NetBSD Problem Report #48236
From Wolfgang.Stukenbrock@nagler-company.com Tue Sep 24 07:54:59 2013
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 0F7AD7259E
for <gnats-bugs@gnats.NetBSD.org>; Tue, 24 Sep 2013 07:54:59 +0000 (UTC)
Message-Id: <20130924075449.34B7D123B93@test-s0.nagler-company.com>
Date: Tue, 24 Sep 2013 09:54:49 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: iavc driver crashes during initialisation
X-Send-Pr-Version: 3.95
>Number: 48236
>Category: kern
>Synopsis: iavc driver crashes during initialisation
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Sep 24 07:55:01 +0000 2013
>Closed-Date: Sat Sep 22 11:58:36 +0000 2018
>Last-Modified: Sat Sep 22 11:58:36 +0000 2018
>Originator: Dr. Wolfgang Stukenbrock
>Release: NetBSD 6.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #3: Fri Dec 21 15:15:43 CET 2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
During pci-attach of the driver the mem-registers are accessed prior mapping them.
This results in a NULL-pointer access and a kernel crash.
I'm not shure why this has worked before (in 4.x and 5.x) - but now it no longer does.
PS. The autoconf routine complains the following:
"iavc has not been converted to device_t"
Perhaps this should be changed/fixed too ...
>How-To-Repeat:
Configure iavc driver and try to to boot the kernel - it will crash ...
>Fix:
The following patch for /usr/src/sys/dev/pci/iavc_pci.c will s lve this issue:
--- iavc_pci.c 2013/09/24 07:50:41 1.1
+++ iavc_pci.c 2013/09/24 07:51:08
@@ -138,8 +138,6 @@
sc->sc_dma = 0;
sc->dmat = pa->pa_dmat;
- iavc_b1dma_reset(sc);
-
if (pci_mapreg_map(pa, IAVC_PCI_IOBA, PCI_MAPREG_TYPE_IO, 0,
&sc->sc_io_bt, &sc->sc_io_bh, &psc->io_base, &psc->io_size)) {
aprint_error(": unable to map i/o registers\n");
@@ -153,6 +151,8 @@
}
aprint_normal(": %s\n", pp->name);
+ iavc_b1dma_reset(sc);
+
if (pp->npp_product == PCI_PRODUCT_AVM_T1) {
aprint_error_dev(&sc->sc_dev, "sorry, PRI not yet supported\n");
return;
>Release-Note:
>Audit-Trail:
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48236 CVS commit: src/sys/dev/pci
Date: Wed, 25 Sep 2013 18:54:48 +0000
Module Name: src
Committed By: martin
Date: Wed Sep 25 18:54:48 UTC 2013
Modified Files:
src/sys/dev/pci: iavc_pci.c
Log Message:
Avoid using unmaped PCI registers. From Wolfgang Stukenbrock in
PR kern/48236.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/dev/pci/iavc_pci.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/48236: iavc driver crashes during initialisation
Date: Wed, 25 Sep 2013 21:01:20 +0200
On Tue, Sep 24, 2013 at 07:55:01AM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
> PS. The autoconf routine complains the following:
> "iavc has not been converted to device_t"
> Perhaps this should be changed/fixed too ...
It has been fixed, but only in -current, and apparently not tested so far.
Pullup should be straightforward, could you try and report back? We can
do a pulup request then.
Martin
From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: kern/48236: iavc driver crashes during initialisation
Date: Thu, 26 Sep 2013 11:03:36 +0200
Hi again,
I had a look at the diff from 1.14 to 1.15.
The diff shows the same modification as I did (without the file version
number) And that version is coming up here.
remark: without this change the kernel crashed during boot in 6.1
I think you can/should pullup this change to 6.x - perhaps 5.x too, even
if there is no crash.
The diff from 1.13 to 1.14 looks OK, but does not compile ....
It sounds like the softtc-structure sc_dev is incorrect.
# compile NSW-svc-ISDN/iavc_pci.o
gcc -mno-sse -mno-sse2 -mno-sse3 -ffreestanding
-fno-zero-initialized-in-bss -O2 -fstack-protector -Wstack-protector
--param ssp-buffer-size=1 -fno-strict-aliasing -std=gnu99 -Werror -Wall
-Wno-main -Wno-format-zero-length -Wpointer-arith -Wmissing-prototypes
-Wstrict-prototypes -Wold-style-definition -Wswitch -Wshadow -Wcast-qual
-Wwrite-strings -Wno-unreachable-code -Wno-pointer-sign -Wno-attributes
-Wextra -Wno-unused-parameter -Wold-style-definition -Wno-sign-compare
-march=i686 -Di386 -I. -I../../../../../common/include
-I../../../../arch -I../../../.. -nostdinc -DAPM_NO_POWEROFF
-DMAXUSERS=64 -D_KERNEL -D_KERNEL_OPT -std=gnu99
-I../../../../lib/libkern/../../../common/lib/libc/quad
-I../../../../lib/libkern/../../../common/lib/libc/string
-I../../../../lib/libkern/../../../common/lib/libc/arch/i386/string
-I../../../../dist/ipf -I../../../../../common/include
-I../../../../external/bsd/acpica/dist/include -c
../../../../dev/pci/iavc_pci.c
../../../../dev/pci/iavc_pci.c: In function 'iavc_pci_attach':
../../../../dev/pci/iavc_pci.c:137:13: error: incompatible types when
assigning to type 'struct device' from type 'device_t'
../../../../dev/pci/iavc_pci.c:158:3: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:185:5: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:206:3: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:213:3: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:220:2: error: incompatible type for
argument 1 of 'device_xname'
../../../../sys/device.h:508:13: note: expected 'device_t' but argument
is of type 'struct device'
../../../../dev/pci/iavc_pci.c:240:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:247:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:255:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:262:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:270:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:277:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:284:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:291:7: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
../../../../dev/pci/iavc_pci.c:295:2: error: incompatible type for
argument 1 of 'device_xname'
../../../../sys/device.h:508:13: note: expected 'device_t' but argument
is of type 'struct device'
../../../../dev/pci/iavc_pci.c:296:3: error: incompatible type for
argument 1 of 'aprint_error_dev'
../../../../sys/systm.h:191:6: note: expected 'device_t' but argument is
of type 'struct device'
*** Error code 1
The files in dev/ic need some changes too - I cannot see any
modification in CVS till now.
The following patches do it for me (hope the copy-paste is done
correctly ..)
--- iavcvar.h.orig 2013-09-26 10:57:11.000000000 +0200
+++ iavcvar.h 2013-09-26 10:57:04.000000000 +0200
@@ -40,7 +40,7 @@
#define IAVC_DMA_SIZE (128 + 2048)
typedef struct iavc_softc {
- struct device sc_dev;
+ device_t sc_dev;
capi_softc_t sc_capi;
bus_space_handle_t sc_mem_bh;
--- iavc.c.ooo 2013-09-26 10:58:18.000000000 +0200
+++ iavc.c 2013-09-26 10:59:22.000000000 +0200
@@ -321,7 +321,7 @@
iavc_softc_t *sc = (iavc_softc_t*) capi_sc->ctx;
u_int8_t val;
- aprint_debug_dev(&sc->sc_dev, "reset card ....\n");
+ aprint_debug_dev(sc->sc_dev, "reset card ....\n");
if (sc->sc_dma)
iavc_b1dma_reset(sc); /* PCI cards */
@@ -332,17 +332,17 @@
DELAY(1000);
- aprint_debug_dev(&sc->sc_dev, "start loading %d bytes firmware\n",
len);
+ aprint_debug_dev(sc->sc_dev, "start loading %d bytes firmware\n", len);
while (len && b1io_save_put_byte(sc, *cp++) == 0)
len--;
if (len) {
- aprint_error_dev(&sc->sc_dev, "loading failed, can't write to
card, len = %d\n", len);
+ aprint_error_dev(sc->sc_dev, "loading failed, can't write to
card, len = %d\n", len);
return (EIO);
}
- aprint_debug_dev(&sc->sc_dev, "firmware loaded, wait for ACK\n");
+ aprint_debug_dev(sc->sc_dev, "firmware loaded, wait for ACK\n");
if(sc->sc_capi.card_type == CARD_TYPEC_AVM_B1_ISA)
iavc_put_byte(sc, SEND_POLL);
@@ -353,7 +353,7 @@
DELAY(100);
if (!iavc_rx_full(sc)) {
- aprint_error_dev(&sc->sc_dev, "loading failed, no ack\n");
+ aprint_error_dev(sc->sc_dev, "loading failed, no ack\n");
return (EIO);
}
@@ -361,11 +361,11 @@
if ((sc->sc_dma && val != RECEIVE_POLLDWORD) ||
(!sc->sc_dma && val != RECEIVE_POLL)) {
- aprint_error_dev(&sc->sc_dev, "loading failed, bad ack =
%02x\n", val);
+ aprint_error_dev(sc->sc_dev, "loading failed, bad ack = %02x\n",
val);
return (EIO);
}
- aprint_debug_dev(&sc->sc_dev, "got ACK = 0x%02x\n", val);
+ aprint_debug_dev(sc->sc_dev, "got ACK = 0x%02x\n", val);
/* Start the DMA engine */
if (sc->sc_dma) {
@@ -452,7 +452,7 @@
u_int8_t *p;
if (!m) {
- aprint_error_dev(&sc->sc_dev, "can't get memory\n");
+ aprint_error_dev(sc->sc_dev, "can't get memory\n");
return (ENOMEM);
}
@@ -477,7 +477,7 @@
iavc_softc_t *sc = (iavc_softc_t*) capi_sc->ctx;
if (sc->sc_state != IAVC_UP) {
- aprint_error_dev(&sc->sc_dev, "attempt to send before device up\n");
+ aprint_error_dev(sc->sc_dev, "attempt to send before device up\n");
if (m->m_next) i4b_Bfreembuf(m->m_next);
i4b_Dfreembuf(m);
@@ -488,7 +488,7 @@
if (IF_QFULL(&sc->sc_txq)) {
IF_DROP(&sc->sc_txq);
- aprint_error_dev(&sc->sc_dev, "tx overflow, message dropped\n");
+ aprint_error_dev(sc->sc_dev, "tx overflow, message dropped\n");
if (m->m_next) i4b_Bfreembuf(m->m_next);
i4b_Dfreembuf(m);
@@ -518,7 +518,7 @@
int s;
if (!m) {
- aprint_error_dev(&sc->sc_dev, "can't get memory\n");
+ aprint_error_dev(sc->sc_dev, "can't get memory\n");
return (ENOMEM);
}
@@ -591,7 +591,7 @@
#if 0
{
int len = 0;
- printf("%s: rx_init: ", device_xname(&sc->sc_dev));
+ printf("%s: rx_init: ", device_xname(sc->sc_dev));
while (len < Length) {
printf(" %02x", p[len]);
if (len && (len % 16) == 0) printf("\n");
@@ -617,14 +617,14 @@
if (cardtype && serial && profile) {
int nbch = ((profile[3]<<8) | profile[2]);
- aprint_normal_dev(&sc->sc_dev, "AVM %s, s/n %s, %d chans, f/w
rev %s, prot %s\n",
+ aprint_normal_dev(sc->sc_dev, "AVM %s, s/n %s, %d chans, f/w rev
%s, prot %s\n",
cardtype, serial, nbch, vers, prot);
- aprint_verbose_dev(&sc->sc_dev, "%s\n", caps);
+ aprint_verbose_dev(sc->sc_dev, "%s\n", caps);
capi_ll_control(&sc->sc_capi, CAPI_CTRL_PROFILE, (intptr_t)
profile);
} else {
- printf("%s: no profile data in info response?\n",
device_xname(&sc->sc_dev));
+ printf("%s: no profile data in info response?\n",
device_xname(sc->sc_dev));
}
sc->sc_blocked = 1; /* controller will send START when ready */
@@ -637,10 +637,10 @@
u_int8_t *p;
if (sc->sc_blocked && sc->sc_state == IAVC_UP)
- printf("%s: receive_start\n", device_xname(&sc->sc_dev));
+ printf("%s: receive_start\n", device_xname(sc->sc_dev));
if (!m) {
- aprint_error_dev(&sc->sc_dev, "can't get memory\n");
+ aprint_error_dev(sc->sc_dev, "can't get memory\n");
return (ENOMEM);
}
@@ -655,7 +655,7 @@
IF_PREPEND(&sc->sc_txq, m);
NDBGL4(L4_IAVCDBG, "%s: blocked = %d, state = %d",
- device_xname(&sc->sc_dev), sc->sc_blocked, sc->sc_state);
+ device_xname(sc->sc_dev), sc->sc_blocked, sc->sc_state);
sc->sc_blocked = 0;
iavc_start_tx(sc);
@@ -671,7 +671,7 @@
static int iavc_receive_stop(iavc_softc_t *sc)
{
- printf("%s: receive_stop\n", device_xname(&sc->sc_dev));
+ printf("%s: receive_stop\n", device_xname(sc->sc_dev));
sc->sc_blocked = 1;
return 0;
}
@@ -714,7 +714,7 @@
{
u_int32_t TaskId, Length;
u_int8_t *p;
- printf("%s: receive_task_ready\n", device_xname(&sc->sc_dev));
+ printf("%s: receive_task_ready\n", device_xname(sc->sc_dev));
if (sc->sc_dma) {
p = amcc_get_word(dmabuf, &TaskId);
@@ -733,7 +733,7 @@
{
u_int32_t Length;
u_int8_t *p;
- printf("%s: receive_debugmsg\n", device_xname(&sc->sc_dev));
+ printf("%s: receive_debugmsg\n", device_xname(sc->sc_dev));
if (sc->sc_dma) {
p = amcc_get_word(dmabuf, &Length);
@@ -778,7 +778,7 @@
m = i4b_Dgetmbuf(Length);
if (!m) {
- aprint_error_dev(&sc->sc_dev, "can't get memory for receive\n");
+ aprint_error_dev(sc->sc_dev, "can't get memory for receive\n");
return (ENOMEM);
}
@@ -788,7 +788,7 @@
{
u_int8_t *p = mtod(m, u_int8_t*);
int len = 0;
- printf("%s: applid=%d, len=%d\n", device_xname(&sc->sc_dev),
+ printf("%s: applid=%d, len=%d\n", device_xname(sc->sc_dev),
ApplId, Length);
while (len < m->m_len) {
printf(" %02x", p[len]);
@@ -809,7 +809,7 @@
m->m_next = i4b_Bgetmbuf(Length);
if (!m->m_next) {
- aprint_error_dev(&sc->sc_dev, "can't get memory for receive\n");
+ aprint_error_dev(sc->sc_dev, "can't get memory for receive\n");
i4b_Dfreembuf(m);
return (ENOMEM);
}
@@ -937,7 +937,7 @@
break;
default:
- aprint_error_dev(&sc->sc_dev, "unknown msg %02x\n", cmd);
+ aprint_error_dev(sc->sc_dev, "unknown msg %02x\n", cmd);
}
}
@@ -1070,7 +1070,7 @@
u_int8_t *p = mtod(m, u_int8_t*) + 2;
int len;
- printf("%s: tx BDC msg, len = %d, msg =", device_xname(&sc->sc_dev),
+ printf("%s: tx BDC msg, len = %d, msg =", device_xname(sc->sc_dev),
m->m_len-2);
for (len = 0; len < m->m_len-2; len++) {
printf(" %02x", *p++);
Martin Husemann wrote:
> The following reply was made to PR kern/48236; it has been noted by GNATS.
>
> From: Martin Husemann <martin@duskware.de>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/48236: iavc driver crashes during initialisation
> Date: Wed, 25 Sep 2013 21:01:20 +0200
>
> On Tue, Sep 24, 2013 at 07:55:01AM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
> > PS. The autoconf routine complains the following:
> > "iavc has not been converted to device_t"
> > Perhaps this should be changed/fixed too ...
>
> It has been fixed, but only in -current, and apparently not tested so far.
> Pullup should be straightforward, could you try and report back? We can
> do a pulup request then.
>
> Martin
>
>
State-Changed-From-To: open->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sat, 22 Sep 2018 11:58:36 +0000
State-Changed-Why:
iavc was removed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home