On 12/30/2010 08:34 AM, Mario 'BitKoenig' Holbe wrote: > On Wed, Dec 29, 2010 at 08:37:10PM -0600, Larry Finger wrote: >> No, don't bother. I do have a different request. The byte counts for my 32-bit >> system do not match yours. Could you please use the following command to find >> the instructions that are failing? >> >> objdump -l -d drivers/char/hw_random/core.o | less >> >> Use the search to find the start of hwrng_register, then add 0x4c to the >> starting address. Once I see hte instruction that is failing, I should be able >> to find where the failure occurs. > > Alright, here we go... > > [ 30.012695] BUG: unable to handle kernel paging request at 4b28f458 > [ 30.012708] IP: [<f90703cc>] hwrng_register+0x4c/0x139 [rng_core] > > 00000380 <hwrng_register>: > hwrng_register(): > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:299 > 380: 56 push %esi > 381: 53 push %ebx > ... > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:312 > 3c6: 8b 76 1c mov 0x1c(%esi),%esi > 3c9: 83 ee 1c sub $0x1c,%esi > prefetch(): > /tmp/1/linux-source-2.6.37-rc7/arch/x86/include/asm/processor.h:837 > 3cc: 8b 46 1c mov 0x1c(%esi),%eax > 3cf: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi > hwrng_register(): > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:312 > 3d3: 81 fe f8 ff ff ff cmp $0xfffffff8,%esi > 3d9: 75 d4 jne 3af <hwrng_register+0x2f> > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:319 > > 312 list_for_each_entry(tmp, &rng_list, list) { > 313 if (strcmp(tmp->name, rng->name) == 0) > 314 goto out_unlock; > 315 } > > This is btw. the same data that is accessed in the cat rng_available > crash via hwrng_attr_available_show(): > > [ 389.303538] BUG: unable to handle kernel paging request at 288dcb5b > [ 389.303553] IP: [<f8dda34c>] hwrng_attr_available_show+0x5c/0x90 [rng_core] > > 000002f0 <hwrng_attr_available_show>: > hwrng_attr_available_show(): > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:236 > 2f0: 55 push %ebp > ... > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:245 > 346: 8b 5b 1c mov 0x1c(%ebx),%ebx > 349: 83 eb 1c sub $0x1c,%ebx > prefetch(): > /tmp/1/linux-source-2.6.37-rc7/arch/x86/include/asm/processor.h:837 > 34c: 8b 43 1c mov 0x1c(%ebx),%eax > 34f: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi > hwrng_attr_available_show(): > /tmp/1/linux-source-2.6.37-rc7/drivers/char/hw_random/core.c:245 > > 245 list_for_each_entry(rng, &rng_list, list) { > 246 strncat(buf, rng->name, PAGE_SIZE - ret - 1); > 247 ret += strlen(rng->name); > 248 strncat(buf, " ", PAGE_SIZE - ret - 1); > 249 ret++; > 250 } The head of the rng_list is damaged. It is initialized at compile time and should be OK. To help discover the order in which hwrng_register() is called, apply the attached patch. Run it once with commit 84c164a34ffe67908a installed, and once with it reverted. Thanks, Larry
Index: wireless-testing/drivers/char/hw_random/core.c =================================================================== --- wireless-testing.orig/drivers/char/hw_random/core.c +++ wireless-testing/drivers/char/hw_random/core.c @@ -49,11 +49,11 @@ static struct hwrng *current_rng; -static LIST_HEAD(rng_list); static DEFINE_MUTEX(rng_mutex); static int data_avail; static u8 rng_buffer[SMP_CACHE_BYTES < 32 ? 32 : SMP_CACHE_BYTES] __cacheline_aligned; +static LIST_HEAD(rng_list); static inline int hwrng_init(struct hwrng *rng) { @@ -305,6 +305,9 @@ int hwrng_register(struct hwrng *rng) (rng->data_read == NULL && rng->read == NULL)) goto out; + printk(KERN_INFO "Calling hwrng_register\n"); + dump_stack(); + mutex_lock(&rng_mutex); /* Must not register two RNGs with the same name. */