From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: John Stultz <john.stultz@linaro.org>
Cc: tglx@linutronix.de, xen-devel@lists.xensource.com,
linux-kernel@vger.kernel.org
Subject: Re: [Xen-devel] Re: 2.6.39 crashes BUG: unable to handle kernel NULL pointer dereference at 000000000000042 .. cmos_checkintr+0x4d/0x55 under Xen as PV guest.
Date: Thu, 24 Mar 2011 08:27:55 -0400 [thread overview]
Message-ID: <20110324122755.GA31974@dumpdata.com> (raw)
In-Reply-To: <20110322143841.GA26952@dumpdata.com>
On Tue, Mar 22, 2011 at 10:38:41AM -0400, Konrad Rzeszutek Wilk wrote:
> > > No. 2.6.38 vaniall works great.
> >
> > Ok. Hrm.
> >
> > > > Any insight there?
> > >
> > > I hoped you might have :-)
> >
> > Could you help me understand where in the probe logic xen bombs out of
> > the cmos code?
>
> Sure. The issue is that rtc_update_irq calls schedule_work with rtc->irqwork
> which has not been initialized. The reason for that is that rtc_device_register
> has never been called.. uh wait, that does not make sense, it is called in
> cmos_do_probe. Hmm, let get find out exactly on which variable queue_work_on
> bombs out on.
The problem is this:
cmos_do_probe does:
cmos_rtc.dev = dev;
dev_set_drvdata(dev, &cmos_rtc);
which means that dev->p->private_data contains cmos_rtc. And
dev->p->private_data->rtc is a NULL pointer. The next function:
cmos_rtc.rtc = rtc_device_register(driver_name, dev,
&cmos_rtc_ops, THIS_MODULE);
'rtc_device_register' creates an 'rtc' structure and sets
its parent to be:
rtc->dev.parent = dev;
and later on it does:
if (!err && !rtc_valid_tm(&alrm.time))
rtc_set_alarmtrtc, &alrm);
rtc_set_alarm calls rtc_timer_enqueue which calls __rtc_set_alarm.
__rtc_set_alarms calls 'cmos_set_alarm' via:
err = rtc->ops->set_alarm(rtc->dev.parent, alarm);
which is basically passing in 'dev' to 'cmos_set_alarm', and
'cmos_set_alarm' uses the dev to:
struct cmos_rtc *cmos = dev_get_drvdata(dev);
(so get the from dev->p->private_data the cmos_rtc).
get the 'cmos' (which is what 'cmos_rtc'). Great... except
then it ends up trying to dereference cmos->rtc.irqwork (via
cmos_irq_disable(cmos, .. and somehere in its chain calls
schedule_work(cmos->rtc) whcih ends up blowing up b/c
cmos_rtc.rtc has not been set yet.
The cmos_rtc.rtc is set when the when 'rtc_device_register'
finish, which it hadn't yet done.
git gui blame tells me to look at
f44f7f96a20af16f6f12e1c995576d6becf5f57b
next prev parent reply other threads:[~2011-03-24 12:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-18 20:38 2.6.39 crashes BUG: unable to handle kernel NULL pointer dereference at 000000000000042 .. cmos_checkintr+0x4d/0x55 under Xen as PV guest Konrad Rzeszutek Wilk
2011-03-18 21:59 ` John Stultz
2011-03-19 2:51 ` Konrad Rzeszutek Wilk
2011-03-21 19:40 ` John Stultz
2011-03-22 14:38 ` Konrad Rzeszutek Wilk
2011-03-24 12:27 ` Konrad Rzeszutek Wilk [this message]
2011-03-24 19:05 ` [Xen-devel] " John Stultz
2011-03-24 20:39 ` John Stultz
2011-03-25 12:21 ` Konrad Rzeszutek Wilk
2011-03-19 9:28 ` Richard Cochran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110324122755.GA31974@dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).