Oops in nsc-ircc driver

[kruegerha]

On another laptop I have a built-in IR-device, which I used with 4.14 kernel series without problems. Trying the irda module with kernel 5.15.52 results in an Oops, when the driver is loaded. (the external USB stir4200-based IR device works on this machine)

Here is the dmesg output of the Oops: (kernel 5.15.52-gentoo).

[ 6.078964] irda: loading out-of-tree module taints kernel. [ 6.082817] NET: Registered PF_IRDA protocol family [ 6.086646] nsc-ircc 00:06: [io 0x02f8-0x02ff] [ 6.086810] nsc-ircc 00:06: [dma 3] [ 6.099290] nsc-ircc 00:06: activated [ 6.099391] nsc-ircc, chip->init [ 6.099406] nsc-ircc, Found chip at base=0x02e [ 6.099449] nsc-ircc, driver loaded (Dag Brattli) [ 6.099472] BUG: kernel NULL pointer dereference, address: 0000000000000218 [ 6.099541] #PF: supervisor read access in kernel mode [ 6.099573] #PF: error_code(0x0000) - not-present page [ 6.099573] PGD 0 P4D 0 [ 6.099573] Oops: 0000 [#1] PREEMPT SMP PTI [ 6.099573] CPU: 1 PID: 1394 Comm: systemd-udevd Tainted: G O 5.15.52-gentoo #1 [ 6.099573] Hardware name: Acer Extensa 5620 /Columbia , BIOS V1.34 04/15/2008 [ 6.099573] RIP: 0010:dma_alloc_attrs+0x3/0x3e [ 6.099573] Code: 24 08 e8 4d dd 37 00 85 c0 74 02 0f 0b 48 8b 44 24 28 65 48 2b 04 25 28 00 00 00 74 05 e8 49 94 56 00 48 83 c4 30 c3 49 89 f9 <48> 8b bf 18 02 00 00 e8 f3 fa ff ff 49 83 b9 28 02 00 00 00 75 02 [ 6.099573] RSP: 0018:ffffc9000093bcd0 EFLAGS: 00010246 [ 6.100163] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000dc0 [ 6.100163] RDX: ffff888100ba2ad8 RSI: 0000000000003830 RDI: 0000000000000000 [ 6.100163] RBP: ffff888100ba2000 R08: 0000000000000000 R09: 0000000000000000 [ 6.100327] R10: 0000000000000001 R11: ffff8881014d3380 R12: ffff888100ba29e0 [ 6.100327] R13: 0000000000000000 R14: ffff888100ba2900 R15: ffffc9000093bd78 [ 6.100327] FS: 00007f0ee91667c0(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 6.100327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.100327] CR2: 0000000000000218 CR3: 0000000103db6000 CR4: 00000000000006e0 [ 6.100327] Call Trace: [ 6.100327] [ 6.100327] nsc_ircc_open+0x1ee/0x486 [nsc_ircc] [ 6.100851] ? kfree+0x94/0x9e [ 6.100851] ? _printk+0x53/0x6a [ 6.100851] nsc_ircc_init+0x147/0xb7a [nsc_ircc] [ 6.100851] ? nsc_ircc_open+0x486/0x486 [nsc_ircc] [ 6.100851] do_one_initcall+0x85/0x18b [ 6.100851] ? kmem_cache_alloc_trace+0xae/0xd5 [ 6.100851] do_init_module+0x46/0x1d4 [ 6.100851] __do_sys_finit_module+0x94/0xbb [ 6.100851] do_syscall_64+0x73/0x86 [ 6.100851] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 6.100851] RIP: 0033:0x7f0ee92aed49 [ 6.100851] Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a7 b0 0e 00 f7 d8 64 89 01 48 [ 6.100851] RSP: 002b:00007ffe4301d338 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 6.100851] RAX: ffffffffffffffda RBX: 000055bade2a33f0 RCX: 00007f0ee92aed49 [ 6.100851] RDX: 0000000000000000 RSI: 00007f0ee9424b85 RDI: 000000000000000e [ 6.100851] RBP: 0000000000020000 R08: 0000000000000000 R09: 000055bade2bc380 [ 6.100851] R10: 000000000000000e R11: 0000000000000246 R12: 00007f0ee9424b85 [ 6.100851] R13: 0000000000000000 R14: 000055bade2b9c60 R15: 000055bade2a33f0 [ 6.100851] [ 6.100851] Modules linked in: nsc_ircc(O+) irda(O) crc_ccitt video backlight [ 6.100851] CR2: 0000000000000218 [ 6.111472] ---[ end trace 3079cdda9a1637d0 ]--- [ 6.111544] RIP: 0010:dma_alloc_attrs+0x3/0x3e [ 6.111952] Code: 24 08 e8 4d dd 37 00 85 c0 74 02 0f 0b 48 8b 44 24 28 65 48 2b 04 25 28 00 00 00 74 05 e8 49 94 56 00 48 83 c4 30 c3 49 89 f9 <48> 8b bf 18 02 00 00 e8 f3 fa ff ff 49 83 b9 28 02 00 00 00 75 02 [ 6.112056] RSP: 0018:ffffc9000093bcd0 EFLAGS: 00010246 [ 6.112124] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000dc0 [ 6.112186] RDX: ffff888100ba2ad8 RSI: 0000000000003830 RDI: 0000000000000000 [ 6.112248] RBP: ffff888100ba2000 R08: 0000000000000000 R09: 0000000000000000 [ 6.112310] R10: 0000000000000001 R11: ffff8881014d3380 R12: ffff888100ba29e0 [ 6.112372] R13: 0000000000000000 R14: ffff888100ba2900 R15: ffffc9000093bd78 [ 6.112434] FS: 00007f0ee91667c0(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 6.112498] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.112564] CR2: 00007f0ee8c89c20 CR3: 0000000103db6000 CR4: 00000000000006e0

with kernel 4.14.282 this looks like this: [ 5.269947] irda: module is from the staging directory, the quality is unknown, you have been warned. [ 5.272573] NET: Registered protocol family 23 [ 5.273866] nsc_ircc: module is from the staging directory, the quality is unknown, you have been warned. [ 5.274361] nsc-ircc 00:06: [io 0x02f8-0x02ff] [ 5.274515] nsc-ircc 00:06: [irq 3] [ 5.274518] nsc-ircc 00:06: [dma 3] [ 5.275178] nsc-ircc 00:06: activated [ 5.275236] nsc-ircc, chip->init [ 5.275250] nsc-ircc, Found chip at base=0x02e [ 5.275292] nsc-ircc, driver loaded (Dag Brattli) [ 5.275469] IrDA: Registered device irda0 [ 5.275533] nsc-ircc, Found dongle: Supports SIR Mode only [ 5.275613] nsc-ircc, chip->init [ 5.275627] nsc-ircc, Found chip at base=0x02e [ 5.275669] nsc-ircc, driver loaded (Dag Brattli) [ 5.275674] nsc_ircc_open(), can't get iobase of 0x2f8

[cschramm]

I suspect CONFIG_ATALK again. The code handles a struct net_device there and probably the layout expected by the driver and the kernel does not match (because the driver expect atalk_ptr but not the kernel).

[kruegerha]

CONFIG_ATALK=m on this machine... also using the USB stir4200-based device works...

[cschramm]

Could you open drivers/nsc-ircc.ko in gdb and run list *(nsc_ircc_open+0x1ee)? I end up at https://github.com/cschramm/irda/blob/a0cb7c0c1defc422e87b9e35c72e99f27566da15/src/drivers/nsc-ircc.c#L433 on my side, but that does not make much sense to me.

[kruegerha]

Reading symbols from nsc-ircc.ko...
(gdb) list *(nsc_ircc_open+0x1ee)
0x1b6c is in nsc_ircc_open (/home/kruegerh/src/IRDA-HK/irda/src/drivers/nsc-ircc.c:439).
434 
435     /* Allocate memory if needed */
436     self->rx_buff.head =
437         dma_alloc_coherent(NULL, self->rx_buff.truesize,
438                     &self->rx_buff_dma, GFP_KERNEL | __GFP_ZERO);
439     if (self->rx_buff.head == NULL) {
440         err = -ENOMEM;
441         goto out2;
442 
443     }

[cschramm]

Ok, got it: Some drivers, including this one, are not using the DMA API properly and dma_alloc_coherent does not handle the NULL argument since 5.2 anymore. Could you test f6e171726a1c2eb4e033b43f53d5501dbaad84a6? Unfortunately I do expect more problems but am willing to get things running again.

[kruegerha]

Perfect! f6e1717 seems to cure the problem. The nsc_ircc module loads without problems now. I'm also able to "irattach irda0 -s" and to download data from my dive computer.

Thank you! Your work at irda is very much appreciated!

[ 6.056080] irda: loading out-of-tree module taints kernel. [ 6.061350] NET: Registered PF_IRDA protocol family [ 6.070930] nsc-ircc 00:06: [io 0x02f8-0x02ff] [ 6.071101] nsc-ircc 00:06: [dma 3] [ 6.072900] nsc-ircc 00:06: activated [ 6.072978] nsc-ircc, chip->init [ 6.072993] nsc-ircc, Found chip at base=0x02e [ 6.073036] nsc-ircc, driver loaded (Dag Brattli) [ 6.073318] IrDA: Registered device irda0 [ 6.073383] nsc-ircc, Found dongle: Supports SIR Mode only [ 6.073414] nsc-ircc, chip->init [ 6.073427] nsc-ircc, Found chip at base=0x02e [ 6.074626] nsc-ircc, driver loaded (Dag Brattli) [ 6.074648] nsc_ircc_open(), can't get iobase of 0x2f8

[cschramm]

Cool. I didn't really expect that to just work. :sweat_smile:

Please double check with bba06cd81300fe5273a65283c26d09b668fffef4 and also test rmmod nsc_ircc.

[kruegerha]

bba06cd also works as expected.

"rmmod nsc_ircc" unloads the module successfully.

[ 416.652818] nsc-ircc 00:06: disabled

:-)

[cschramm]

Perfect. Thanks. It's in master / main now.

For the record: smsc-ircc2 has basically the exact same changes as nsc-ircc. I added a platform_device to ali-ircc and w83977af_ir to achieve a similar structure - hope that works :shrug:. I dropped bfin_sir as it cannot compile anyway and Linux 4.17 dropped support for that platform altogether.