[asterisk-bugs] [DAHDI-linux 0017669]: [patch] oops after driver is removed

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Sep 20 15:32:31 CDT 2010


A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17669 
====================================================================== 
Reported By:                tzafrir
Assigned To:                sruffell
====================================================================== 
Project:                    DAHDI-linux
Issue ID:                   17669
Category:                   General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     acknowledged
JIRA:                        
Reviewboard Link:            
====================================================================== 
Date Submitted:             2010-07-18 11:37 CDT
Last Modified:              2010-09-20 15:32 CDT
====================================================================== 
Summary:                    [patch] oops after driver is removed
Description: 
The 'bind' and 'unbind' properties allow (un)binding a device to a driver
at runtime:

zavadi:~# dahdi_hardware
pci:0000:00:09.0     wcb4xxp+     1397:08b4 Junghanns QuadBRI ISDN card
zavadi:~# echo -n 0000:00:09.0  >/sys/bus/pci/drivers/wcb4xxp/unbind
zavadi:~# dahdi_hardware
pci:0000:00:09.0     wcb4xxp-     1397:08b4 Junghanns QuadBRI ISDN card
zavadi:~# echo -n 0000:00:09.0  >/sys/bus/pci/drivers/wcb4xxp/bind
zavadi:~# dahdi_hardware
pci:0000:00:09.0     wcb4xxp+     1397:08b4 Junghanns QuadBRI ISDN card

However if any of the channels used by the device had a channel that was
open at unbind time, userspace is left with invalid file handles. You'll
probably soon get something along the lines of:

wcb4xxp 0000:00:09.0: Driver unloaded.
BUG: unable to handle kernel NULL pointer dereference at 00000080
IP: [<cc98c11e>] :dahdi:dahdi_chan_ioctl+0x18/0x819
*pde = 00000000
Oops: 0000 [https://issues.asterisk.org/view.php?id=1] SMP
Modules linked in: dahdi_echocan_oslec echo ipv6 xpp_usb xpp wctdm wct4xxp
firmware_class loop parport_pc parport snd_via82xx gameport snd_ac97_codec
ac97_bus snd_pcm snd_page_alloc snd_mpu401_uart snd_seq_midi
snd_seq_midi_event serio_raw pcspkr snd_rawmidi snd_seq snd_timer
snd_seq_device psmouse snd i2c_viapro i2c_core soundcore button wcb4xxp
dahdi crc_ccitt shpchp pci_hotplug via_agp agpgart evdev ext3 jbd mbcache
dm_mirror dm_log dm_snapshot dm_mod ide_cd_mod cdrom sd_mod via82cxxx
ide_pci_generic ide_core sata_via floppy via_rhine mii ehci_hcd ata_generic
uhci_hcd usbcore libata scsi_mod dock thermal processor fan thermal_sys
[last unloaded: scsi_wait_scan]

Pid: 2827, comm: asterisk Not tainted (2.6.26-2-686
https://issues.asterisk.org/view.php?id=1)
EIP: 0060:[<cc98c11e>] EFLAGS: 00210286 CPU: 0
EIP is at dahdi_chan_ioctl+0x18/0x819 [dahdi]
EAX: ffffffff EBX: b29608d8 ECX: b29608d8 EDX: 8004da08
ESI: 8004da08 EDI: c87d2280 EBP: 00000000 ESP: c629de24
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process asterisk (pid: 2827, ti=c629c000 task=cb4a6660 task.ti=c629c000)
Stack: 00000000 00000000 00000000 00000000 00000000 00000000 8004da08
000000fe
       c87d2280 8004da08 cc98e068 ffffffff 00000009 b29608d8 b2960886
00000005
       00000000 ffffffff ffffffff c1188fc0 ca3574e0 00000001 ca3574e8
c011be2d
Call Trace:
 [<cc98e068>] dahdi_ioctl+0x1749/0x17e9 [dahdi]
 [<c011be2d>] push_rt_task+0xff/0x1ac
 [<c011bee4>] push_rt_tasks+0xa/0x10
 [<c011b733>] try_to_wake_up+0xe8/

 [<c0118511>] __wake_up_common+0x2

 [<c011a6fb>] __wake_up+0x29/0x39
 [<c013ab0a>] wake_futex+0x1c/0x26
 [<c013baa2>] do_futex+0x303/0x70e
 [<c01dd39a>] __next_cpu+0x12/0x21
 [<c011a0d3>] find_lowest_rq+0xb0/

 [<cc98c91f>] dahdi_ioctl+0x0/0x17

 [<c017e83c>] vfs_ioctl+0x1c/0x5d
 [<c017eac7>] do_vfs_ioctl+0x24a/0

 [<c017eb1f>] sys_ioctl+0x41/0x5a
 [<c0103857>] sysenter_past_esp+0x

 [<c02b0000>] quirk_ali7101_acpi+0

 =======================
Code: 00 89 95 98 05 00 00 31 f6 83 c4 60 89 f0 5b 5e 5f 5d c3 55 57 89 c7
56 89 d6 53 89 cb 83 ec 18 8b 44 24 2c 8b 2c 85 60 09 9b cc <83> bd 80 00
00 00 00 75 0f ba eb 14 00 00 b8 99 fe 98 cc e8 bd
EIP: [<cc98c11e>] dahdi_chan_ioctl+0x18/0x819 [dahdi] SS:ESP
0068:c629de24
---[ end trace 4cc6bfb9265c52fd ]---


Only tested with wcb4xxp, and not the latest, but I suspect it has not
changed recently.
====================================================================== 

---------------------------------------------------------------------- 
 (0127139) svnbot (reporter) - 2010-09-20 15:32
 https://issues.asterisk.org/view.php?id=17669#c127139 
---------------------------------------------------------------------- 
Repository: dahdi
Revision: 9353

U   linux/trunk/drivers/dahdi/dahdi-base.c

------------------------------------------------------------------------
r9353 | sruffell | 2010-09-20 15:32:29 -0500 (Mon, 20 Sep 2010) | 27 lines

dahdi: Be more tolerant of surprise removal of channels.

Enable DAHDI to detect if an operation on a file handle refers to a
channel that may have been unregistered. This can occur, for example,
when a board driver is hot-swapped out in a live system.

This patch ensures that file->private_data is always properly set for
any open channel, and it's set back to NULL when a channel is
unregistered.  This way file->private_data can be used to check whether
it's valid to perform an operation on the channel.  (NOTE:  There is
still a race condition here if the driver was unbound on one processor
during the window of time between when file->private_data was checked
and the system call finishes).

Also, since DAHDI should only return -ENODEV on read or write when there
was a surprise device removal on a running system this sleep can prevent
the system from becoming unresponsive if the userspace application does
not check for the -ENODEV error and constantly tries to call read with
elevated privileges.

(issue https://issues.asterisk.org/view.php?id=17669)
Reported by: tzafrir
Tested by: sruffell

Review: https://reviewboard.asterisk.org/r/905/

Signed-off-by: Shaun Ruffell <sruffell at digium.com>
------------------------------------------------------------------------

http://svn.digium.com/view/dahdi?view=rev&revision=9353 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-09-20 15:32 svnbot         Checkin                                      
2010-09-20 15:32 svnbot         Note Added: 0127139                          
======================================================================




More information about the asterisk-bugs mailing list