Ubuntu

Unable to handle kernel NULL pointer dereference in ppdev module

Reported by Tobin Davis on 2010-07-02
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Lee Jones
Lucid
Undecided
Unassigned
Maverick
Medium
Lee Jones
linux-fsl-imx51 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Eric Miao
Lucid
Undecided
Unassigned
Maverick
Medium
Eric Miao
linux-ti-omap4 (Ubuntu)
Medium
Lee Jones
Lucid
Undecided
Unassigned
Maverick
Medium
Lee Jones

Bug Description

During boot on a Beagleboard with latest image, the system attempts to load the parallel port drivers (no ports exist on this system), which in turn causes the driver to fail with an oops message and kernel dump (see dmesg log).

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: linux-image-omap 2.6.35.6.7
Regression: Yes
Reproducible: Yes
ProcVersionSignature: User Name 2.6.35-6.9-omap 2.6.35-rc3
Uname: Linux 2.6.35-6-omap armv7l
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
AplayDevices:
 **** List of PLAYBACK Hardware Devices ****
 card 0: omap3beagle [omap3beagle], device 0: TWL4030 twl4030-0 []
   Subdevices: 1/1
   Subdevice #0: subdevice #0
Architecture: armel
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: omap3beagle [omap3beagle], device 0: TWL4030 twl4030-0 []
   Subdevices: 1/1
   Subdevice #0: subdevice #0
Date: Fri Jul 2 16:06:43 2010
Lspci:
 Error: command ['lspci', '-vvnn'] failed with exit code 1: pcilib: Cannot open /proc/bus/pci
 lspci: Cannot find any working access method.
Lsusb:
 Bus 001 Device 004: ID 05d5:6781 Super Gate Technology Co., Ltd
 Bus 001 Device 003: ID 07a6:8511 ADMtek, Inc. ADM8511 Pegasus II Ethernet
 Bus 001 Device 002: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
ProcCmdLine: vram=12M omapfb.mode=dvi:1280x720MR-16@60 root=UUID=ca253fca-1a4b-4ede-aeb2-4c854c0d1db9 fixrtc
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.utf8
SourcePackage: linux

Tobin Davis (gruemaster) wrote :
Paul Larson (pwlars) on 2010-07-08
affects: linux (Ubuntu) → linux-ti-omap (Ubuntu)
Changed in linux-ti-omap4 (Ubuntu Maverick):
milestone: none → maverick-alpha-3
Changed in linux-ti-omap (Ubuntu Maverick):
milestone: none → maverick-alpha-3
Paul Larson (pwlars) on 2010-07-08
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Lee Jones (lag)
importance: Undecided → Medium
status: New → Triaged
Changed in linux-ti-omap (Ubuntu Maverick):
assignee: nobody → Lee Jones (lag)
importance: Undecided → Medium
status: New → Triaged
Tobin Davis (gruemaster) wrote :

Through some slow, extensive testing, I have been able to reproduce this bug on Lucid with kernel 2.6.33-502-omap by typing " sudo modprobe parport_pc" in a console. When looking at the differences between 2.6.33 and 2.6.35 kernels, I noticed ppdev was added (probably in 2.6.34) recently. While this module doesn't appear to depend on parport_pc, I have yet to figure out why parport_pc is loaded in the new image.

Adding "blacklist parport_pc" to /etc/modules.d/blacklist.conf seems to eliminate the problem, in that the system no longer tries to load that module. Not sure if this is a proper fix, but it is an easy one. The other solution is a fix from the upstream kernel, and I have not been able to find a bug report upstream yet (connection issues with kerneloops.org).

Lee Jones (lag) on 2010-07-14
Changed in linux-ti-omap (Ubuntu Maverick):
status: Triaged → In Progress
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Triaged → In Progress

omap3 in Maverick is maintained in the linux master branch, thus I'm reassigning the linux-ti-omap task to linux. ti-omap4 is maintained in it's own branch in Maverick.

affects: linux-ti-omap (Ubuntu Maverick) → linux (Ubuntu Maverick)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-9.14

---------------
linux (2.6.35-9.14) maverick; urgency=low

  [ Andy Whitcroft ]

  * ubuntu: AUFS -- add BOM and automated update script
  * ubuntu: AUFS -- update to b37c575759dc4535ccc03241c584ad5fe69e3b25

  [ John Johansen ]

  * [Config] Enable DRBD as a module

  [ Kees Cook ]

  * SAUCE: Yama: verify inode is symlink to avoid bind mounts
    - LP: #604407

  [ Leann Ogasawara ]

  * [Config] Disable CONFIG_DRM_VMWGFX (staging driver)
    - LP: #606139
  * [Config] ports: Disable CONFIG_DRM_VMWGFX (staging driver)
    - LP: #606139
  * [Config] Enable CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y
  * [Config] ports: Enable CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y

  [ Lee Jones ]

  * Stop ARM boards crashing when CUPS is loaded
    - LP: #601226

  [ Upstream Kernel Changes ]

  * perf probe: Support tracing an entry of array
  * perf probe: Support static and global variables
 -- Leann Ogasawara <email address hidden> Fri, 16 Jul 2010 14:38:17 -0700

Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Released
Lee Jones (lag) on 2010-07-22
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Fix Released
Eric Miao (eric.y.miao) on 2010-08-31
Changed in linux-mvl-dove (Ubuntu Maverick):
assignee: nobody → Eric Miao (eric.y.miao)
importance: Undecided → Medium
milestone: none → maverick-updates
Eric Miao (eric.y.miao) wrote :

This also affects Marvell Dove platforms, but can be fixed by getting a correct I/O space.

Colin Watson (cjwatson) wrote :
Download full text (44.8 KiB)

linux-mvl-dove (2.6.32-410.26) maverick; urgency=low

  [ Stefan Bader ]

  * Rebased to 2.6.32-25.43

  [ Upstream Kernel Changes ]

  * dove: make galcore built-in
    - LP: #625090
  * dove: make BMM driver built-in
    - LP: #625090
  * dove: fix incorrect bus base of macro __io()
    - LP: #601226
  * dove: use LCD external clock for videoplug board
    - LP: #625132
  * dove: fix crash issue when lcd1 enabled and the board setup doesn't
    provide mach board info
    - LP: #625132
  * dove: fix bug when clearing the needed bit when handling PMU interrupt
    - LP: #625132
  * fix VGA calibration initial value.
    - LP: #625132
  * dove: fix bug when setting the pcie port control register
    - LP: #625132
  * fix jiggling issue for high resolution in dual display.
    - LP: #625132
  * orion eth: always call the phy_scan from the resume function
    - LP: #625132
  * Enable L2WA only and remove L1WA
    - LP: #625132
  * Enable L2C way 4-7
    - LP: #625132
  * Disable Dual issue of VFP WMMX for stability
    - LP: #625132
  * dove: set the giga phy address for dove db board
    - LP: #625132
  * fix HWC32 enable make system hang while use LCD external clock.
    - LP: #625132
  * dove: use AC97 RT655 codec instead of ASoC version
    - LP: #625132

  [ Ubuntu: 2.6.32-25.43 ]

  * SAUCE: (no-up) Modularize vesafb -- fix initialization
    - LP: #611471
  * Revert "SAUCE: sync before umount to reduce time taken by ext4 umount"
    - LP: #543617, #585092
  * Revert "SAUCE: tulip: Let dmfe handle davicom on non-sparc"
    - LP: #607824
  * [Config] Added ums-cypress to udeb
    - LP: #576066
  * Revert "PCI quirk: Disable MSI on VIA K8T890 systems"
    - LP: #607824
  * Revert "PCI quirks: disable msi on AMD rs4xx internal gfx bridges"
    - LP: #607824
  * Revert "(pre-stable) Input: psmouse - reset all types of mice before
    reconnecting"
    - LP: #607824
  * Revert "jbd: jbd-debug and jbd2-debug should be writable"
    - LP: #607824
  * Revert "ext4: Make fsync sync new parent directories in no-journal
    mode"
    - LP: #615548
  * Revert "ext4: Fix compat EXT4_IOC_ADD_GROUP"
    - LP: #615548
  * Revert "ext4: Conditionally define compat ioctl numbers"
    - LP: #615548
  * Revert "ext4: restart ext4_ext_remove_space() after transaction
    restart"
    - LP: #615548
  * Revert "ext4: Clear the EXT4_EOFBLOCKS_FL flag only when warranted"
    - LP: #615548
  * Revert "ext4: Avoid crashing on NULL ptr dereference on a filesystem
    error"
    - LP: #615548
  * Revert "ext4: Use bitops to read/modify i_flags in struct
    ext4_inode_info"
    - LP: #615548
  * Revert "ext4: Show journal_checksum option"
    - LP: #615548
  * Revert "ext4: check for a good block group before loading buddy pages"
    - LP: #615548
  * Revert "ext4: Prevent creation of files larger than RLIMIT_FSIZE using
    fallocate"
    - LP: #615548
  * Revert "ext4: Remove extraneous newlines in ext4_msg() calls"
    - LP: #615548
  * Revert "ext4: init statistics after journal recovery"
    - LP: #615548
  * Revert "ext4: clean up inode bitmaps manipulation in ext4_free_inode"
    - LP: #615548
  * Revert "ext4: Do not zero out uninitialized extents beyond i_s...

Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Fix Released
Paolo Pisati (p-pisati) on 2011-06-03
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Paolo Pisati (p-pisati) on 2011-06-03
Changed in linux-fsl-imx51 (Ubuntu):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → In Progress
Changed in linux (Ubuntu Lucid):
status: New → Fix Released
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Paolo Pisati (p-pisati) wrote :

the issue was still present on imx51 when loading the parport module in case parport_pc was enabled, and disabling PARPORT_PC fixes it.

Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26

---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low

  [ Paolo Pisati ]

  * Tracking bug
    - LP: #795219
  * [Config] Disable parport_pc on fsl-imx51
    - LP: #601226

  [ Upstream Kernel Changes ]

  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
    - LP: #712723, #712737
  * can-bcm: fix minor heap overflow
    - LP: #710680
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
    - LP: #712744
  * gdth: integer overflow in ioctl
    - LP: #711797
  * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #711045
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * net: Truncate recvfrom and sendto length to INT_MAX.
    - LP: #708839
  * posix-cpu-timers: workaround to suppress the problems with mt exec
    - LP: #712609
  * sys_semctl: fix kernel stack leakage
    - LP: #712749
  * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
    - LP: #709372
  * memory corruption in X.25 facilities parsing
    - LP: #709372
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * net: clear heap allocations for privileged ethtool actions
    - LP: #771445
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
    - LP: #772543
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #772543
  * exec: make argv/envp memory visible to oom-killer
    - LP: #768408
  * next_pidmap: fix overflow condition
    - LP: #784727
  * proc: do proper range check on readdir offset
    - LP: #784727
  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #787145
  * agp: fix arbitrary kernel memory writes
    - LP: #788684
  * can: add missing socket check in can/raw release
    - LP: #788694
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
    - LP: #723945
    - CVE-2010-4258
  * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
    - LP: #731199
    - CVE-2010-4164
  * install_special_mapping skips security_file_mmap check - CVE-2010-4346
    - LP: #731971
    - CVE-2010-4346
  * econet: Fix crash in aun_incoming() - CVE-2010-4342
    - LP: #736394
    - CVE-2010-4342
  * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
    - LP: #737073
    - CVE-2010-4527
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
    - LP: #737823
    - CVE-2010-4529
  * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
    - LP: #765007...

Read more...

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers