Hardy: cx88 NULL pointer dereference

haver@grobi:~$ lsb_release -rd
Description: Ubuntu hardy (development branch)
Release: 8.04

The system this occurs on I already described here: https://bugs.launchpad.net/ubuntu/+bug/212226

The NULL pointer access is happening when accessing the list in
snd_device_new(). Adding a mutex when modifing the list is fixing this
problem.

I would be happy if someone could take my patch, and show it to the appropriate persons so that the problem can get fixed quickly. The patch is against the latest linux git, but the problem it is in the Ubuntu alsa-driver package too.

You need corresponding fixes in snd_device_free(). Good catch!

Daniel, I assume you meant the corresponding fixes for snd_device_disconnect() were missing as it looks like Frank already had the fixes for snd_device_free() incorporated. I'm attaching an updated patch. I also added two additional mutex_unlock() calls in snd_device_register() that were missing from the original patch from Frank.

Frank care to test this newer patch and verify it still resolves the kernel oops you were seeing. I can then nudge the kernel team to get this in before Hardy final. Thanks.

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy-lum.git;a=commit;h=607ab6f78fa5d51b4dab72d218455a858c499c6f

I just tried out the modified patch and it still works fine for me. I am looking forward seeing the new kernel having this issue resolved. Thanks.

Hey Frank,

I believe I patched my alsa kernel module, compiled, and installed it. But it's not fixing the issue for me. I am not sure if I did the process correctly. How did you get your system patched up?? Thanks in advance!

Hi Juan,

I had some trouble before I found a way to patch the module. First I thought that I could compile the modules in the kernel tree, but I figured out that Ubuntu seems to build the alsa-modules separately. I tried the official way with make-kpkg for building those modules, but I failed. I commented this in:
     https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/204698.

Finally I used the already installed alsa-sources, configured it myself, build it myself, backuped the appropriate .ko file e.g. snd.ko and replaced it with my version. I also added a printk("Modified ..."); to the code to see that my module was indeed taken ;-), which I deleted of course from the patch.

cd /usr/src/modules/alsa-driver*
sudo ./configure --with-kernel=/usr/src/linux-headers-$(uname -r)
sudo make

Frank

Frank,

Thanks for the pointers! That's similar to what I did, but I am sure I made a mistake somewhere. I'll try it soon. Thanks

Tried the 2.6.24-16 kernel, still has a a null pointer dereference.

syslog attached.

Can someone try a test version of LUM with Frank's patch?

wget http://launchpadlibrarian.net/13408199/linux-ubuntu-modules-2.6.24-16-generic_2.6.24-16.23ubuntu1_`uname -m`.deb
sudo dpkg -i linux-ubuntu-modules-2.6.24-16-generic_2.6.24-16.23ubuntu1_`uname -m`.deb
sudo reboot

I don't think this is ultimately the correct patch, but it may at least allow you to boot and use your audio device.

Note that this test version comes from my PPA: https://launchpad.net/~timg-tpi/+archive

Your wget source leads to a 404 for my system as
http://launchpadlibrarian.net/13408199/linux-ubuntu-modules-2.6.24-16-generic_2.6.24-16.23ubuntu1_x86_64.deb
does not exist.
Used http://ppa.launchpad.net/timg-tpi/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.24/linux-ubuntu-modules-2.6.24-16-generic_2.6.24-16.23ubuntu1_amd64.deb instead.

For the HVR-1300:
The oops count drops from two to one, hal fails to initialize resulting neither sound nor network is available. The large time-lag has been reeinstated.

There might be a different solution. Could someone please try the lum modules from:
https://launchpad.net/~stefan-bader-canonical/+archive
Maybe the corruption is not a locking problem, but one of a mismatch of structures.

Hi Stefan,

for me I think I can say relatively sure that it is a locking problem of the list data structures. I added printouts to to point where the list is modified. Putting the mutex around all spots with list modification helped for me:
+
+ mutex_lock(&register_mutex);
  list_add(&dev->list, &card->devices); /* add to the head of list */
+ mutex_unlock(&register_mutex);
  return 0;

As Tim already said, it might not be the ultimate fix, but I think it is at least in the right direction. Has somebody contact to the alsa developers? If so what do they say?

What is your proposed fix doing? Can you point me at the change e.g. the patch?

Thanks,

Frank

Hi Frank,

the change I would like to try has to do with the way lum is build. We have an updated version of the ALSA driver but the cx88 sound module was not build with these headers. We already had another cse where this lead to corruption because a driver used a layout of ALSA struct that did not match the ones of the driver.

This might be an explanation to why the crash happens when modifying list. Why it works with locking is not completely clear to me. Especially since I cannot really understand how this works. If I look at the backtrace you povided, it starts somewhere with dev_register_all (which takes the mutex while going through the list) and then (while in that function) calls pcm_dev_register which wants to add a new timer device by calling snd_device_new. This also tries to get the mutex and I think this is just a dead lock situation.

But anyways. I attach the patch I did and maybe you can try that, just to rule out that it isn't again this structure mismatch.

Stefan-

I tried your PPA, modules; no luck.

syslog attached.

:-Dustin

On Sun, 2008-04-13 at 15:29 +0000, Tim Gardner wrote:
> Note that this test version comes from my PPA:
> https://launchpad.net/~timg-tpi/+archive

Tim-

Tried yours too... No luck. Syslog available, if you want it.

:-Dustin

@Dustin

what was the outcome with Tim's version. An oops or hang?

It was an oops with Tim's last PPA version.

Stefan's latest PPA version, however, works:

Package: linux-ubuntu-modules-2.6.24-16-generic
Installed-Size: 17320
Architecture: amd64
Version: 2.6.24-16.23ubuntu2
Size: 4902008
MD5sum: 7283e849e20f3169135efa1084562fac

cx88 loads on boot without any null pointer exceptions. Boot happens very fast. TV card is detected properly. /dev/video? exist. MythTV finds the cards, scans the channels. TV video and sound work properly.

No ill effects that I have seen. +1, Stefan! Thanks.

:-Dustin

Also, I'm not seeing the "HAL failed" dialog on X startup anymore either. Seems this fixed that too!

:-Dustin

Fixed the build process to include ALSA headers and ALSA config.

I can confirm the patch works with both sound and video.

Had the HAL problem with saa7134.
I too installed linux-ubuntu-modules-2.6.24-16-generic_2.6.24-16.23ubuntu2, from http://ppa.launchpad.net/stefan-bader-canonical/ubuntu/ and it also works here. For the first time in hardy perfect recognition of TV- video and audio and have xaw-tv running.
No side effects

Stefan, thanks for the fix man!! :-)

BTW, more happy testimonies of this fix are here:
https://bugs.launchpad.net/ubuntu/+source/linux-ubuntu-modules-2.6.24/+bug/212271

I haven't chimed in before, but I just wanted to confirm that latest lum from stefan's PPA fixes this bug for me as well.

Stefan's patched version of LUM worked for my pcHDTV 5500 card. No oops, no hangs, no long waits on boot. Sound works finally, with no humming or buzzing. Great work!

This bug was fixed in the package linux-ubuntu-modules-2.6.24 - 2.6.24-16.23

---------------
linux-ubuntu-modules-2.6.24 (2.6.24-16.23) hardy; urgency=low

  [Amit Kucheria]

  * Poulsbo: Update to latest DRM drivers (Beta09)

  [Stefan Bader]

  * Use LUM version of ALSA headers when building media drivers.
  * Include correct ALSA config for media drivers.
    - LP: #212960

  [Daniel Mack]

  * caiaq: make high sample rates work with A8DJ
    This patch for snd_usb_caiaq makes sample rates higher than 49KHz work
    with devices which have more than 2 stereo input/output pairs.

  * caiaq: correct input channel order
    This patch corrects the input channel order of hardware supported by
    snd_usb_caiaq.

  [Matthew Ranostay]

  * hda: Correct SPDIF out default config
    Several laptops have have the SPDIF out defined as 'Digital other out'
    when it should be 'SPDIF out' in the default config.

  [Soren Hansen]

  * Remove openvm tools
    We're reliably informed that open-vm-tools is not something we
    want to support. Each VMWare product comes with its own version of
    these kernel modules (released under the GPL and everything),
    while open-vm-tools is not actually supported for any version of
    any VMWare product. This might very well change in either the
    intrepid or intrepid+1 time frame, but it's not there yet.

 -- Tim Gardner <email address hidden> Fri, 11 Apr 2008 10:57:39 -0600