Bug 14185 - Oops in drivers\base\firmware_class
Summary: Oops in drivers\base\firmware_class
Status: CLOSED DUPLICATE of bug 14253
Alias: None
Product: Drivers
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 blocking
Assignee: drivers_other
URL:
Keywords:
Depends on:
Blocks: 13615
  Show dependency tree
 
Reported: 2009-09-17 05:09 UTC by lars
Modified: 2009-10-12 21:43 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.31
Tree: Mainline
Regression: Yes


Attachments
Vanilla_Opps.txt (2.35 KB, text/plain)
2009-09-17 09:28 UTC, lars
Details
BUG_ON_firmware_class.c.patch (652 bytes, application/octet-stream)
2009-09-17 09:29 UTC, lars
Details
BUG_ON_Oops.txt (2.18 KB, text/plain)
2009-09-17 09:30 UTC, lars
Details
Proposed fix: mutex accesses to fw_priv->fw (34 bytes, text/plain)
2009-10-02 21:18 UTC, Frederik Deweerdt
Details

Description lars 2009-09-17 05:09:04 UTC
Hi,

I have discovered a Oops in the firmware_loading_store function. 
At first it looks like a timing issue but after adding a BUG_ON test,
it fails every time. 

drivers\base\firmware_class:
------------------------------
 541 01c0 F6463401 	testb $1,52(%esi)
 542 01c4 0F843FFF 	je .L38
 542      FFFF
 543              	.loc 1 174 0
 544 01ca 8B4630   	movl 48(%esi),%eax
 545 01cd 8B4004   	movl 4(%eax),%eax	<---- Oops
 546 01d0 E8FCFFFF 	call vfree
 546      FF

The code that fails was introduced in commit
6e03a201bbe8137487f340d26aa662110e324b20 

Attached you will find the:
- Oops with the vanilla 2.6.31
- The BUG_ON patch
- Oops with the patched 2.6.31

/Lars
Comment 1 lars 2009-09-17 09:28:43 UTC
Created attachment 23111 [details]
Vanilla_Opps.txt
Comment 2 lars 2009-09-17 09:29:45 UTC
Created attachment 23112 [details]
BUG_ON_firmware_class.c.patch
Comment 3 lars 2009-09-17 09:30:43 UTC
Created attachment 23113 [details]
BUG_ON_Oops.txt
Comment 4 Rafael J. Wysocki 2009-09-30 20:51:07 UTC
First-Bad-Commit : 6e03a201bbe8137487f340d26aa662110e324b20
Notify-Also : David Woodhouse <dwmw2@infradead.org>
Comment 5 Rafael J. Wysocki 2009-10-02 16:52:40 UTC
Notify-Also : Frederik Deweerdt <frederik.deweerdt@xprog.eu>
Comment 6 Frederik Deweerdt 2009-10-02 21:18:12 UTC
Created attachment 23237 [details]
Proposed fix: mutex accesses to fw_priv->fw

The patch to be found on the above URL should fix the race between _request_firmware and firmware_loading_store by protecting the accesses to fw_priv->fw.
Comment 7 Rafael J. Wysocki 2009-10-12 21:43:21 UTC

*** This bug has been marked as a duplicate of bug 14253 ***

Note You need to log in before you can comment on or make changes to this bug.