49511 – PCH GPIO causes NULL bug in ack_apic_level on Queens Bay platforms

Bug 49511 - PCH GPIO causes NULL bug in ack_apic_level on Queens Bay platforms

Summary: PCH GPIO causes NULL bug in ack_apic_level on Queens Bay platforms

Status:	ASSIGNED

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Darren Hart

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-10-25 08:08 UTC by Darren Hart
Modified:	2012-11-02 19:17 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	3.4.11-rt17-yocto-preempt-rt
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Darren Hart 2012-10-25 08:08:17 UTC

The following reproduces on a Queens Bay platform (Atom E6xx + EG20T PCH).

BUG: unable to handle kernel NULL pointer dereference at 0000002c      
IP: [<c101b5ee>] ack_apic_level+0x1e/0x1a0                                         
*pde = 00000000                                                                    
Oops: 0000 [#1] PREEMPT SMP                                                        
Modules linked in:                                                                 
                                                                                   
Pid: 37, comm: irq/19-gpio_pch Not tainted 3.4.11-rt17-yocto-preempt-rt #1 Intel CI
EIP: 0060:[<c101b5ee>] EFLAGS: 00010246 CPU: 0                                     
EIP is at ack_apic_level+0x1e/0x1a0                                                
EAX: 00000000 EBX: f62eecc0 ECX: 00000000 EDX: c189ec20                            
ESI: 0000001f EDI: f62eed80 EBP: f5a21f20 ESP: f5a21f04                            
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068                                      
CR0: 8005003b CR2: 0000002c CR3: 0192f000 CR4: 000007d0                            
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000                            
DR6: ffff0ff0 DR7: 00000400                                                        
Process irq/19-gpio_pch (pid: 37, ti=f5a20000 task=f5a1ee60 task.ti=f5a20000)      
Stack:                                                                             
 f5a21f18 c101b194 f62eecc0 f62eee40 f62eecc0 0000001f f62eed80 f5a21f2c           
 c1096eab 00000017 f5a21f38 c1093c4d 00000001 f5a21f4c c1301076 f627d640           
 f61cd680 f5a1ee60 f5a21f60 c1094fa7 f627d640 f5a1ee60 f5a1ee60 f5a21fa4           
Call Trace:                                                                        
 [<c101b194>] ? mask_ioapic+0x44/0x50                                              
 [<c1096eab>] handle_fasteoi_irq+0x5b/0x100                                        
 [<c1093c4d>] generic_handle_irq+0x1d/0x30                                         
 [<c1301076>] pch_gpio_handler+0x56/0x70                                           
 [<c1094fa7>] irq_forced_thread_fn+0x27/0x70                                       
 [<c1094d6a>] irq_thread+0xfa/0x160                                                
 [<c16080d3>] ? sub_preempt_count+0x43/0xb0                                        
 [<c1094f80>] ? irq_thread_fn+0x40/0x40                                            
 [<c1057c44>] ? migrate_enable+0x74/0x170                                          
 [<c1094e90>] ? irq_finalize_oneshot+0xc0/0xc0                                     
 [<c1094c70>] ? wake_threads_waitq+0x50/0x50                                       
 [<c1048873>] kthread+0x73/0x80                                                    
 [<c1048800>] ? __init_kthread_worker+0x40/0x40                                    
 [<c160b6b6>] kernel_thread_helper+0x6/0x10                                        
Code: b4 26 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 57 56 53 8d 64 24 f0 3e 8d 7 
EIP: [<c101b5ee>] ack_apic_level+0x1e/0x1a0 SS:ESP 0068:f5a21f04                   
CR2: 000000000000002c                                                              
---[ end trace 0000000000000002 ]---                                               
genirq: exiting task "irq/19-gpio_pch" (37) is an active IRQ thread (irq 19)       
note: irq/19-gpio_pch[37] exited with preempt_count 1

Comment 1 Alan 2012-10-25 10:48:45 UTC

The rt code if I remember rightly doesn't allow for a NULL mask method even on an edge triggered line.

Comment 2 Darren Hart 2012-10-25 19:34:29 UTC

Are you referring to the chip.irq_mask, as in gpio-pch.c?

static __devinit void pch_gpio_alloc_generic_chip(...)
	...
	ct->chip.irq_mask = pch_irq_mask;
?

This one appears not to be NULL.

Note You need to log in before you can comment on or make changes to this bug.