search

newracom / nrc7292_sw_pkg

NRC7292 Software Package for Host mode (Linux OS)
http://www.newracom.com/product
GNU General Public License v2.0
58 stars 27 forks source link

Unloading the module when the underlying SPI module has disappeared will result in kernel oops #90

Open Avamander opened 7 months ago

Avamander commented 7 months ago

Just trying to unload the module when the underlying SPI device has disappeared will cause a kernel oops.

Unable to handle kernel paging request at virtual address 003a312d312f315c
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
[003a312d312f315c] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in: spi_ft232h(O) nrc(O-) vc4 snd_soc_hdmi_codec brcmfmac drm_display_helper cec snd_soc_core brcmutil snd_compress snd_pcm_dmaengine raspberrypi_hwmon bcm2835_codec(C) i2c_bcm2835 v4l2_mem2mem bcm2835_isp(C) videobuf2_dma_contig bcm2835_v4l2(C) bcm2835_mmal_vchiq(C) snd_bcm2835(C) videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 snd_pcm videobuf2_common videodev snd_timer spi_bcm2835 snd mc vc_sm_cma(C) uio_pdrv_genirq uio mac80211 libarc4 cfg80211 rfkill beepy_kbd(O) sharp(O) drm_dma_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_dev drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: spi_ft232h(O)]
CPU: 1 PID: 1434 Comm: rmmod Tainted: G         C O       6.1.21-v8+ #1642
Hardware name: Raspberry Pi Zero 2 W Rev 1.0 (DT)
pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mutex_lock.isra.17+0x80/0xa78
lr : __mutex_lock.isra.17+0x44/0xa78
sp : ffffffc008be3c10
x29: ffffffc008be3c10 x28: ffffff8001ef1ec0 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 4f49544341003170
x23: 0000000000000002 x22: ffffffd5a54ad858 x21: ffffffd5a54ad858
x20: ffffff8006cc0080 x19: ffffff8006cc0080 x18: 0000000000000000
x17: 0000000000000000 x16: ffffffd5a4dd88d8 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
x11: fefefefefefefeff x10: 0000007ffffffff8 x9 : ffffffd5a5169d5c
x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefefefefefeff
x5 : ffffff8001ef1ec0 x4 : 313a312d312f3128 x3 : 313a312d312f312d
x2 : ffffff8001ef1ec0 x1 : ffffffd5a5170c38 x0 : 313a312d312f3128
Call trace:
 __mutex_lock.isra.17+0x80/0xa78
 __mutex_lock_slowpath+0x1c/0x28
 mutex_lock+0x3c/0x68
 device_del+0x4c/0x3b8
 spi_unregister_device+0x50/0xa0
 nrc_cspi_exit+0x1c/0x1940 [nrc]
 __arm64_sys_delete_module+0x1b4/0x278
 invoke_syscall+0x4c/0x110
 el0_svc_common.constprop.3+0xfc/0x120
 do_el0_svc+0x34/0xd0
 el0_svc+0x30/0x88
 el0t_64_sync_handler+0x98/0xc0
 el0t_64_sync+0x18c/0x190
Code: 54001281 f9400260 f27df000 54000080 (b9403401)
---[ end trace 0000000000000000 ]---

I tried to validate the g_spi_dev pointer before spi_unregister_device is called, but it still ends up with a NULL pointer dereference error.

if (g_spi_dev != NULL && !g_spi_dev->dev.of_node && !g_spi_dev->dev.fwnode) {
    spi_unregister_device(g_spi_dev);
}
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005
  CM = 0, WnR = 0
user pgtable: 4k pages, 39-bit VAs, pgdp=00000000079b2000
[0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#3] PREEMPT SMP
Modules linked in: spi_ft232h(O) nrc(O-) vc4 brcmfmac snd_soc_hdmi_codec drm_display_helper cec snd_soc_core brcmutil bcm2835_codec(C) snd_compress raspberrypi_hwmon bcm2835_v4l2(C) snd_pcm_dmaengine bcm2835_isp(C) bcm2835_mmal_vchiq(C) v4l2_mem2mem videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm spi_bcm2835 snd_timer snd mc vc_sm_cma(C) uio_pdrv_genirq uio mac80211 libarc4 cfg80211 rfkill beepy_kbd(O) sharp(O) drm_dma_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_dev drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: spi_ft232h(O)]
CPU: 3 PID: 853 Comm: rmmod Tainted: G      D  C O       6.1.21-v8+ #1642
Hardware name: Raspberry Pi Zero 2 W Rev 1.0 (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kernfs_find_and_get_ns+0x28/0x80
lr : sysfs_unmerge_group+0x2c/0x70
sp : ffffffc008be3c60
x29: ffffffc008be3c60 x28: ffffff80070b5c40 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: ffffff8007aa0000
x23: 0000000000000000 x22: 0000000000000000 x21: ffffffebdec2cd18
x20: 0000000000000000 x19: ffffffebdec2cca0 x18: 0000000000000000
x17: 0000000000000000 x16: ffffffebde7d88d8 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
x11: fefefefefefefeff x10: 0000007ffffffff8 x9 : ffffffebde3b94fc
x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefefefefefeff
x5 : 0000000000000063 x4 : 0000000000000000 x3 : ffffff8002f7a880
x2 : 0000000000000000 x1 : ffffffebdec2cd18 x0 : 0000000000000000
Call trace:
 kernfs_find_and_get_ns+0x28/0x80
 sysfs_unmerge_group+0x2c/0x70
 dpm_sysfs_remove+0x38/0x78
 device_del+0xb4/0x3b8
 spi_unregister_device+0x50/0xa0
 nrc_cspi_exit+0x2c/0x1960 [nrc]
 __arm64_sys_delete_module+0x1b4/0x278
 invoke_syscall+0x4c/0x110
 el0_svc_common.constprop.3+0xfc/0x120
 do_el0_svc+0x34/0xd0
 el0_svc+0x30/0x88
 el0t_64_sync_handler+0x98/0xc0
 el0t_64_sync+0x18c/0x190
Code: aa0003f4 a9025bf5 aa0103f5 aa0203f6 (f9400400)
---[ end trace 0000000000000000 ]---