[Bug 606081] Re: radeon_info_ioctl: [340700.513619] BUG: unable to handle kernel paging request at fffffffff0ea1e74

[Dave Gilbert]

I think there are two separate problems here; the 1st is that radeon_info_ioctl is missing a copy_from_user
(which I've reported as freedesktop.org bug 29340 - and linked it).  That's why it oops's

The 2nd problem I'm less sure of but it looks like a question of what a 32bit app is supposed to put into the ioctl data; I added
some printf's to radeon_info_ioctl and saw this:


[  127.105635] radeon_info_ioctl: Dev=ffff88022afa5800 data=ffff88020e1d3e58 filp=ffff88020f5a8540
[  127.105639] radeon_info_ioctl: rdev=ffff88022b164000
[  127.105640] radeon_info_ioctl: value_ptr=00000000ffc6ac2c
[  127.105641] radeon_info_ioctl: value=0
[  127.105642] radeon_info_ioctl: info->request=0

[  127.172280] radeon_info_ioctl: Dev=ffff88022afa5800 data=ffff88020e1d3e58 filp=ffff88020f5a8540
[  127.172284] radeon_info_ioctl: rdev=ffff88022b164000
[  127.172286] radeon_info_ioctl: value_ptr=ffffffffecc17ab4
[  127.172298] BUG: unable to handle kernel paging request at ffffffffecc17ab4

and the data structure passed to the ioctl apparently is:

struct drm_radeon_info {
        uint32_t                request;
        uint32_t                pad;
        uint64_t                value;
};

Is that correct for both 32 and 64bit processes? If so then it looks like googleearth is sign extending it's pointer when
it stuffs it into value which would be a googleearth bug; however if we're expecting a 32bit app only to know about
the bottom 32bits then we need a compat routine to clean value up.

Dave

-- 
radeon_info_ioctl: [340700.513619] BUG: unable to handle kernel paging request at fffffffff0ea1e74
https://bugs.launchpad.net/bugs/606081
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux in ubuntu.