Re: [crash] af9005_usb_module_init(): BUG: unable to handle kernel paging request at ff100000

[Daniel Walker <dwalker@fifo99.com>]

On Tue, 2009-02-03 at 21:41 +0100, Luca Olivetti wrote:

> No, I don't have 2.6.28, but I guess that maybe once usb_register is
> called the dvb-usb subsystem asynchronously (is that an smp system?)
> starts polling the remote before the rc_decode function pointer has been
> initialized.
> Could you try to initialize it to NULL before calling usb_register?

What happens to the decode function when you have,

CONFIG_DVB_USB_AF9005=y
CONFIG_DVB_USB_AF9005_REMOTE=n

It seems that the decode function is defined inside,
drivers/media/dvb/dvb-usb/af9005-remote.c

but that doesn't get compiled in the case above. It looks like you end
up with af9005_rc_decode being a function local weak symbol
(uninitialized) which then gets assigned to rc_decode .. I think the
crash actually happens on rc_keys_size which get assigned another
uninitialized local, and it gets de-referenced .

Here's a patch I compile tested, and I think it would fix the issue.

--

The Afatech AF9005 uses some functions and variables from the optional
remote code. If the remote code is disabled it's possible the kernel
could crash while access the missing variables. This patch adds ifdefs
to remove any usage of the remote variables when the remote isn't
compiled.

Signed-off-by: Daniel Walker <dwalker@fifo99.com>

diff --git a/drivers/media/dvb/dvb-usb/af9005.c b/drivers/media/dvb/dvb-usb/af9005.c
index ca5a0a4..69b9b1b 100644
--- a/drivers/media/dvb/dvb-usb/af9005.c
+++ b/drivers/media/dvb/dvb-usb/af9005.c
@@ -41,11 +41,17 @@ MODULE_PARM_DESC(dump_eeprom, "dump contents of the eeprom.");
 
 DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr);
 
+#ifdef CONFIG_DVB_USB_AF9005_REMOTE
 /* remote control decoder */
 static int (*rc_decode) (struct dvb_usb_device *d, u8 *data, int len,
 		u32 *event, int *state);
 static void *rc_keys;
 static int *rc_keys_size;
+#else
+static inline int
+rc_decode(struct dvb_usb_device *d, u8 *data,
+	int len, u32 *event, int *state) { return 0; }
+#endif
 
 u8 regmask[8] = { 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f, 0xff };
 
@@ -1108,6 +1114,7 @@ static int __init af9005_usb_module_init(void)
 		err("usb_register failed. (%d)", result);
 		return result;
 	}
+#ifdef CONFIG_DVB_USB_AF9005_REMOTE
 	rc_decode = symbol_request(af9005_rc_decode);
 	rc_keys = symbol_request(af9005_rc_keys);
 	rc_keys_size = symbol_request(af9005_rc_keys_size);
@@ -1118,12 +1125,15 @@ static int __init af9005_usb_module_init(void)
 		af9005_properties.rc_key_map = rc_keys;
 		af9005_properties.rc_key_map_size = *rc_keys_size;
 	}
-
+#else
+	af9005_properties.rc_query = NULL;
+#endif
 	return 0;
 }
 
 static void __exit af9005_usb_module_exit(void)
 {
+#ifdef CONFIG_DVB_USB_AF9005_REMOTE 
 	/* release rc decode symbols */
 	if (rc_decode != NULL)
 		symbol_put(af9005_rc_decode);
@@ -1131,6 +1141,7 @@ static void __exit af9005_usb_module_exit(void)
 		symbol_put(af9005_rc_keys);
 	if (rc_keys_size != NULL)
 		symbol_put(af9005_rc_keys_size);
+#endif
 	/* deregister this driver from the USB subsystem */
 	usb_deregister(&af9005_usb_driver);
 }