Spixmaster
commented
1 year ago I think I have the same issue on Arch Linux. It builds but does not work. When starting, not even an error is displayed in the SystemD service.
Closed dexter2000 closed 1 year ago
Spixmaster
commented
1 year ago I think I have the same issue on Arch Linux. It builds but does not work. When starting, not even an error is displayed in the SystemD service.
tomaspinho
commented
1 year ago Hey @dexter2000 and @Spixmaster Would you be able to test the following PR? https://github.com/tomaspinho/rtl8821ce/pull/332
Spixmaster
commented
1 year ago @tomaspinho Thank you very much for your effort. I might try it later. Currently, I am not able too.
Spixmaster
commented
1 year ago From user "reclipse" from the AUR page.
@tomaspinho it does work but when rebooting computer starts with a blank screen and caps lock light keeps blinking. Force shutdown by holding the power button and then starting the computer again boots the OS normally.
tomaspinho
commented
1 year ago We'll need a kernel call trace after a reboot to see why it's breaking at that stage. Fixing this also goes well beyond my kernel module development capabilities, so it may take a while.
Spixmaster
commented
1 year ago We'll need a kernel call trace after a reboot to see why it's breaking at that stage. Fixing this also goes well beyond my kernel module development capabilities, so it may take a while.
Could you perhaps link a resource or describe yourself how to obtain the information you need as I do not know myself and could not find something promising on my own after some research.
tomaspinho
commented
1 year ago We'll need a kernel call trace after a reboot to see why it's breaking at that stage. Fixing this also goes well beyond my kernel module development capabilities, so it may take a while.
Could you perhaps link a resource or describe yourself how to obtain the information you need as I do not know myself and could not find something promising on my own after some research.
Sure, after a reboot crash, you should have logs in your dmesg/journalctl :)
a1akris
commented
1 year ago Here are panic logs from my system after upgrading it to linux-6.5.3.arch1-1.
[ 7.013615] detected buffer overflow in __fortify_strlen
[ 7.013674] ------------[ cut here ]------------
[ 7.013675] kernel BUG at lib/string_helpers.c:1031!
[ 7.013683] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 7.013710] CPU: 9 PID: 368 Comm: (udev-worker) Tainted: G OE 6.5.3-arch1-1 #1 ed5b3b894d0aeb37298a77837232ca9b353cc27d
[ 7.013746] Hardware name:
[ 7.013768] RIP: 0010:fortify_panic+0x13/0x20
[ 7.013788] Code: 41 5d e9 a0 8c 76 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 fe 48 c7 c7 40 1d 88 bd e8 6d ac b1 ff <0f> 0b 66 66 2e 0f 1f 84 0
0 00 00 00 00 90 90 90 90 90 90 90 90 90
[ 7.013833] RSP: 0018:ffffa969832c3828 EFLAGS: 00010246
[ 7.013854] RAX: 000000000000002c RBX: ffffa969848bd000 RCX: 0000000000000000
[ 7.013876] RDX: 0000000000000000 RSI: ffff8d077f8616c0 RDI: ffff8d077f8616c0
[ 7.013898] RBP: ffff8d0493e63770 R08: 0000000000000000 R09: ffffa969832c36d0
[ 7.013921] R10: 0000000000000003 R11: ffffffffbe0ca068 R12: ffffa9698059d000
[ 7.013943] R13: 0000000000000000 R14: 0000000000000004 R15: 0000000000000000
[ 7.013966] FS: 00007f9f54654480(0000) GS:ffff8d077f840000(0000) knlGS:0000000000000000
[ 7.013993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.014015] CR2: 00007f9f5252dfe0 CR3: 00000001129d0000 CR4: 0000000000350ee0
[ 7.014041] Call Trace:
[ 7.014057] <TASK>
[ 7.014071] ? die+0x36/0x90
[ 7.014089] ? do_trap+0xda/0x100
[ 7.014107] ? fortify_panic+0x13/0x20
[ 7.014127] ? do_error_trap+0x6a/0x90
[ 7.014145] ? fortify_panic+0x13/0x20
[ 7.014165] ? exc_invalid_op+0x50/0x70
[ 7.014186] ? fortify_panic+0x13/0x20
[ 7.014206] ? asm_exc_invalid_op+0x1a/0x20
[ 7.014232] ? fortify_panic+0x13/0x20
[ 7.014251] ? fortify_panic+0x13/0x20
[ 7.014269] rtw_txpwr_lmt_add_with_nlen+0xb1/0x2c0 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.014558] rtw_txpwr_lmt_add+0x50/0x70 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.014744] phy_set_tx_power_limit+0x36b/0x380 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.014961] odm_config_bb_txpwr_lmt_8821c+0x16/0x20 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.015120] odm_read_and_config_mp_8821c_txpwr_lmt+0x3f/0x60 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.015267] odm_config_rf_with_header_file+0x53/0x80 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.015424] phy_load_tx_power_limit+0xa3/0x590 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.015596] ? PHY_TxPowerByRateConfiguration+0x1d7/0x270 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.015767] phy_load_tx_power_ext_info+0x7a/0x80 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.015930] rtw_hal_dm_init+0x3a/0x50 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.016105] rtw_init_drv_sw+0x16a/0x190 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.016282] rtw_pci_primary_adapter_init+0x152/0x320 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.016448] ? srso_return_thunk+0x5/0x10
[ 7.016470] rtw_drv_init+0x674/0x6e0 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.016638] local_pci_probe+0x45/0xa0
[ 7.016661] pci_device_probe+0xc1/0x260
[ 7.016678] ? sysfs_do_create_link_sd+0x6e/0xe0
[ 7.016703] really_probe+0x19e/0x3e0
[ 7.016722] ? __pfx___driver_attach+0x10/0x10
[ 7.016739] __driver_probe_device+0x78/0x160
[ 7.016759] driver_probe_device+0x1f/0x90
[ 7.016778] __driver_attach+0xd2/0x1c0
[ 7.016795] bus_for_each_dev+0x88/0xd0
[ 7.016815] bus_add_driver+0x116/0x220
[ 7.016833] driver_register+0x59/0x100
[ 7.016852] ? __pfx_rtw_drv_entry+0x10/0x10 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.016986] rtw_drv_entry+0x4c/0xff0 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.017118] ? __pfx_rtw_drv_entry+0x10/0x10 [8821ce fd0bfe86ec751efa814455fc5e8c8957a11ab712]
[ 7.017267] do_one_initcall+0x5d/0x320
[ 7.017290] do_init_module+0x60/0x240
[ 7.017311] __do_sys_init_module+0x17f/0x1b0
[ 7.017339] do_syscall_64+0x60/0x90
[ 7.017361] ? srso_return_thunk+0x5/0x10
[ 7.017384] ? syscall_exit_to_user_mode+0x2b/0x40
[ 7.018681] ? srso_return_thunk+0x5/0x10
[ 7.019881] ? do_syscall_64+0x6c/0x90
[ 7.020865] ? srso_return_thunk+0x5/0x10
[ 7.021757] ? ksys_read+0x6f/0xf0
[ 7.022612] ? srso_return_thunk+0x5/0x10
[ 7.023446] ? syscall_exit_to_user_mode+0x2b/0x40
[ 7.024278] ? srso_return_thunk+0x5/0x10
[ 7.025041] ? do_syscall_64+0x6c/0x90
[ 7.025741] ? srso_return_thunk+0x5/0x10
[ 7.026403] ? ksys_read+0x6f/0xf0
[ 7.027089] ? srso_return_thunk+0x5/0x10
[ 7.027727] ? syscall_exit_to_user_mode+0x2b/0x40
[ 7.028313] ? srso_return_thunk+0x5/0x10
[ 7.028912] ? do_syscall_64+0x6c/0x90
[ 7.029504] ? srso_return_thunk+0x5/0x10
[ 7.029982] ? exc_page_fault+0x7f/0x180
[ 7.030390] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 7.030806] RIP: 0033:0x7f9f54511f5e
[ 7.031222] Code: 48 8b 0d d5 bd 12 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c
3 48 8b 0d a2 bd 12 00 f7 d8 64 89 01 48
[ 7.031656] RSP: 002b:00007ffc9970a4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
[ 7.032088] RAX: ffffffffffffffda RBX: 0000559c7452cf30 RCX: 00007f9f54511f5e
[ 7.032525] RDX: 00007f9f54bea343 RSI: 00000000004fa55d RDI: 00007f9f515fe010
[ 7.032961] RBP: 00007f9f54bea343 R08: 00000000004da3f0 R09: 0000000000000000
[ 7.033400] R10: 0000559c7454fc10 R11: 0000000000000246 R12: 0000000000020000
[ 7.033847] R13: 0000559c7452bdc0 R14: 0000559c7452cf30 R15: 0000559c7452d2f0
[ 7.034300] </TASK>
[ 7.034743] Modules linked in: joydev snd_pcm mousedev snd_rn_pci_acp3x snd_timer snd_acp_config irqbypass snd snd_soc_acpi vfat crct10dif_pclmul ccp fat crc32_pclmul 8821
ce(OE+) soundcore snd_pci_acp3x polyval_clmulni polyval_generic btusb gf128mul btrtl ghash_clmulni_intel sha512_ssse3 btbcm aesni_intel ucsi_acpi hp_wmi btintel typec_ucsi sp
5100_tco sparse_keymap crypto_simd btmtk hid_multitouch cryptd rapl bluetooth cfg80211 platform_profile pcspkr wmi_bmof typec k10temp i2c_piix4 roles ecdh_generic i2c_hid_acp
i wireless_hotkey i2c_hid amd_pmc rfkill mac_hid vboxnetflt(OE) vboxnetadp(OE) vboxdrv(OE) pkcs8_key_parser dm_multipath fuse loop dm_mod ip_tables x_tables ext4 crc32c_gener
ic crc16 mbcache jbd2 rtsx_pci_sdmmc serio_raw mmc_core atkbd nvme libps2 vivaldi_fmap nvme_core crc32c_intel xhci_pci rtsx_pci nvme_common xhci_pci_renesas i8042 serio amdgp
u i2c_algo_bit drm_ttm_helper ttm video wmi drm_suballoc_helper amdxcp drm_buddy gpu_sched drm_display_helper cec
[ 7.038141] ---[ end trace 0000000000000000 ]---
[ 7.039300] RIP: 0010:fortify_panic+0x13/0x20
[ 7.040474] Code: 41 5d e9 a0 8c 76 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 fe 48 c7 c7 40 1d 88 bd e8 6d ac b1 ff <0f> 0b 66 66 2e 0f 1f 84 0
0 00 00 00 00 90 90 90 90 90 90 90 90 90
[ 7.041448] RSP: 0018:ffffa969832c3828 EFLAGS: 00010246
[ 7.042507] RAX: 000000000000002c RBX: ffffa969848bd000 RCX: 0000000000000000
[ 7.043393] RDX: 0000000000000000 RSI: ffff8d077f8616c0 RDI: ffff8d077f8616c0
[ 7.044452] RBP: ffff8d0493e63770 R08: 0000000000000000 R09: ffffa969832c36d0
[ 7.045506] R10: 0000000000000003 R11: ffffffffbe0ca068 R12: ffffa9698059d000
[ 7.046487] R13: 0000000000000000 R14: 0000000000000004 R15: 0000000000000000
[ 7.047641] FS: 00007f9f54654480(0000) GS:ffff8d077f680000(0000) knlGS:0000000000000000
[ 7.048706] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.049794] CR2: 0000559c748edb98 CR3: 00000001129d0000 CR4: 0000000000350ee0The version of the driver is from the latest master as of today 0d2c745d7ef023bccd63cf79e98556f0b5a39024
The same version works fine with linux 6.4.12.arch1-1.
6.5.* kernels introduced even more issues than the breakage of this driver. I cannot even power off my laptop with them. Maybe, everything will be automagically fixed in 6.6.* :)
Spixmaster
commented
1 year ago @a1akris The issue with shutting down was also reported on the AUR page and is related to this driver.
a1akris
commented
1 year ago It seems like #if (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 5, 1)) doesn't work either for arch or just for me. I removed strlen from rtw_txpwr_lmt_add_with_nlen unconditonally and this fixed the buffer overrun issue. As far as I can tell this [Edit: it's actually needed to prevent the buffer overrun while doing the strlen isn't really required there, it is used only for the optimization to skip memcmp if regd names are of different sizesmemcmp when strlen(ent->regd_name) < nlen but this is a minor problem].
The root cause of the buffer overrun is some code that sets non-zero terminated strings to nodes from txpwr_lmt_list, however, because regd_name is a flexible struct field and because everything related to txpwr_lmt_ent is heavily obfuscated behind tons of macros and drvobjs I failed to backtrace where it happens exactly.
And yes, now I have the poweroff issue with blinking Caps lock and it is related to this driver. Nothing in the dmesg logs though:
kernel: EXT4-fs (nvme0n1p4): unmounting filesystem 4ca81d8e-aa2b-4d62-b11a-5892fd72c142.
kernel: EXT4-fs (nvme0n1p5): unmounting filesystem 0b0dd0ce-a296-4767-960a-0440bb9d587a.
systemd-shutdown[1]: Syncing filesystems and block devices.
systemd-shutdown[1]: Sending SIGTERM to remaining processes...
systemd-journald[325]: Received SIGTERM from PID 1 (systemd-shutdow).@Spixmaster FYI, looks like Realtek's rtw_8821* drivers started to work fine on linux-6.5.3.arch1-1. I fell back to them for now.
dexter2000
commented
1 year ago ok more data :-) I too am seeing the no shutdown/restart issue so I rebooted then removed the module then bang another buffer overflow:
modprobe -rv 8821ce
Sep 18 18:59:37 F39dex kernel: detected buffer overflow in strlen
Sep 18 18:59:37 F39dex kernel: ------------[ cut here ]------------
Sep 18 18:59:37 F39dex kernel: kernel BUG at lib/string_helpers.c:1031!
Sep 18 18:59:37 F39dex kernel: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
Sep 18 18:59:37 F39dex kernel: CPU: 6 PID: 2116 Comm: modprobe Tainted: G U W O 6.5.3-300.fc39.x86_64 #1
Sep 18 18:59:37 F39dex kernel: Hardware name: HP HP Laptop 15s-fq2xxx/87FE, BIOS F.07 12/01/2020
Sep 18 18:59:37 F39dex kernel: RIP: 0010:fortify_panic+0x13/0x20
Sep 18 18:59:37 F39dex kernel: Code: 41 5d c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 fe 48 c7 c7 30 a9 94 96 e8 0d 3b 9a ff <0f> 0b>
Sep 18 18:59:37 F39dex kernel: RSP: 0018:ffffb6b78654bd38 EFLAGS: 00010246
Sep 18 18:59:37 F39dex kernel: RAX: 0000000000000023 RBX: ffffb6b780451000 RCX: 0000000000000000
Sep 18 18:59:37 F39dex kernel: RDX: 0000000000000000 RSI: ffffa013f7ba1540 RDI: ffffa013f7ba1540
Sep 18 18:59:37 F39dex kernel: RBP: ffffb6b780451b00 R08: 0000000000000000 R09: ffffb6b78654bbe0
Sep 18 18:59:37 F39dex kernel: R10: 0000000000000003 R11: ffffffff97345d28 R12: ffffb6b780451000
Sep 18 18:59:37 F39dex kernel: R13: ffffb6b780459000 R14: ffffa0129c759770 R15: ffffa0129c759be0
Sep 18 18:59:37 F39dex kernel: FS: 00007fdb2e56e740(0000) GS:ffffa013f7b80000(0000) knlGS:0000000000000000
Sep 18 18:59:37 F39dex kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Sep 18 18:59:37 F39dex kernel: CR2: 00005587e5e18ee0 CR3: 000000016ca64002 CR4: 0000000000f70ee0
Sep 18 18:59:37 F39dex kernel: PKRU: 55555554
Sep 18 18:59:37 F39dex kernel: Call Trace:
Sep 18 18:59:37 F39dex kernel:
This patch fixes this but may introduce a memory leak, but if your shutting down/restarting I'll take it :-)
commit a073cbc657c9561c400e385c2811890d64b4c564 (HEAD -> Fix-shutdown-overflow2)
Author: dexter <dexter@nostromo4.home>
Date: Mon Sep 18 19:50:44 2023 +0100
Fix shutdown/restart buffer overflow
diff --git a/core/rtw_rf.c b/core/rtw_rf.c
index c916c9f..6d90613 100644
--- a/core/rtw_rf.c
+++ b/core/rtw_rf.c
@@ -1182,7 +1182,7 @@ void rtw_txpwr_lmt_list_free(struct rf_ctl_t *rfctl)
if (ent->regd_name == rfctl->regd_name)
rfctl->regd_name = regd_str(TXPWR_LMT_NONE);
rtw_list_delete(&ent->list);
- rtw_vmfree((u8 *)ent, sizeof(struct txpwr_lmt_ent) + strlen(ent->regd_name) + 1);
+ rtw_vmfree((u8 *)ent, sizeof(struct txpwr_lmt_ent));
}
rfctl->txpwr_regd_num = 0;
Errm I should probably put some kernel version guards around this :-) test,test,test I just tried the rtw88_8821ce and its junk it cant even connect for me so this is all I got. I'm going to send a report to upstream (linux-wireless) and see the responce if any ...
a1akris
commented
1 year ago Okay, so it seems like I've come up with a true fix. Check it out: https://github.com/tomaspinho/rtl8821ce/pull/334
dexter2000
commented
1 year ago @a1akris #334 yes tested & working & much more robust, well done.
I updated to F39 beta the other day at time of writing this came with kernel 6.5.1, the module built but died at boot with this trace in logs. ` kernel: detected buffer overflow in __fortify_strlen Sep 07 01:05:55 F39dex kernel: ------------[ cut here ]------------ Sep 07 01:05:55 F39dex kernel: kernel BUG at lib/string_helpers.c:1031!
Call Trace: Sep 07 01:05:55 F39dex kernel:
Sep 07 01:05:55 F39dex kernel: ? die+0x36/0x90
Sep 07 01:05:55 F39dex kernel: ? do_trap+0xda/0x100
Sep 07 01:05:55 F39dex kernel: ? fortify_panic+0x13/0x20
Sep 07 01:05:55 F39dex kernel: ? do_error_trap+0x6a/0x90
Sep 07 01:05:55 F39dex kernel: ? fortify_panic+0x13/0x20
Sep 07 01:05:55 F39dex kernel: ? exc_invalid_op+0x50/0x70
Sep 07 01:05:55 F39dex kernel: ? fortify_panic+0x13/0x20
Sep 07 01:05:55 F39dex kernel: ? asm_exc_invalid_op+0x1a/0x20
Sep 07 01:05:55 F39dex kernel: ? fortify_panic+0x13/0x20
Sep 07 01:05:55 F39dex kernel: ? fortify_panic+0x13/0x20
Sep 07 01:05:55 F39dex kernel: rtw_txpwr_lmt_add_with_nlen+0xb1/0x2c0 [8821ce]
Sep 07 01:05:55 F39dex kernel: rtw_txpwr_lmt_add+0x50/0x70 [8821ce]
Sep 07 01:05:55 F39dex kernel: phy_set_tx_power_limit+0x36b/0x380 [8821ce]
Sep 07 01:05:55 F39dex kernel: odm_config_bb_txpwr_lmt_8821c+0x16/0x20 [8821ce]
Sep 07 01:05:55 F39dex kernel: odm_read_and_config_mp_8821c_txpwr_lmt+0x3f/0x60 [8821ce]
Sep 07 01:05:55 F39dex kernel: odm_config_rf_with_header_file+0x53/0x80 [8821ce]
Sep 07 01:05:55 F39dex kernel: phy_load_tx_power_limit+0xa3/0x590 [8821ce]
Sep 07 01:05:55 F39dex kernel: ? PHY_TxPowerByRateConfiguration+0x1d7/0x270 [8821ce]
Sep 07 01:05:55 F39dex kernel: phy_load_tx_power_ext_info+0x7a/0x80 [8821ce]
Sep 07 01:05:55 F39dex kernel: rtw_hal_dm_init+0x3a/0x50 [8821ce]
Sep 07 01:05:55 F39dex kernel: rtw_init_drv_sw+0x16a/0x190 [8821ce]
Sep 07 01:05:55 F39dex kernel: rtw_pci_primary_adapter_init+0x152/0x320 [8821ce]
Sep 07 01:05:55 F39dex kernel: rtw_drv_init+0x674/0x6e0 [8821ce]
Sep 07 01:05:55 F39dex kernel: local_pci_probe+0x42/0xa0
`
after some head scratching/research :=) I came up with this patch its not production ready but may get someone up & running as in
my case.
commit 0d0570effd12ae17c2c783c945e46e1154d5e96d (HEAD -> Fix-6.5.1) Author: dexter dexter@nostromo4.home Date: Sat Sep 9 00:14:34 2023 +0100
diff --git a/core/rtw_rf.c b/core/rtw_rf.c index f5cc458..6a130f7 100644 --- a/core/rtw_rf.c +++ b/core/rtw_rf.c @@ -1050,8 +1050,7 @@ void rtw_txpwr_lmt_add_with_nlen(struct rf_ctl_t rfctl, const char regd_name, ent = LIST_CONTAINOR(cur, struct txpwr_lmt_ent, list); cur = get_next(cur);