NetBSD Problem Report #56286
From martin@duskware.de Wed Jun 30 10:39:45 2021
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 9A3EF1A921F
for <gnats-bugs@gnats.NetBSD.org>; Wed, 30 Jun 2021 10:39:45 +0000 (UTC)
Message-Id: <20210630103935.6C5405CC7E5@emmas.aprisoft.de>
Date: Wed, 30 Jun 2021 12:39:35 +0200 (CEST)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: current kernel crashes trying to load radeon firmware
X-Send-Pr-Version: 3.95
>Number: 56286
>Category: kern
>Synopsis: current kernel crashes trying to load radeon firmware
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jun 30 10:40:00 +0000 2021
>Closed-Date: Tue May 17 02:04:39 +0000 2022
>Last-Modified: Tue May 17 02:04:39 +0000 2022
>Originator: Martin Husemann
>Release: NetBSD 9.99.86
>Organization:
Thet NetBSD Foundation, Inc.
>Environment:
System: NetBSD night-owl.duskware.de 9.99.82 NetBSD 9.99.82 (NIGHT-OWL) #730: Mon May 10 12:04:13 CEST 2021 martin@night-owl.duskware.de:/usr/src/sys/arch/amd64/compile/NIGHT-OWL amd64
(this is an older kernel that works)
Architecture: x86_64
Machine: amd64
>Description:
Trying to boot a current kernel on this machine crashes in
vn_open+0x33a
firmware_open
..
radeon drm code trying to load r600 firmware
..
ret_domove is NULL here:
0xffffffff80a8b504 is in vn_open (../../../../kern/vfs_vnops.c:358).
353 *ret_domove = true;
354 *ret_fd = l->l_dupfd;
355 error = 0;
356 } else if (error == 0) {
357 *ret_vp = vp;
358 *ret_domove = false;
>How-To-Repeat:
Try to boot -current.
>Fix:
n/a
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/56286: current kernel crashes trying to load radeon
firmware
Date: Wed, 30 Jun 2021 12:45:42 +0200
The same crash happens on sparc64 when trying to mount kernfs via a loaded
module (or maybe on any module load and this is just the first):
[ 37.7700414] cpu1: data fault: pc=1672530 rpc=103756040 addr=0
[ 37.8300395] kernel trap 30: data access exception
Stopped in pid 457.457 (mount_kernfs) at netbsd:vn_open+0x150: stb $
%g0, [%g1 + %g0]
db{1}> bt
kobj_load_vfs(104425890, 10447b4b0, 1, 2, 1042c6a60, 1043f3740) at netbsd:kobj_l
oad_vfs+0x68
module_load_vfs(1cf74fbf8, 0, 1, 104425880, 1cf74fa00, 10447b4b0) at netbsd:modu
le_load_vfs+0x2f8
module_do_load(1cf74fbf8, 0, 0, 0, 0, 2) at netbsd:module_do_load+0x78c
module_autoload(1cf74fbf8, 2, 1a, 0, 1044a8080, 0) at netbsd:module_autoload+0xe
0
do_sys_mount(1044aa040, 101820, 1cf74fbf8, ffffffffffffd2b0, 0, 0) at netbsd:do_
sys_mount+0x1a0
sys___mount50(1044aa040, 1cf74fde0, 1cf74fdd0, 1, 40413278, 0) at netbsd:sys___m
ount50+0x28
syscall(1cf74fed0, 1c5d718, 40765b10, 1044aa040, 6, 1cf74ff68) at netbsd:syscall
+0x318
(gdb) list *(vn_open+0x150)
0x1672530 is in vn_open (../../../../kern/vfs_vnops.c:358).
353 *ret_domove = true;
354 *ret_fd = l->l_dupfd;
355 error = 0;
356 } else if (error == 0) {
357 *ret_vp = vp;
358 *ret_domove = false;
359 *ret_fd = -1;
360 }
361 l->l_dupfd = 0;
362 return error;
Martin
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56286 CVS commit: src/sys/kern
Date: Wed, 30 Jun 2021 07:20:33 -0400
Module Name: src
Committed By: christos
Date: Wed Jun 30 11:20:33 UTC 2021
Modified Files:
src/sys/kern: vfs_vnops.c
Log Message:
PR/56286: Martin Husemann: Fix NULL deref on kmod load.
- No need to set ret_domove and ret_fd in the regular case, they are meaningless
- KASSERT instead of setting errno and then doing the NULL deref.
To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 src/sys/kern/vfs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/56286: current kernel crashes trying to load radeon firmware
Date: Wed, 30 Jun 2021 18:12:24 +0000
From: "David A. Holland" <dholland@netbsd.org>
To: source-changes@NetBSD.org
Subject: CVS commit: src/sys/kern
Date: Wed, 30 Jun 2021 17:51:49 +0000
Mail-Followup-To: source-changes-d@NetBSD.org
Module Name: src
Committed By: dholland
Date: Wed Jun 30 17:51:49 UTC 2021
Modified Files:
src/sys/kern: vfs_vnops.c
Log Message:
Improve Christos's vn_open fix.
- assert about api misuse up front (suggested by riastradh)
- restore the behavior of returning EOPNOTSUPP if ret_fd is NULL and we
get a fd back (otherwise things like ktruss -o /dev/stderr panic)
- clear error to 0 for the EDUPFD and EMOVEFD cases so opening a
cloner succeeds
To generate a diff of this commit:
cvs rdiff -u -r1.217 -r1.218 src/sys/kern/vfs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Tue, 17 May 2022 02:04:39 +0000
State-Changed-Why:
christos and dholland fixed this.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home