From: "Mario 'BitKoenig' Holbe" <Mario.Holbe@TU-Ilmenau.DE>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Matt Mackall <mpm@selenic.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: 2.6.37-rc7: Regression: b43: crashes in hwrng_register()
Date: Fri, 31 Dec 2010 00:17:55 +0100 [thread overview]
Message-ID: <20101230231754.GA28335@darkside.kls.lan> (raw)
In-Reply-To: <4D1D0C61.9050800@lwfinger.net>
[-- Attachment #1.1: Type: text/plain, Size: 2828 bytes --]
On Thu, Dec 30, 2010 at 04:49:05PM -0600, Larry Finger wrote:
> Added the two listed maintainers for hardware randon-number generators and
> dropped the wireless and b43 lists.
>
> Matt and Herbert:
>
> There is a regression in 2.6.37-rcX relative to 2.6.36. The problem shows as the
> following kernel BUG:
> [ 30.313362] BUG: unable to handle kernel paging request at 60870667
> [ 30.313372] IP: [<f8f4e3df>] hwrng_register+0x5f/0x14d [rng_core]
>
> Mario's box with this fault has two RNG devices - b43 and the one provided by
> via-rng. Experimentation has shown that if b43 is registered first, then there
> is no problem; however if via-rng is first, then the above BUG is triggered when
> b43 registers its hardware rng. This problem is a regression in that one of the
> changes in 2.6.37 has b43 registering its rng later in the startup sequence.
...
> Do you see any problems in the code in drivers/net/wireless/b43/main.c or
> drivers/char/hw_random/via-rng.c. As the latter seems to make b43 fail, I am
> suspecting via-rng, but I have no proof.
I believe I can confirm the bug does not directly belong to b43:
I created a second via-rng driver (just copied via-rng.c to via-rng2.c
and changed the via_rng.name) and modprobed it. I blacklisted b43 to
keep it out of the game.
Virtually the same crash dump as with b43 shows up when I modprobe
via-rng2 after via-rng is loaded already.
Attached is a dmesg excerpt from a 2.6.37-rc7 kernel built with Larrys
hwrng_debug patch applied (which basically calls dump_stack() in
hwrng_register()).
objdump of hw_random/core.o:
00000380 <hwrng_register>:
hwrng_register():
/tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:299
380: 56 push %esi
...
/tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:315
3d9: 8b 76 1c mov 0x1c(%esi),%esi
3dc: 83 ee 1c sub $0x1c,%esi
prefetch():
/tmp/1/linux-source-2.6.37-rc7/arch/x86/include/asm/processor.h:837
3df: 8b 46 1c mov 0x1c(%esi),%eax
3e2: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
hwrng_register():
/tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:315
3e6: 81 fe f8 ff ff ff cmp $0xfffffff8,%esi
hw_random/core.c:
313 /* Must not register two RNGs with the same name. */
314 err = -EEXIST;
315 list_for_each_entry(tmp, &rng_list, list) {
316 if (strcmp(tmp->name, rng->name) == 0)
317 goto out_unlock;
318 }
Larry: Thanks for your help!
regards
Mario
--
Goethe war nicht gerne Minister. Er beschaeftigte sich lieber geistig.
-- Lukasburger Stilblueten
[-- Attachment #1.2: 2.6.37-rc7+via-rng2.dmesg --]
[-- Type: text/plain, Size: 4008 bytes --]
[ 11.746521] VIA RNG detected
[ 11.746526] Calling hwrng_register
[ 11.746533] Pid: 770, comm: modprobe Not tainted 2.6.37-rc7-self #5
[ 11.746536] Call Trace:
[ 11.746546] [<f90ed3ac>] ? hwrng_register+0x2c/0x14d [rng_core]
[ 11.746554] [<f90fa023>] ? mod_init+0x23/0x3b [via_rng]
[ 11.746564] [<c1003069>] ? do_one_initcall+0x68/0x10f
[ 11.746574] [<c105f0d3>] ? sys_init_module+0xca5/0xe36
[ 11.746602] [<c1008b1f>] ? sysenter_do_call+0x12/0x28
...
[ 106.660466] VIA RNG detected
[ 106.660471] Calling hwrng_register
[ 106.660478] Pid: 2673, comm: modprobe Not tainted 2.6.37-rc7-self #5
[ 106.660482] Call Trace:
[ 106.660500] [<f90ed3ac>] ? hwrng_register+0x2c/0x14d [rng_core]
[ 106.660510] [<f830e023>] ? mod_init+0x23/0x3b [via_rng2]
[ 106.660520] [<c1003069>] ? do_one_initcall+0x68/0x10f
[ 106.660532] [<c105f0d3>] ? sys_init_module+0xca5/0xe36
[ 106.660600] [<c1008b1f>] ? sysenter_do_call+0x12/0x28
[ 106.660630] BUG: unable to handle kernel paging request at 7268d4f3
[ 106.660640] IP: [<f90ed3df>] hwrng_register+0x5f/0x14d [rng_core]
[ 106.660658] *pdpt = 0000000033c0a001 *pde = 0000000000000000
[ 106.660670] Oops: 0000 [#1] SMP
[ 106.660678] last sysfs file: /sys/module/rng_core/initstate
[ 106.660687] Modules linked in: via_rng2(+) uinput via drm rfcomm sco bnep l2cap crc16 parport_pc ppdev lp parport sbs sbshc power_meter pci_slot hed fan container acpi_cpufreq mperf cpufreq_conservative cpufreq_userspace cpufreq_stats cpufreq_powersave dm_crypt fuse loop eeprom via_cputemp i2c_dev nvram padlock_aes aes_i586 aes_generic padlock_sha sha256_generic sha1_generic via_rng rng_core msr cpuid snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss joydev snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd uvcvideo videodev v4l1_compat btusb ideapad_laptop soundcore video tpm_tis bluetooth psmouse i2c_viapro pcspkr tpm battery ac tpm_bios i2c_core evdev serio_raw power_supply snd_page_alloc output processor rfkill shpchp wmi pci_hotplug button ext3 jbd mbcache raid10 raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 multipath linear md_mod dm_mirror dm_region_hash dm_log dm_mod btrfs zlib_deflate crc32c libcrc32c sd_mod crc_t10dif ata_generic pata_via libata ssb uhci_hcd via_sdmmc ehci_hcd usbcore scsi_mod tg3 pcmcia mmc_core pcmcia_core libphy thermal thermal_sys nls_base [last unloaded: scsi_wait_scan]
[ 106.660952]
[ 106.660963] Pid: 2673, comm: modprobe Not tainted 2.6.37-rc7-self #5 MoutCook/20021,2959
[ 106.660975] EIP: 0060:[<f90ed3df>] EFLAGS: 00010216 CPU: 0
[ 106.660987] EIP is at hwrng_register+0x5f/0x14d [rng_core]
[ 106.660996] EAX: ffffffff EBX: f829e26c ECX: f90ed589 EDX: f829e267
[ 106.661006] ESI: 7268d4d7 EDI: f3c7eac0 EBP: f830e000 ESP: f72b9f14
[ 106.661015] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 106.661025] Process modprobe (pid: 2673, ti=f72b8000 task=f3ce30c0 task.ti=f72b8000)
[ 106.661033] Stack:
[ 106.661037] ffffffed 00000000 f830e023 f829e226 f829e290 c1003069 00000000 f829e290
[ 106.661055] 00000000 f3c7eac0 00000001 c105f0d3 00000017 f829e2d8 0000000a f829ac04
[ 106.661072] f3c7eac0 00000025 f829e3e0 f829a000 000010d4 f829a86c f829a788 f829ae7c
[ 106.661090] Call Trace:
[ 106.661102] [<f830e023>] ? mod_init+0x23/0x3b [via_rng2]
[ 106.661114] [<c1003069>] ? do_one_initcall+0x68/0x10f
[ 106.661126] [<c105f0d3>] ? sys_init_module+0xca5/0xe36
[ 106.661188] [<c1008b1f>] ? sysenter_do_call+0x12/0x28
[ 106.661195] Code: 1b c8 8b 35 1c d6 0e f9 59 83 ee 1c eb 1d 8b 13 8b 06 e8 84 16 06 c8 85 c0 75 0a be ef ff ff ff e9 d3 00 00 00 8b 76 1c 83 ee 1c <8b> 46 1c 0f 18 00 90 81 fe 00 d6 0e f9 75 d4 83 3d 2c d8 0e f9
[ 106.661280] EIP: [<f90ed3df>] hwrng_register+0x5f/0x14d [rng_core] SS:ESP 0068:f72b9f14
[ 106.661300] CR2: 000000007268d4f3
[ 106.661309] ---[ end trace 4fa39662da4e519f ]---
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 482 bytes --]
next prev parent reply other threads:[~2010-12-30 23:18 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-29 0:34 2.6.37-rc7: Regression: b43: crashes in hwrng_register() Larry Finger
2010-12-29 19:54 ` Mario 'BitKoenig' Holbe
2010-12-30 0:30 ` Larry Finger
2010-12-30 1:20 ` Mario 'BitKoenig' Holbe
2010-12-30 2:37 ` Larry Finger
2010-12-30 14:34 ` Mario 'BitKoenig' Holbe
2010-12-30 18:37 ` Larry Finger
2010-12-30 20:45 ` Mario 'BitKoenig' Holbe
2010-12-30 22:49 ` Larry Finger
2010-12-30 23:17 ` Mario 'BitKoenig' Holbe [this message]
2010-12-31 0:37 ` Herbert Xu
2010-12-31 0:46 ` Larry Finger
2010-12-31 2:25 ` Mario 'BitKoenig' Holbe
2010-12-31 2:46 ` Herbert Xu
2010-12-31 8:51 ` Mario 'BitKoenig' Holbe
2011-01-04 4:33 ` Herbert Xu
2011-01-04 12:19 ` Mario 'BitKoenig' Holbe
2011-01-04 12:38 ` Herbert Xu
2011-01-04 12:57 ` Mario 'BitKoenig' Holbe
2011-01-04 22:42 ` Herbert Xu
2011-01-04 23:06 ` Mario 'BitKoenig' Holbe
2011-01-04 23:26 ` Larry Finger
2011-01-04 23:35 ` Mario 'BitKoenig' Holbe
2011-01-05 0:30 ` Herbert Xu
2011-01-05 1:45 ` Mario 'BitKoenig' Holbe
2011-01-05 3:52 ` Mario 'BitKoenig' Holbe
2011-01-05 5:47 ` Herbert Xu
2011-01-05 13:16 ` Mario 'BitKoenig' Holbe
2011-01-06 6:12 ` Herbert Xu
2011-01-06 13:15 ` Mario 'BitKoenig' Holbe
2011-01-06 13:35 ` Herbert Xu
2011-01-06 13:56 ` Larry Finger
2011-01-06 14:42 ` Mario 'BitKoenig' Holbe
2011-01-07 3:49 ` Herbert Xu
2011-01-07 3:54 ` crypto: padlock - Move padlock.h into include/crypto Herbert Xu
2011-01-07 3:55 ` hwrng: via_rng - Fix memory scribbling on some CPUs Herbert Xu
2011-01-05 0:14 ` 2.6.37-rc7: Regression: b43: crashes in hwrng_register() Larry Finger
2011-01-05 0:19 ` Herbert Xu
2011-01-05 1:38 ` Larry Finger
2010-12-31 1:57 ` Michael Büsch
2010-12-31 2:25 ` Larry Finger
-- strict thread matches above, loose matches on Subject: below --
2010-12-28 13:32 Mario 'BitKoenig' Holbe
2010-12-29 10:30 ` Maciej Rutecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101230231754.GA28335@darkside.kls.lan \
--to=mario.holbe@tu-ilmenau.de \
--cc=Larry.Finger@lwfinger.net \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox