2008/11/20 Németh Márton <[EMAIL PROTECTED]>: > Hi, > > I can trigger a NULL pointer reference with the em28xx-aad module. > > Steps to reproduce: > 1. Boot computer > 2. modprobe -k em28xx-aad > 3. Plug Pinnacle Hybrid Pro Stick (320e) > 4. rmmod em28xx-aad > > Current result: segmentation fault of rmmod and some error message in dmesg. I > attached a patch which adds BUG_ON to the critical point at em28xx-aad.c >
I know about that one, I had to write that driver quickly and modify tvtime to support it since there was a request for it. The correct way would be to do it like in the em28xx-audio driver, to initialize a waitqueue, and wait till the last user closes the aad node. Do you want to write a patch for it? (em28xx-audio, em28xx-video basically use the same system). br, Markus > [ 563.253374] Linux video capture interface: v2.00 > [ 563.279996] em28xx v4l2 driver version 0.0.1 loaded > [ 563.286122] usbcore: registered new interface driver em28xx > [ 563.302980] initializing Empia Audio Driver > [ 563.303560] Copyright (C) 2008 Empia Technology Inc > [ 563.303938] Copyright (C) 2008 Sundtek Ltd. > [ 565.810070] usb 1-3: new high speed USB device using ehci_hcd and address 3 > [ 565.939187] usb 1-3: configuration #1 chosen from 1 choice > [ 565.946422] em28xx: new video device (eb1a:2881): interface 0, class 255 > [ 565.946952] em28xx: device is attached to a USB 2.0 bus > [ 565.947432] em28xx #0: Alternate settings: 8 > [ 565.947796] em28xx #0: Alternate setting 0, max size= 0 > [ 565.948198] em28xx #0: Alternate setting 1, max size= 0 > [ 565.948566] em28xx #0: Alternate setting 2, max size= 1448 > [ 565.948985] em28xx #0: Alternate setting 3, max size= 2048 > [ 565.949393] em28xx #0: Alternate setting 4, max size= 2304 > [ 565.949757] em28xx #0: Alternate setting 5, max size= 2580 > [ 565.950158] em28xx #0: Alternate setting 6, max size= 2892 > [ 565.950526] em28xx #0: Alternate setting 7, max size= 3072 > [ 566.173552] em28xx #0 at em28xx_gpio_control: <3>register disabled: > command=0x6, gpio_value=0x0 > [ 566.413989] em28xx #0 at em28xx_gpio_control: <3>register disabled: > command=0xF, gpio_value=0x0 > [ 566.480763] attach_inform: tvp5150 detected. > [ 566.527532] tvp5150 1-005c: tvp5150am1 detected. > [ 568.113767] successfully attached tuner > [ 568.126851] em28xx #0: V4L2 VBI device registered as /dev/vbi0 > [ 568.151751] em28xx #0: V4L2 device registered as /dev/video0 > [ 568.154976] input: em2880/em2870 remote control as /class/input/input12 > [ 568.164485] em28xx-input.c: remote control handler attached > [ 568.164808] em28xx #0: Found Pinnacle Hybrid Pro > [ 568.165674] audio device (eb1a:2881): interface 1, class 1 > [ 568.166150] audio device (eb1a:2881): interface 2, class 1 > [ 568.348777] em2880-dvb.c: DVB Init > [ 568.383000] em28xx #0 at em28xx_gpio_control: <3>register disabled: > command=0x6, gpio_value=0x0 > [ 568.457339] usbcore: registered new interface driver snd-usb-audio > [ 568.923199] DVB: registering new adapter (em2880 DVB-T) > [ 568.923937] DVB: registering frontend 0 (Zarlink ZL10353 DVB-T)... > [ 568.934770] Em28xx: Initialized (Em2880 DVB Extension) extension > [ 579.291192] releasing Empia Audio Driver > [ 579.291803] ------------[ cut here ]------------ > [ 579.291815] kernel BUG at /usr/src/mcentral.de/em28xx-new/em28xx-aad.c:373! > [ 579.291824] invalid opcode: 0000 [#1] PREEMPT > [ 579.291834] Modules linked in: snd_usb_audio em28xx_dvb snd_usb_lib > snd_hwdep drx3973d s921 mt2060 lgdt3304 zl10353 lgdt330x dvb_core qt1010 > tuner_xc3028 > tvp5150 em28xx_aad(-) em28xx videodev v4l1_compat ppdev lp cpufreq_ondemand > cpufreq_conservative ipv6 xt_tcpudp iptable_filter ip_tables x_tables > leds_clevo_mail led_class via via_agp drm agpgart eeprom snd_pcm_oss > snd_mixer_oss cpufreq_userspace cpufreq_powersave powernow_k8 fan usbhid > snd_via82xx > snd_mpu401_uart pcmcia snd_via82xx_modem snd_seq_midi firmware_class > snd_ac97_codec snd_seq_midi_event ac97_bus mousedev snd_rawmidi snd_pcm > snd_seq snd_timer > snd_seq_device snd 8139too mii i2c_viapro k8temp soundcore yenta_socket video > snd_page_alloc hwmon uhci_hcd bitrev crc32 rsrc_nonstatic i2c_core psmouse > 8250_pnp ehci_hcd backlight pcspkr ide_cd_mod 8250 output serio_raw cdrom > usbcore pcmcia_core parport_pc serial_core parport battery ac thermal button > processor > evdev > [ 579.292021] > [ 579.292021] Pid: 7845, comm: rmmod Not tainted (2.6.27.5 #2) > [ 579.292021] EIP: 0060:[<f8c410a0>] EFLAGS: 00210246 CPU: 0 > [ 579.292021] EIP is at em28xx_aad_fini+0x80/0x90 [em28xx_aad] > [ 579.292021] EAX: f69d6000 EBX: 00000000 ECX: 00000000 EDX: f8ec5d40 > [ 579.292021] ESI: f69d6000 EDI: 00000000 EBP: f44a3f28 ESP: f44a3f20 > [ 579.292021] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > [ 579.292021] Process rmmod (pid: 7845, ti=f44a2000 task=f6984020 > task.ti=f44a2000) > [ 579.292021] Stack: f69d6030 f8c421e0 f44a3f40 f8eab2aa f44a3f40 c0329a16 > 00000000 f8c42280 > [ 579.292021] f44a3f4c f8c41800 f8c4182c f44a3fb0 c014ca68 f8c4228c > 38326d65 615f7878 > [ 579.292021] f4006461 f44a3f9c c0175651 ffffffff b7f2d000 b7f2d000 > 00200246 00000001 > [ 579.292021] Call Trace: > [ 579.292021] [<f8eab2aa>] ? em28xx_unregister_extension+0x3a/0x90 [em28xx] > [ 579.292021] [<c0329a16>] ? printk+0x18/0x1a > [ 579.292021] [<f8c41800>] ? em28xx_aad_exit+0x1c/0x21 [em28xx_aad] > [ 579.292021] [<c014ca68>] ? sys_delete_module+0x158/0x220 > [ 579.292021] [<c0175651>] ? do_munmap+0x1e1/0x240 > [ 579.292021] [<c0233838>] ? trace_hardirqs_on_thunk+0xc/0x10 > [ 579.292021] [<c0103309>] ? sysenter_do_call+0x12/0x31 > [ 579.292021] ======================= > [ 579.292021] Code: 44 89 42 04 89 10 89 d8 c7 43 44 00 01 10 00 c7 43 48 00 > 02 20 00 e8 50 1a 54 c7 31 c0 c7 86 b8 0d 00 00 00 00 00 00 5b 5e 5d c3 <0f> > 0b eb > fe 8d b6 00 00 00 00 8d bf 00 00 00 00 55 89 e5 53 89 > [ 579.292021] EIP: [<f8c410a0>] em28xx_aad_fini+0x80/0x90 [em28xx_aad] > SS:ESP 0068:f44a3f20 > [ 579.292450] ---[ end trace c2f7f7ccc6e31820 ]--- > > _______________________________________________ > Em28xx mailing list > [email protected] > http://mcentral.de/mailman/listinfo/em28xx > > _______________________________________________ Em28xx mailing list [email protected] http://mcentral.de/mailman/listinfo/em28xx
