On Thu, Mar 30, 2006 at 01:37:35AM +0200, Duncan Sands wrote: > Hi Pete, > > This looks like something may be of interest for you. In the fresh kernel > > we shipped (2.6.15 with no relevant patches), modem cannot get its firmware, > > and eventually ends with this: > > > > EIP is at firmware_data_write+0xfe/0x152 > > Process nash-hotplug (pid: 307, threadinfo=c1678000 task=c1725000) > > [<c0228d84>] firmware_data_write+0x0/0x152 [<c018775e>] write+0xba/0xde > > [<c01876a4>] write+0x0/0xde [<c0152b9b>] vfs_write+0xa1/0x140 > > [<c01530a3>] sys_write+0x3c/0x63 [<c0102bc1>] syscall_call+0x7/0xb > > > > Ref. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187299 > > > > What in the world is nash-hotplug? I thought we used modem_run. > > Sorry, I have no clue about these things... Nobody uses USB connected > > modems here, it's all Ethernet. > > this already came up on the mailing list ([email protected] - subscription > only, so not CC'd), but hasn't been resolved yet. Nowadays the modem can load > firmware by itself, using the kernel's drivers/base/firmware* stuff - > modem_run > is not needed any more. I'm guessing that nash-hotplug is redhat's tool for > doing > hotplug from an initrd. By the way, where can I get hold of redhat's kernel > source? > In my version of firmware_class.c, I see: > > new_size = ALIGN(min_size, PAGE_SIZE); > ... > fw_priv->alloc_size = new_size; > ... > if (fw_priv->fw->data) { > memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size); > vfree(fw_priv->fw->data); > } <=== line 231 > fw_priv->fw->data = new_data; > BUG_ON(min_size > fw_priv->alloc_size); <=== line 233 > return 0; > > The BUG was reported at line 231. The BUG_ON at line 233 is the only one in > this > file. This is not part of firmware_data_write, it is part of > fw_realloc_buffer; > however firmware_data_write is the only user of this static function, so most > likely > gcc folded it into firmware_data_write. Based on the code in the oops, it is > indeed > this one that fired. It looks like that, logically speaking, BUG_ON can > never fire, > except perhaps if min_size = offset + count is negative (so why is it > there?). The > value of min_size seems to be 00061000, stored in eax. I can't immediately > see what > fw_priv->alloc_size is.
Looks like a problem which was fixed in 2.6.16.1: http://kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commitdiff;h=048eb7e760ef41bcfef09bbd223f18379d260c2c (and you are apparently looking at the source where this bug is already fixed).
pgpNpVSwHZVK4.pgp
Description: PGP signature
