From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ide@vger.kernel.org
Subject: [Bug 49151] NULL pointer dereference in pata_acpi
Date: Sat, 20 Oct 2012 12:00:52 +0000 (UTC) [thread overview]
Message-ID: <20121020120052.536F511FC39@bugzilla.kernel.org> (raw)
In-Reply-To: <bug-49151-11633@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=49151
--- Comment #3 from Borislav Petkov <bp@alien8.de> 2012-10-20 12:00:52 ---
On Sat, Oct 20, 2012 at 10:19:22AM +0000, bugzilla-daemon@bugzilla.kernel.org
wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=49151
>
> Summary: NULL pointer dereference in pata_acpi
> Product: IO/Storage
> Version: 2.5
> Kernel Version: 3.6.2
> Platform: All
> OS/Version: Linux
> Tree: Mainline
> Status: NEW
> Severity: normal
> Priority: P1
> Component: IDE
> AssignedTo: io_ide@kernel-bugs.osdl.org
> ReportedBy: phillip.wood@dunelm.org.uk
> Regression: No
>
>
> Just upgraded from 3.2.20 to 3.6.2 and when I try to boot a get
>
> BUG unable to handle kernel NULL pointer dereference at 00000010
> IP [<efe4c2407>] pacpi_set_dmamode+0x50/0xa0 [pata_acpi]
>
> and it wont find my hard disc. I'm using the standard arch linux kernel config
> available at
> https://projects.archlinux.org/svntogit/packages.git/tree/trunk/config?h=packages/linux
>
> I've attached a couple of photos of the message and backtrace
Ok,
let's first switch to mail.
FWIW, there's another report of this
http://marc.info/?l=linux-ide&m=134995465614435&w=2
and it is on 64-bit while Phillip's is 32-bit. Adding Anton and a couple
more people to CC.
From Anton's disassembly I get:
Ä 2.703078Ü Code: 01 00 00 00 f6 43 10 10 74 0a 41 89 c7 43 8d 0c 3f 41 d3 e6
41 0f b6 bd e1 02 00 00 e8 ce 74 0f 00 41 80 bd e1 02 00 00 3f 77 44 <0f> b7 40
10 41 f7 d6 44 21 73 10 4d 63 ff 42 89 44 fb 04 48 89
All code
========
0: 01 00 add %eax,(%rax)
2: 00 00 add %al,(%rax)
4: f6 43 10 10 testb $0x10,0x10(%rbx)
8: 74 0a je 0x14
a: 41 89 c7 mov %eax,%r15d
d: 43 8d 0c 3f lea (%r15,%r15,1),%ecx
11: 41 d3 e6 shl %cl,%r14d
14: 41 0f b6 bd e1 02 00 movzbl 0x2e1(%r13),%edi
1b: 00
1c: e8 ce 74 0f 00 callq 0xf74ef
21: 41 80 bd e1 02 00 00 cmpb $0x3f,0x2e1(%r13)
28: 3f
29: 77 44 ja 0x6f
2b:* 0f b7 40 10 movzwl 0x10(%rax),%eax <-- trapping
instruction
2f: 41 f7 d6 not %r14d
32: 44 21 73 10 and %r14d,0x10(%rbx)
36: 4d 63 ff movslq %r15d,%r15
39: 42 89 44 fb 04 mov %eax,0x4(%rbx,%r15,8)
3e: 48 rex.W
3f: 89 .byte 0x89
And although I cannot generate the exact code here, building
drivers/ata/pata_acpi.c locally gives only one instruction like the
trapping one (thankfully, function is short enough):
sall %cl, %eax # tmp92, tmp93
orl %eax, 16(%rbx) # tmp93, acpi_6->gtm.flags
jmp .L30 #
.LVL46:
.L29:
.loc 1 151 0
movzwl 16(%rax), %eax # t_12->cycle, t_12->cycle <---
.LVL47:
.loc 1 152 0
leal (%r12,%r12), %ecx #, tmp97
which could mean that ata_timing_find_mode() might be returning NULL
on those systems (t is in %(r|e)ax in both oopses and the 0x10 offset
points to ata_timing->cycle).
So, Anton, Phillip, can you guys try the following debugging patch
to confirm (it is against mainline but should apply cleanly ontop of
3.6-stable):
---
diff --git a/drivers/ata/pata_acpi.c b/drivers/ata/pata_acpi.c
index 09723b76beac..c5a54faecb98 100644
--- a/drivers/ata/pata_acpi.c
+++ b/drivers/ata/pata_acpi.c
@@ -144,6 +144,12 @@ static void pacpi_set_dmamode(struct ata_port *ap, struct
ata_device *adev)
/* Now stuff the nS values into the structure */
t = ata_timing_find_mode(adev->dma_mode);
+
+ if (!t) {
+ WARN(1, "%s: ata_timing_find_mode gives NULL\n", __func__);
+ return;
+ }
+
if (adev->dma_mode >= XFER_UDMA_0) {
acpi->gtm.drive[unit].dma = t->udma;
acpi->gtm.flags |= (1 << (2 * unit));
--
Thanks.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
next prev parent reply other threads:[~2012-10-20 12:00 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-20 10:19 [Bug 49151] New: NULL pointer dereference in pata_acpi bugzilla-daemon
2012-10-20 10:31 ` [Bug 49151] " bugzilla-daemon
2012-10-20 10:33 ` bugzilla-daemon
2012-10-20 12:00 ` [Bug 49151] New: " Borislav Petkov
2012-10-21 16:04 ` Phillip Wood
2012-10-21 16:57 ` Borislav Petkov
2012-10-22 15:47 ` Phillip Wood
2012-10-22 20:27 ` Borislav Petkov
2012-10-23 10:05 ` Alan Cox
2012-10-23 10:17 ` Borislav Petkov
2012-10-23 16:12 ` Borislav Petkov
2012-10-24 6:43 ` Anton V. Boyarshinov
2012-10-24 9:28 ` Phillip Wood
2012-10-24 10:57 ` Alan Cox
2012-11-03 4:26 ` Borislav Petkov
2012-11-03 16:30 ` Alan Cox
2012-11-03 16:48 ` Alan Cox
2012-11-16 4:50 ` Jeff Garzik
2012-10-20 12:00 ` bugzilla-daemon [this message]
2012-10-21 16:04 ` [Bug 49151] " bugzilla-daemon
2012-10-21 16:58 ` bugzilla-daemon
2012-10-22 12:15 ` bugzilla-daemon
2012-10-22 12:21 ` bugzilla-daemon
2012-10-22 12:42 ` bugzilla-daemon
2012-10-22 15:48 ` bugzilla-daemon
2012-10-22 20:27 ` bugzilla-daemon
2012-10-22 20:40 ` bugzilla-daemon
2012-10-22 21:06 ` bugzilla-daemon
2012-10-23 10:01 ` bugzilla-daemon
2012-10-23 10:17 ` bugzilla-daemon
2012-10-23 11:02 ` bugzilla-daemon
2012-10-23 12:54 ` bugzilla-daemon
2012-10-23 16:12 ` bugzilla-daemon
2012-10-23 16:39 ` bugzilla-daemon
2012-10-23 20:11 ` bugzilla-daemon
2012-10-23 20:41 ` bugzilla-daemon
2012-10-23 20:52 ` bugzilla-daemon
2012-10-23 21:10 ` bugzilla-daemon
2012-10-24 6:43 ` bugzilla-daemon
2012-10-24 9:28 ` bugzilla-daemon
2012-10-24 10:52 ` bugzilla-daemon
2012-10-24 15:25 ` bugzilla-daemon
2012-10-25 14:31 ` bugzilla-daemon
2012-10-29 13:15 ` bugzilla-daemon
2012-10-29 13:36 ` bugzilla-daemon
2012-11-01 15:18 ` bugzilla-daemon
2012-11-02 12:07 ` bugzilla-daemon
2012-11-03 4:23 ` bugzilla-daemon
2012-11-03 4:26 ` bugzilla-daemon
2012-11-03 7:37 ` bugzilla-daemon
2012-11-03 16:25 ` bugzilla-daemon
2012-11-03 16:43 ` bugzilla-daemon
2012-11-15 18:05 ` bugzilla-daemon
2012-11-15 18:07 ` bugzilla-daemon
2012-11-16 4:50 ` bugzilla-daemon
2012-11-16 4:59 ` bugzilla-daemon
2012-11-16 8:39 ` bugzilla-daemon
2012-11-17 16:29 ` bugzilla-daemon
2012-11-17 17:22 ` bugzilla-daemon
2012-11-25 12:55 ` bugzilla-daemon
2012-11-29 2:22 ` bugzilla-daemon
2012-11-29 11:21 ` bugzilla-daemon
2012-11-30 17:10 ` bugzilla-daemon
2012-12-02 17:46 ` bugzilla-daemon
2012-12-03 0:51 ` bugzilla-daemon
2012-12-03 3:39 ` bugzilla-daemon
2012-12-07 7:00 ` bugzilla-daemon
2012-12-18 7:13 ` bugzilla-daemon
2012-12-18 7:26 ` bugzilla-daemon
2012-12-18 12:48 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121020120052.536F511FC39@bugzilla.kernel.org \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-ide@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).