Reloading problem

Dan Williams dcbw at redhat.com
Mon Jan 5 15:40:24 EST 2009 

On Fri, 2008-10-17 at 18:55 +0900, Jeong-Hwan Seo wrote:
> Hi everybody.
> I already read post about reloading problem of
> libertas driver module.
> (Reloading of libertas driver module make kernel
> broken.)
> Has anybody found solution about the problem?
> 
> This is log messages about the problem
> =======================================================================================
> # insmod libertas_sdio.ko
> libertas_sdio: Libertas SDIO driver
> libertas_sdio: Copyright Pierre Ossman
> firmware: requesting helper_sd.bin
> firmware: requesting sd8686.bin
> libertas: 00:50:43:02:fe:01, fw 9.70.2p1, cap
> 0x0000030b
> libertas: eth0: Marvell WLAN 802.11 adapter
> # rmmod libertas_sdio
> # insmod libertas_sdio.ko
> libertas_sdio: Libertas SDIO driver
> libertas_sdio: Copyright Pierre Ossman
> firmware: requesting helper_sd.bin
> firmware: requesting sd8686.bin
> Unable to handle kernel NULL pointer dereference at
> virtual address 00000b18
> pgd = c0004000
> [00000b18] *pgd=00000000
> Internal error: Oops: 17 [#1] PREEMPT
> Modules linked in: libertas_sdio(+) [last unloaded:
> libertas_sdio]
> CPU: 0    Not tainted  (2.6.26-00186-g76fe58a-dirty
> #50)
> PC is at lbs_host_to_card_done+0x70/0x134
> LR is at lbs_host_to_card_done+0x70/0x134
> pc : [<c017c6b0>]    lr : [<c017c6b0>]    psr:
> 80000193
> sp : c7111f38  ip : c7111f38  fp : c7111f4c
> r10: 00000000  r9 : 00000002  r8 : 00400001
> r7 : c03b1878  r6 : c7111f5c  r5 : 00000000  r4 :
> 80000113
> r3 : 00000000  r2 : c7110000  r1 : 00000001  r0 :
> 00000001
> Flags: Nzcv  IRQs off  FIQs on  Mode SVC_32  ISA ARM 
> Segment kernel
> Control: 00c5387f  Table: 57100008  DAC: 00000017
> Process ksdiorqd (pid: 802, stack limit = 0xc7110260)
> Stack: (0xc7111f38 to 0xc7112000)
> 1f20:                                                 
>      00000002 c70e0000
> 1f40: c7111f8c c7111f50 bf00125c c017c64c 00000000
> 00000195 00000000 00000000
> 1f60: 00000000 00000000 c7989000 c7a41e00 c7a41e00
> 00000001 00000002 00000000
> 1f80: c7111fd4 c7111f90 c01d56bc bf001168 00000000
> c7111fa7 00000002 c7110000
> 1fa0: 00000001 020392ac c7111fd4 c7110000 c7989000
> c01d55c4 00000000 00000000
> 1fc0: 00000000 00000000 c7111ff4 c7111fd8 c0054df8
> c01d55d0 00000000 00000000
> 1fe0: 00000000 00000000 00000000 c7111ff8 c0042ca0
> c0054da8 c0000bd8 c0000b70
> Backtrace:
> [<c017c640>] (lbs_host_to_card_done+0x0/0x134) from
> [<bf00125c>] (if_sdio_interrupt+0x100/0x958
> [libertas_sdio])
>  r5:c70e0000 r4:00000002
> [<bf00115c>] (if_sdio_interrupt+0x0/0x958
> [libertas_sdio]) from [<c01d56bc>]
> (sdio_irq_thread+0xf8/0x1f8)
> [<c01d55c4>] (sdio_irq_thread+0x0/0x1f8) from
> [<c0054df8>] (kthread+0x5c/0x94)
> 
> 
> What I find out is card->priv is NULL pointer.
> In, if_sdio.c if_sdio_interrupt calls
> lbs_host_tocard_done(card->priv)
> Here, card->priv is NULL pointer.
> And, when kernel try to access priv it crashes.
> I hope somebody could solve this problem.

Hmm... try disabling interrupts right after flush_scheduled_work() in
if_sdio_remove(), with something like:

	sdio_writeb(func, 0x00, IF_SDIO_H_INT_MASK, &ret);

Could be that interrupts don't get disabled on module removal, and thus
are enabled before the module wants to handle them.

Dan

More information about the libertas-dev mailing list