[Bug 655925] New: kernel NULL pointer dereference in bttv_open

bugzilla_noreply＠novell.com

25 Nov 2010 25 Nov '10

07:30

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c0 Summary: kernel NULL pointer dereference in bttv_open Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: kkaempf@novell.com QAContact: qa@suse.de Found By: Development Blocker: --- 2.6.37-rc2-4-default gets an OOPS when loading bttv Nov 25 08:08:18 linux-lkbf kernel: [ 39.274710] Call Trace: Nov 25 08:08:18 linux-lkbf kernel: [ 39.274720] [<ffffffff814b9eea>] mutex_lock+0x1a/0x40 Nov 25 08:08:18 linux-lkbf kernel: [ 39.274732] [<ffffffffa03b56a5>] bttv_open+0x105/0x320 [bttv] Nov 25 08:08:18 linux-lkbf kernel: [ 39.274759] [<ffffffffa0389651>] v4l2_open+0xe1/0x100 [videodev] Nov 25 08:08:18 linux-lkbf kernel: [ 39.274766] [<ffffffff8114b59e>] chrdev_open+0xce/0x200 Looking at drivers/media/video/bt8xx/bttv-driver.c:bttv_open() its rather obvious: /* allocate per filehandle data */ fh = kmalloc(sizeof(*fh), GFP_KERNEL); if (unlikely(!fh)) return -ENOMEM; file->private_data = fh; mutex_lock(&fh->cap.vb_lock); It dereferences cap from fh with fh being uninitialized. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

26 Nov 26 Nov

13:03

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c1 Jiri Slaby changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |jslaby@novell.com InfoProvider| |bphilips@novell.com --- Comment #1 from Jiri Slaby 2010-11-26 13:03:55 UTC --- Brandon, do you still work on v4l? Could you look into that? It should be trivial. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14 Dec 14 Dec

00:31

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c2 --- Comment #2 from Brandon Philips 2010-12-14 00:31:47 UTC --- Created an attachment (id=404630) --> (http://bugzilla.novell.com/attachment.cgi?id=404630) bttv-fix-locking-for-btv-init-variable.patch Can you test this patch? I can build you are Kernel if needed. Discussion upstream: https://lkml.org/lkml/2010/12/12/62 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

00:32

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c Brandon Philips changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bphilips@novell.com AssignedTo|kernel-maintainers@forge.pr |bphilips@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

00:32

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c Brandon Philips changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|bphilips@novell.com |kkaempf@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15 Dec 15 Dec

09:06

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c3 Klaus Kämpf changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|kkaempf@novell.com | --- Comment #3 from Klaus Kämpf 2010-12-15 09:06:33 UTC --- Sorry, I am on Factory and kernel building fails for me :-/ Can you point me to a pre-build kernel (x86_64) in the buildservice ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17 Dec 17 Dec

21:30

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c4 --- Comment #4 from Klaus Kämpf 2010-12-17 21:30:53 UTC --- (In reply to comment #3)

...

Sorry, I am on Factory and kernel building fails for me :-/ To be precise, "make cloneconfig" fails with

GEN /usr/src/build/Makefile Cloning configuration file /proc/config.gz scripts/kconfig/conf: invalid option -- 'D' but "make oldconfig" works - going to rebuild the bttv module now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

21:59

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c5 --- Comment #5 from Klaus Kämpf 2010-12-17 21:59:13 UTC --- Hmm, looks like /usr/share/doc/packages/kernel-source/README.SUSE is completely out of date :-/ The above patch indeed fixes the OOPS and makes one camera (usb) working. But I cannot get the PCI TV Card to work (was ok with previous kernels) and I see Dec 17 22:48:40 linux-lkbf kernel: [ 117.989465] do_general_protection: 3 callbacks suppressed Dec 17 22:48:40 linux-lkbf kernel: [ 117.989468] xawtv[5202] general protection ip:42b440 sp:7fffb611ce68 error:0 in xawtv[400000+3f000] in /var/log/messages -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22:03

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c6 --- Comment #6 from Klaus Kämpf 2010-12-17 22:03:51 UTC --- More evidence: Starting xawtv a second time blocks, pressing ctrl-c crashes. Console output: This is xawtv-3.95, running on Linux/x86_64 (2.6.37-rc5-12-default) xinerama 0: 1920x1080+0+0 WARNING: No DGA direct video mode for this display. /dev/video0 [v4l2]: no overlay support v4l-conf had some trouble, trying to continue anyway ioctl: VIDIOC_G_STD(std=0x652100 [PAL_M,NTSC_M_JP,SECAM_B,SECAM_G,SECAM_K1,SECAM_L]): Invalid argument IRQ's not enabled, falling back to busy waits: 2 0 ioctl: VIDIOC_S_STD(std=0x0 []): Invalid argument v4l2: oops: select timeout ^Clibv4l2: error dequeuing buf: Interrupted system call v4l2: read: Interrupted system call Segmentation fault -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22:06

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c7 Brandon Philips changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |kkaempf@novell.com --- Comment #7 from Brandon Philips 2010-12-17 22:06:52 UTC --- Mauro posted a new patch that fixes the locking in a different manner. Can you test that one? https://lkml.org/lkml/2010/12/15/348 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22:13

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c8 --- Comment #8 from Klaus Kämpf 2010-12-17 22:13:41 UTC --- I'll try the new patch in a moment. Locking seems indeed still wrong since unplugging the USB cam (keeping the PCI TV card) lets xawtv run. Also the number of consumers of a single bttv device matters. Having Skype and xawtv open also makes xawtv fail. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22:19

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c9 --- Comment #9 from Brandon Philips 2010-12-17 22:19:33 UTC --- (In reply to comment #8)

...

I'll try the new patch in a moment.

OK. Give that a shot and let me know if the issue resolves. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22:31

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c10 Klaus Kämpf changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|kkaempf@novell.com | --- Comment #10 from Klaus Kämpf 2010-12-17 22:31:56 UTC --- Good news. The patch from comment #7 is fine. No oopses, no crashes, no locking issues - even with multiple camera devices and multiple consumers. Thanks ! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13 Jan 13 Jan

05:06

New subject: [Bug 655925] kernel NULL pointer dereference in bttv_open

https://bugzilla.novell.com/show_bug.cgi?id=655925 https://bugzilla.novell.com/show_bug.cgi?id=655925#c11 Brandon Philips changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |FIXED --- Comment #11 from Brandon Philips 2011-01-13 05:06:34 UTC --- Fixed in 2.6.37 final so closing as Fixed for 11.4. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

4859

Age (days ago)

4908

Last active (days ago)

List overview

Download

13 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 655925] New: kernel NULL pointer dereference in bttv_open

tags

participants (1)