NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/48308: User can crash machine using a USB webcam



The following reply was made to PR kern/48308; it has been noted by GNATS.

From: Dave Tyson <dtyson%anduin.org.uk@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: Mihai Chelaru <mihai.chelaru%ngnetworks.ro@localhost>, 
 kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
 netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/48308: User can crash machine using a USB webcam
Date: Tue, 05 Nov 2013 16:38:21 +0000

 On 11/04/13 19:40, Mihai Chelaru wrote:
 > The following reply was made to PR kern/48308; it has been noted by GNATS.
 >
 > From: Mihai Chelaru <mihai.chelaru%ngnetworks.ro@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: dtyson%anduin.org.uk@localhost
 > Subject: Re: kern/48308: User can crash machine using a USB webcam
 > Date: Mon, 04 Nov 2013 21:42:39 +0200
 >
 >  This is a multi-part message in MIME format.
 >  --------------090805000104090603000906
 >  Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 >  Content-Transfer-Encoding: 7bit
 >  
 >  Hi,
 >  
 >  Probably it works in 6.1 because release kernels are not compiled with 
 >  options DIAGNOSTIC, so they don't trigger that assert. I use the 
 >  attached patch for some time without any problems. It should fix your 
 >  issue too.
 >  
 >  -- 
 >  Mihai
 >  
 <patch snipped to save bandwidth>
 
 
 
 Hi Mihai,
 thanks for looking at this PR. I realised after I had posted it that
 having options DIAGNOSTIC in GENERIC triggered the assert and removing
 this enabled the webcam to work OK. However it needs to be fixed before
 NetBSD-7 is branched:-)
 
 I have applied your patch (it went on cleanly against the latest
 usb_mem.c 1.63), however the kernel still panics under GENERIC in a
 different place:
 
 panic: kernel diagnostic assertion "(!cpu_intr_p() && !cpu_softintr_p())
 || (pc-
 >pc_pool.pr_ipl != IPL_NONE || cold || panicstr != NULL)" failed: file
 "/usr/src
 /sys/kern/subr_pool.c", line 2209 pool 'pvpl' is IPL_NONE, but called
 from inter
 rupt context
 
 fatal breakpoint trap in supervisor mode
 trap type 1 code 0 eip c027fd44 cs 8 eflags 200246 cr2 bba90fd0 ilevel 4
 esp db4
 e59dc
 curlwp 0xc3b49a80 pid 0 lid 3 lowest kstack 0xdb4e3000
 
 dumping to dev 0,1 offset 8
 dump
 crash> bt
 
_KERNEL_OPT_NARCNET(c0e054fc,100,c060c458,8,0,c0e05528,8,c0a4e11c,db4e5750,c029e
 04f) at 0
 
_KERNEL_OPT_NARCNET(100,0,db4e57f8,c029e757,c0e04100,0,c0978ed2,db4e5770,c0978ed
 2,c0e04100) at 0
 
db_sifting_cmd(c0e04100,0,c0978ed2,db4e5770,c0978ed2,c0e04100,c1033000,6f40,7020
 ,d4e57a0) at db_sifting_cmd
 db_command(db4e580c,0,0,0,db4e57fc,db4e5830,db4e5824,0,c029eab1,0) at
 db_command
 +0xe3
 db_command_loop(c027fd44,0,3,c0e5f23d,1,db4e5978,4,db4e58d4,c02a1469,1)
 at db_co
 mmand_loop+0xbe
 db_trap(1,0,0,0,db4e5870,c0910010,30,10,c0810010,db4e59f8) at db_trap+0xe0
 kdb_trap(1,0,db4e5978,3,db4e3000,200246,bba90fd0,4,db4e59dc,c0c7ef43) at
 kdb_tra
 p+0x107
 trap() at trap+0x269
 --- trap (number 1) ---
 
breakpoint(c0cb5c21,c0ed9940,c0c9de88,db4e59f8,c0ecd100,0,0,db4e59ec,c09c6ddf,c0
 c9de88) at breakpoint+0x4
 
vpanic(c0c9de88,db4e59f8,db4e5a1c,c0814a0c,c0c9de88,c0c06d08,c0c9de20,c0c9df30,8
 a1,c0c7ef40) at vpanic+0x11c
 
kern_assert(c0c9de88,c0c06d08,c0c9de20,c0c9df30,8a1,c0c7ef40,c091fb94,13,c0ecd04
 0,8748763) at kern_assert+0x23
 pool_cache_get_paddr(c0ecd100,2,0,dd48d000,1000,0,0,0,401727,c41aee34)
 at pool_c
 ache_get_paddr+0xfa
 
pmap_enter_ma(c0ecd040,dd48d000,8748000,8748000,3,13,0,db4e5ae4,c0233e9b,c0ecd04
 0) at pmap_enter_ma+0xe8
 pmap_enter_default(c0ecd040,dd48d000,8748000,3,13,c41aee34,0,1,13,c0e63ca0)
 at p
 map_enter_default+0x39
 _bus_dmamem_map.clone.5(c41ad924,5,1,1000,c41ad924,5,c41ad92c,1,c4468800,1000)
 a
 t _bus_dmamem_map.clone.5+0xb9
 usb_block_allocmem(db4e5bc8,0,0,1f9f,5c,0,c4276594,18,db4e5b64,c08f7a0b)
 at usb_
 block_allocmem+0x265
 
usb_allocmem_flags(c4134020,fa0,1000,db4e5bc8,0,db4e5bdc,c02cd6ef,c4134020,fa0,1
 000) at usb_allocmem_flags+0x66
 
usb_allocmem(c4134020,fa0,1000,db4e5bc8,5000,c4276594,c4134020,dcdef0a0,c41346f0
 ,8a000) at usb_allocmem+0x2e
 
ehci_device_isoc_start(c4276594,db4e5c0c,c055473e,e0,1,c42765dc,c8,c8,c42a4d58,d
 b4e5c38) at ehci_device_isoc_start+0x1b9
 
usbd_transfer(c4276594,c49ab104,c42a4d58,c58ce900,c8,5,c09071d4,c42a4d58,c8,c42a
 4d50) at usbd_transfer+0x93
 
uvideo_stream_recv_isoc_start1(c4276594,0,0,db4e5c5c,0,c42a4d00,de205400,960,c42
 76594,c49ab104) at uvideo_stream_recv_isoc_start1+0x6a
 
uvideo_stream_recv_isoc_complete(c4276594,c42a4d58,0,c0,dcdef000,db4e5ca8,c08f7c
 28,0,0,0) at uvideo_stream_recv_isoc_complete+0x9e
 usb_transfer_complete(c4276594,4,20,a,c4276600,c8,190,1,dcdef000,c49a000c)
 at us
 b_transfer_complete+0x2ae
 ehci_idone(c4276600,4,20,a,0,0,c4134004,c4134000,c42764c8,dc8d0f00) at
 ehci_idon
 e+0x150
 
ehci_softintr(c4134020,db45e32c,db4e5d80,c05abe13,c4134020,c3b49d20,c41a8ee8,c01
 012a4,db4e0010,30) at ehci_softintr+0x194
 
usb_soft_intr(c4134020,c3b49d20,c41a8ee8,c01012a4,db4e0010,30,c3b40010,c3b40010,
 0,c3b49a80) at usb_soft_intr+0x22
 
softint_dispatch(c3b49d20,4,16250501,41985600,cb305138,150187c0,db4e5d90,db4e5be
 c,db4e5c50,0) at softint_dispatch+0xba
 crash: kvm_read(0x38, 4): invalid translation (invalid PTE)
 crash>
 
 Sorry to be the bearer of bad news :-(
 
 Cheers,
 Dave
 
 
 -- 
 ============================================
 Phone: 07805784357
 Open Source O/S: www.netbsd.org
 Caving: http://www.wirralcavinggroup.org.uk
 ============================================
 


Home | Main Index | Thread Index | Old Index