lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sun, 16 Nov 2008 12:01:03 +0100
From:	Bruno Prémont <bonbons@...ux-vserver.org>
To:	JosephChan@....com.tw
Cc:	linux-fbdev-devel@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org, dri-devel@...ts.sourceforge.net
Subject: viafb + drm/via: modprobe/rmmod issue

When booting into VGA console and executing the following command sequence I
end up with the trace below (which seems to imply that unichrome DRM driver
[via] and viafb enter a race for some memory resource or disagree on the state
of the chipset after unloading).
This looks like the race happens only on modprobing viafb after having unloaded
via drm module while viafb was already unloaded.

Sample trigger sequence 1:
modprobe via
  (loads modules via, drm)
modprobe viafb
  (loads modules i2c_algo_bit, cfbcopyarea, cfbimgblt, cfbfillrect, viafb)
  switches to framebuffer console
echo 0 > /sys/class/vtconsole/vtcon1/bind
  (switch back to vga-console - display stays configured with framebuffer
   mode)
rmmod viafb
  (display stays configured with framebuffer mode)
rmmod via
modprobe via
modprobe viafb
  Segmentation fault


Sample trigger sequence 2:
 modprobe viafb
 modprobe via
 echo 0 > /sys/class/vtconsole/vtcon1/bind
 rmmod viafb
 modprobe viafb
 echo 0 > /sys/class/vtconsole/vtcon1/bind
 rmmod via  
 rmmod viafb
 modprobe via
 rmmod via
 modprobe viafb
   Segmentation fault


Kernel used:
  linux-2.6.28-rc3-git6 with attached patch
  (fixes issues with 4k-stack and viafb not releasing /proc files on rmmod,
  combination of patches:
    http://lkml.org/lkml/2008/11/16/87
    http://lkml.org/lkml/2008/11/10/294)

Extract of kernel config:
#
# Graphics support
#
CONFIG_AGP=m
CONFIG_AGP_VIA=m
CONFIG_DRM=m
CONFIG_DRM_VIA=m
CONFIG_VIDEO_OUTPUT_CONTROL=y
CONFIG_FB=y
CONFIG_FIRMWARE_EDID=y
CONFIG_FB_CFB_FILLRECT=m
CONFIG_FB_CFB_COPYAREA=m
CONFIG_FB_CFB_IMAGEBLIT=m
CONFIG_FB_MODE_HELPERS=y
CONFIG_FB_TILEBLITTING=y
#
# Frame buffer hardware drivers
#
CONFIG_FB_VIA=m
...
CONFIG_4KSTACKS=y

Hardware (Commell LE365):
00:00.0 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:0324] (rev 03)
00:00.1 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:1324]
00:00.2 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:2324]
00:00.3 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:3324]
00:00.4 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:4324]
00:00.7 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:7324]
00:01.0 PCI bridge [0604]: VIA Technologies, Inc. VT8237 PCI Bridge [1106:b198]
00:0f.0 IDE interface [0101]: VIA Technologies, Inc. Device [1106:0581]
00:10.0 USB Controller [0c03]: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller [1106:3038] (rev 90)
00:10.1 USB Controller [0c03]: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller [1106:3038] (rev 90)
00:10.2 USB Controller [0c03]: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller [1106:3038] (rev 90)
00:10.4 USB Controller [0c03]: VIA Technologies, Inc. USB 2.0 [1106:3104] (rev 90)
00:11.0 ISA bridge [0601]: VIA Technologies, Inc. CX700 PCI to ISA Bridge [1106:8324]
00:11.7 Host bridge [0600]: VIA Technologies, Inc. CX700 Internal Module Bus [1106:324e]
00:13.0 Host bridge [0600]: VIA Technologies, Inc. CX700 Host Bridge [1106:324b]
00:13.1 PCI bridge [0604]: VIA Technologies, Inc. CX700 PCI to PCI Bridge [1106:324a]
01:00.0 VGA compatible controller [0300]: VIA Technologies, Inc. CX700M2 UniChrome PRO II Graphics [1106:3157] (rev 03)
02:08.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet [10ec:8169] (rev 10)
80:01.0 Audio device [0403]: VIA Technologies, Inc. VIA High Definition Audio Controller [1106:3288] (rev 10)


[  856.022761] VIA Graphics Intergration Chipset framebuffer 2.4 initializing
[  856.128903] Console: switching to colour frame buffer device 160x64
[  877.052305] Console: switching to colour VGA+ 80x25
[  888.937098] [drm] Module unloaded
[  900.046155] [drm] Initialized via 2.11.1 20070202 on minor 0
[  904.576098] VIA Graphics Intergration Chipset framebuffer 2.4 initializing
[  904.661809] ------------[ cut here ]------------
[  904.661951] kernel BUG at /usr/src/linux-2.6.28-rc3-git6/mm/vmalloc.c:293!
[  904.662080] invalid opcode: 0000 [#1] 
[  904.662241] last sysfs file: /sys/devices/platform/w83627hf.656/temp2_input
[  904.662370] Modules linked in: viafb(+) via i2c_algo_bit cfbcopyarea cfbimgblt cfbfillrect
               drm snd_hda_intel snd_pcm snd_timer snd soundcore snd_page_alloc sg via_agp
               agpgart [last unloaded: via]
[  904.663579] 
[  904.663680] Pid: 1892, comm: modprobe Not tainted (2.6.28-rc3-git6 #4) CX700+W697HG
[  904.663843] EIP: 0060:[<c015f3ec>] EFLAGS: 00010207 CPU: 0
[  904.663982] EIP is at alloc_vmap_area+0x1ec/0x230
[  904.664100] EAX: 01401000 EBX: fd400000 ECX: f6410800 EDX: f68de50c
[  904.664226] ESI: f6410800 EDI: 04001000 EBP: f642bdbc ESP: f642bd9c
[  904.664352]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  904.664475] Process modprobe (pid: 1892, ti=f642b000 task=f70e2a20 task.ti=f642b000)
[  904.664629] Stack:
[  904.664723]  c011b067 00080000 fff80000 f6410800 00000000 f7305c60 04001000 00080000
[  904.665225]  f642bde4 c015f4d3 ff7fe000 ffffffff 000000d0 f7ffe000 00000001 f7ffe000
[  904.665998]  00000010 a3fff000 f642be00 c015f91b ff7fe000 ffffffff 000000d0 f8074220
[  904.666704] Call Trace:
[  904.666802]  [<c011b067>] ? reserve_memtype+0x277/0x600
[  904.666992]  [<c015f4d3>] ? __get_vm_area_node+0xa3/0x150
[  904.667176]  [<c015f91b>] ? get_vm_area_caller+0x4b/0x60
[  904.667357]  [<f8074220>] ? viafb_init+0x220/0xc86 [viafb]
[  904.667574]  [<c0119609>] ? __ioremap_caller+0x169/0x280
[  904.667759]  [<c0119846>] ? ioremap_nocache+0x16/0x20
[  904.667934]  [<f8074220>] ? viafb_init+0x220/0xc86 [viafb]
[  904.668138]  [<f8074220>] ? viafb_init+0x220/0xc86 [viafb]
[  904.668347]  [<f8074000>] ? viafb_init+0x0/0xc86 [viafb]
[  904.668554]  [<c010111d>] ? do_one_initcall+0x2d/0x160
[  904.668730]  [<c01a6543>] ? sysfs_add_file+0x13/0x20
[  904.668909]  [<c015f031>] ? vfree+0x21/0x30
[  904.669080]  [<c01433b5>] ? load_module+0x1215/0x1500
[  904.669263]  [<c014e455>] ? __alloc_pages_internal+0x95/0x400
[  904.669473]  [<c0143723>] ? sys_init_module+0x83/0x1a0
[  904.669780]  [<c016ceed>] ? sys_read+0x3d/0x70
[  904.669957]  [<c0103bc1>] ? sysenter_do_call+0x12/0x25
[  904.670008] Code: c9 c7 04 24 dc 5d 4a c0 e8 62 41 fc ff c7 45 ec f0 ff ff ff eb b4 8b 4d
                     ec 8b 41 04 3b 42 f4 76 0a 8d 42 04 89 d1 e9 49 ff ff ff <0f> 0b eb fe 8b
                     45 ec 8b 4d ec 8b 15 84 fc 50 c0 83 c0 18 c7 40 
[  904.670008] EIP: [<c015f3ec>] alloc_vmap_area+0x1ec/0x230 SS:ESP 0068:f642bd9c
[  904.674256] ---[ end trace cd2172874c1a60ae ]---

View attachment "patch-viafb-fixes.diff" of type "text/x-patch" (16117 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ