell at digium.com>
------------------------------------------------------------------------
http://svn.digium.com/view/dahdi?view=rev&revision=9353
Issue History
Date Modified Username Field Change
======================================================================
2010-09-20 15:32 svnbot Checkin
2010-09-20 15:32 svnbot Note Added: 0127139
======================================================================
More information about the asterisk-bugs
mailing list