[4KSTACK][2.6.6] Stack overflow in radeonfb

[4KSTACK][2.6.6] Stack overflow in radeonfb

[Kronos]

Hi,
I tried 2.6.6 + 4KB stack and I see a hard lockup (no ping, no sysrq)
when switching from X to console. 
I'm using the new radeonfb and XFree 4.3.0 with "ati" driver (not the
binary one).

I captured the log via netconsole:

[XFree started]
atkbd.c: Unknown key released (translated set 2, code 0x7a on isa0060/serio0).
atkbd.c: This is an XFree86 bug. It shouldn't access hardware directly.
atkbd.c: Unknown key released (translated set 2, code 0x7a on isa0060/serio0).
atkbd.c: This is an XFree86 bug. It shouldn't access hardware directly.
[Switch]
hStart = 1048, hEnd = 1184, hTotal = 1344
vStart = 771, vEnd = 777, vTotal = 806
h_total_disp = 0x7f00a7	   hsync_strt_wid = 0x910422
v_total_disp = 0x2ff0325	   vsync_strt_wid = 0x860302
pixclock = 15384
freq = 6500
post div = 0x2
fb_div = 0x74
ppll_div_3 = 0x20074
do_IRQ: stack overflow: 460
Call Trace:
 [<c01086be>] do_IRQ+0x3fe/0x410
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c010633c>] common_interrupt+0x18/0x20
 [<c02e1baa>] radeon_write_pll_regs+0xbaa/0x1e10
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c02e3c5c>] radeon_calc_pll_regs+0xfc/0x120
 [<c02e333c>] radeon_write_mode+0x35c/0xb80
 [<c02e4509>] radeonfb_set_par+0x889/0xb50
 [<c011b59e>] recalc_task_prio+0x8e/0x1b0
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c011b81a>] try_to_wake_up+0x15a/0x290
 [<c011c75a>] __wake_up_common+0x3a/0x60
 [<c0137397>] queue_work+0x57/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c02829f3>] __make_request+0x463/0x730
 [<c0103aa6>] __switch_to+0x116/0x180
 [<c0378aed>] schedule+0x3ad/0x8d0
 [<c0173922>] __wait_on_buffer+0xa2/0xc0
 [<c0176416>] __find_get_block+0x76/0x110
 [<c01764df>] __getblk+0x2f/0x60
 [<c01e13a2>] is_tree_node+0x62/0x70
 [<c01e1aa1>] search_by_key+0x6f1/0xee0
 [<f1a13b2f>] xfs_bmbt_get_state+0x2f/0x40 [xfs]
 [<f1a0ab67>] xfs_bmap_do_search_extents+0xd7/0x3c0 [xfs]
 [<c01e2430>] search_for_position_by_key+0x1a0/0x3c0
 [<c01c93c4>] make_cpu_key+0x54/0x60
 [<c01e10d3>] pathrelse+0x23/0x40
 [<c01c9bb1>] _get_block_create_0+0x711/0x7b0
 [<c0207354>] __delay+0x14/0x20
 [<c01cb78e>] reiserfs_get_block+0x158e/0x1770
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c028763f>] as_update_iohist+0x11f/0x220
 [<c028776c>] as_update_arq+0x2c/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c02814c9>] get_request+0x279/0x5a0
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c0282941>] __make_request+0x3b1/0x730
 [<c0282e1d>] generic_make_request+0x15d/0x1e0
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c011e850>] autoremove_wake_function+0x0/0x50
 [<c014d62f>] __rmqueue+0xbf/0x110
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c014df92>] __alloc_pages+0xa2/0x300
 [<c02f2d8a>] radeon_match_mode+0xaa/0x1a0
 [<c02dffd0>] radeonfb_check_var+0x0/0x380
 [<c02e000a>] radeonfb_check_var+0x3a/0x380
 [<c02da3c6>] fb_set_var+0xe6/0xf0
 [<c02d8319>] fbcon_blank+0xb9/0x220
 [<c0176416>] __find_get_block+0x76/0x110
 [<c026532a>] do_unblank_screen+0x8a/0x160
 [<c025aba6>] vt_ioctl+0x366/0x1b60
 [<c0148946>] unlock_page+0x16/0x50
 [<c015cad2>] do_wp_page+0x422/0x5a0
 [<c015e430>] handle_mm_fault+0x220/0x300
 [<c011a2d0>] do_page_fault+0x360/0x57e
 [<c025a840>] vt_ioctl+0x0/0x1b60
 [<c025379e>] tty_ioctl+0x51e/0x610
 [<c019a763>] iput+0x63/0x80
 [<c018c165>] sys_ioctl+0x205/0x3e0
 [<c01059cf>] syscall_call+0x7/0xb

Unable to handle kernel paging request at virtual address 76656467
 printing eip:
c011c1b2
*pde = 00000000
Oops: 0002 [#1]
PREEMPT 
CPU:    0
EIP:    0060:[<c011c1b2>]    Not tainted
EFLAGS: 00013897   (2.6.64kstack) 
EIP is at scheduler_tick+0x102/0x650
eax: 7665645f   ebx: 00000001   ecx: 00000000   edx: 00000000
esi: c03d3830   edi: c0492020   ebp: c048df6c   esp: c048df3c
ds: 007b   es: 007b   ss: 0068
Process _driver (pid: 1701076837, threadinfo=c048d000 task=c03d3830)
Stack: 00000000 00000000 c027efdf efde5400 c048df8c c02a40fb efde5400 00000000 
       00000000 00000000 00000001 00000000 c048df8c c012cc56 00000000 00000001 
       00000001 00000000 00000000 ef373240 c048df9c c012d0f5 00000000 00000000 
Call Trace:
 [<c027efdf>] elv_queue_empty+0x1f/0x30
 [<c02a40fb>] ide_do_request+0x5b/0x4b0
 [<c012cc56>] update_process_times+0x46/0x50
 [<c012d0f5>] do_timer+0x35/0xf0
 [<c010e1a6>] timer_interrupt+0x176/0x3b0
 [<c02ace90>] ide_dma_intr+0x0/0xb0
 [<c0107dcb>] handle_IRQ_event+0x3b/0x70
 [<c010843d>] do_IRQ+0x17d/0x410
 =======================
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c010633c>] common_interrupt+0x18/0x20
 [<c02e1baa>] radeon_write_pll_regs+0xbaa/0x1e10
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c02e3c5c>] radeon_calc_pll_regs+0xfc/0x120
 [<c02e333c>] radeon_write_mode+0x35c/0xb80
 [<c02e4509>] radeonfb_set_par+0x889/0xb50
 [<c011b59e>] recalc_task_prio+0x8e/0x1b0
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c011b81a>] try_to_wake_up+0x15a/0x290
 [<c011c75a>] __wake_up_common+0x3a/0x60
 [<c0137397>] queue_work+0x57/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c02829f3>] __make_request+0x463/0x730
 [<c0103aa6>] __switch_to+0x116/0x180
 [<c0378aed>] schedule+0x3ad/0x8d0
 [<c0173922>] __wait_on_buffer+0xa2/0xc0
 [<c0176416>] __find_get_block+0x76/0x110
 [<c01764df>] __getblk+0x2f/0x60
 [<c01e13a2>] is_tree_node+0x62/0x70
 [<c01e1aa1>] search_by_key+0x6f1/0xee0
 [<f1a13b2f>] xfs_bmbt_get_state+0x2f/0x40 [xfs]
 [<f1a0ab67>] xfs_bmap_do_search_extents+0xd7/0x3c0 [xfs]
 [<c01e2430>] search_for_position_by_key+0x1a0/0x3c0
 [<c01c93c4>] make_cpu_key+0x54/0x60
 [<c01e10d3>] pathrelse+0x23/0x40
 [<c01c9bb1>] _get_block_create_0+0x711/0x7b0
 [<c0207354>] __delay+0x14/0x20
 [<c01cb78e>] reiserfs_get_block+0x158e/0x1770
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c028763f>] as_update_iohist+0x11f/0x220
 [<c028776c>] as_update_arq+0x2c/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c02814c9>] get_request+0x279/0x5a0
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c0282941>] __make_request+0x3b1/0x730
 [<c0282e1d>] generic_make_request+0x15d/0x1e0
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c011e850>] autoremove_wake_function+0x0/0x50
 [<c014d62f>] __rmqueue+0xbf/0x110
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c014df92>] __alloc_pages+0xa2/0x300
 [<c02f2d8a>] radeon_match_mode+0xaa/0x1a0
 [<c02dffd0>] radeonfb_check_var+0x0/0x380
 [<c02e000a>] radeonfb_check_var+0x3a/0x380
 [<c02da3c6>] fb_set_var+0xe6/0xf0
 [<c02d8319>] fbcon_blank+0xb9/0x220
 [<c0176416>] __find_get_block+0x76/0x110
 [<c026532a>] do_unblank_screen+0x8a/0x160
 [<c025aba6>] vt_ioctl+0x366/0x1b60
 [<c0148946>] unlock_page+0x16/0x50
 [<c015cad2>] do_wp_page+0x422/0x5a0
 [<c015e430>] handle_mm_fault+0x220/0x300
 [<c011a2d0>] do_page_fault+0x360/0x57e
 [<c025a840>] vt_ioctl+0x0/0x1b60
 [<c025379e>] tty_ioctl+0x51e/0x610
 [<c019a763>] iput+0x63/0x80
 [<c018c165>] sys_ioctl+0x205/0x3e0
 [<c01059cf>] syscall_call+0x7/0xb

Code: 0f ba 68 08 03 83 c4 24 5b 5e 5f c9 c3 90 b8 00 f0 ff ff 21 
 <0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing

I don't see why reiserfs and xfs are both on the call stack, but the
problem seems related to radeonfb.

Full dmesg and config are attached.

Luca
-- 
Home: http://kronoz.cjb.net
Una donna sposa un uomo sperando che cambi, e lui non cambiera`. Un
uomo sposa una donna sperando che non cambi, e lei cambiera`.

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Kronos]

[-- Attachment #1: Type: text/plain, Size: 189 bytes --]

> Full dmesg and config are attached.

Ehm... this time for real :)

Luca
-- 
Home: http://kronoz.cjb.net
La differenza fra l'intelligenza e la stupidita`?
All'intelligenza c'e` un limite.

[-- Attachment #2: dmesg.remote --]
[-- Type: text/plain, Size: 18198 bytes --]

Linux version 2.6.64kstack (root@dreamland.darkstar.lan) (gcc version 3.3.2) #38 Thu May 13 15:26:07 CEST 2004
BIOS-provided physical RAM map:
 BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
 BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
 BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
 BIOS-e820: 0000000000100000 - 000000002fff0000 (usable)
 BIOS-e820: 000000002fff0000 - 000000002fff3000 (ACPI NVS)
 BIOS-e820: 000000002fff3000 - 0000000030000000 (ACPI data)
 BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
767MB LOWMEM available.
On node 0 totalpages: 196592
  DMA zone: 4096 pages, LIFO batch:1
  Normal zone: 192496 pages, LIFO batch:16
  HighMem zone: 0 pages, LIFO batch:1
DMI 2.2 present.
ACPI: RSDP (v000 VIA694                                    ) @ 0x000f75b0
ACPI: RSDT (v001 VIA694 AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x2fff3000
ACPI: FADT (v001 VIA694 AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x2fff3040
ACPI: DSDT (v001 VIA694 AWRDACPI 0x00001000 MSFT 0x0100000c) @ 0x00000000
ACPI: PM-Timer IO Port: 0x4008
Built 1 zonelists
Kernel command line: BOOT_IMAGE=linux-2.6.6 ro root=305 BOOT_FILE=/bzImage-2.6.6-4kstack video=radeonfb:1024x768-8@60 netconsole=6665@10.0.0.1/eth0,6666@10.0.0.2/00:E0:18:06:DA:7A single
netconsole: local port 6665
netconsole: local IP 10.0.0.1
netconsole: interface eth0
netconsole: remote port 6666
netconsole: remote IP 10.0.0.2
netconsole: remote ethernet address 00:e0:18:06:da:7a
Local APIC disabled by BIOS -- reenabling.
Found and enabled local APIC!
Initializing CPU#0
CPU 0 irqstacks, hard=c048d000 soft=c048c000
PID hash table entries: 4096 (order 12: 32768 bytes)
Detected 1470.685 MHz processor.
Using pmtmr for high-res timesource
Console: colour VGA+ 80x25
Memory: 775396k/786368k available (2541k kernel code, 10180k reserved, 887k data, 176k init, 0k highmem)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay loop... 2908.16 BogoMIPS
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
CPU: L2 Cache: 256K (64 bytes/line)
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU: AMD Athlon(tm) XP 1700+ stepping 02
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
enabled ExtINT on CPU#0
ESR value before enabling vector: 00000000
ESR value after enabling vector: 00000000
Using local APIC timer interrupts.
calibrating APIC timer ...
..... CPU clock speed is 1469.0806 MHz.
..... host bus clock speed is 267.0237 MHz.
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xfb460, last bus=1
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
ACPI: Subsystem revision 20040326
spurious 8259A interrupt: IRQ7.
 tbxface-0117 [03] acpi_load_tables      : ACPI Tables successfully acquired
Parsing all Control Methods:...................................................................................................................
Table [DSDT](id F004) - 464 Objects with 38 Devices 115 Methods 31 Regions
ACPI Namespace successfully loaded at root c04a437c
ACPI: IRQ9 SCI: Level Trigger.
evxfevnt-0093 [04] acpi_enable           : Transition to ACPI mode successful
evgpeblk-0867 [06] ev_create_gpe_block   : GPE 00 to 15 [_GPE] 2 regs at 0000000000004020 on int 9
evgpeblk-0925 [06] ev_create_gpe_block   : Found 0 Wake, Enabled 6 Runtime GPEs in this block
Completing Region/Field/Buffer/Package initialization:.............................................................................
Initialized 31/31 Regions 13/13 Fields 20/20 Buffers 13/13 Packages (473 nodes)
Executing all Device _STA and_INI methods:........................................
40 Devices found containing: 40 _STA, 2 _INI methods
ACPI: Interpreter enabled
ACPI: Using PIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (00:00)
PCI: Probing PCI hardware (bus 00)
ACPI: PCI Interrupt Link [LNKA] (IRQs 1 3 4 5 6 7 10 *11 12 14 15)
ACPI: PCI Interrupt Link [LNKB] (IRQs 1 3 4 5 6 7 *10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKC] (IRQs 1 3 4 *5 6 7 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKD] (IRQs 1 3 4 5 6 7 10 *11 12 14 15)
Linux Plug and Play Support v0.97 (c) Adam Belay
PnPBIOS: Scanning system for PnP BIOS support...
PnPBIOS: Found PnP BIOS installation structure at 0xc00fbf10
PnPBIOS: PnP BIOS version 1.0, entry 0xf0000:0xbf40, dseg 0xf0000
pnp: 00:0b: ioport range 0x3f0-0x3f1 has been reserved
PnPBIOS: 17 nodes reported by PnP BIOS; 17 recorded by driver
SCSI subsystem initialized
ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 10
ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 11
ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 11
ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 5
PCI: Using ACPI for IRQ routing
radeonfb_pci_register BEGIN
radeonfb: probed SDR SGRAM 131072k videoram
radeonfb: mapped 16384k videoram
radeonfb: Found Intel x86 BIOS ROM Image
radeonfb: Retreived PLL infos from BIOS
radeonfb: Reference=27.00 MHz (RefDiv=12) Memory=277.00 Mhz, System=270.00 MHz
1 chips in connector info
 - chip 1 has 2 connectors
  * connector 0 of type 2 (CRT) : 2300
  * connector 1 of type 3 (DVI-I) : 3201
Starting monitor auto detection...
radeonfb: I2C (port 1) ... not found
radeonfb: I2C (port 2) ... not found
radeonfb: I2C (port 3) ... found CRT display
radeonfb: I2C (port 4) ... not found
radeonfb: I2C (port 2) ... not found
radeonfb: I2C (port 4) ... not found
radeonfb: I2C (port 3) ... found CRT display
radeonfb: Monitor 1 type CRT found
radeonfb: EDID probed
radeonfb: Monitor 2 type no found
radeonfb: ATI Radeon NE  SDR SGRAM 128 MB
radeonfb_pci_register END
Machine check exception polling timer started.
Initializing Cryptographic API
ACPI: Power Button (FF) [PWRF]
ACPI: Sleep Button (CM) [SLPB]
ACPI: Fan [FAN] (on)
ACPI: Processor [CPU0] (supports C1 C2)
ACPI: Thermal Zone [THRM] (58 C)
hStart = 1048, hEnd = 1184, hTotal = 1344
vStart = 771, vEnd = 777, vTotal = 806
h_total_disp = 0x7f00a7	   hsync_strt_wid = 0x910422
v_total_disp = 0x2ff0325	   vsync_strt_wid = 0x860302
pixclock = 15384
freq = 6500
post div = 0x2
fb_div = 0x74
ppll_div_3 = 0x20074
lvds_gen_cntl: 08000008
Console: switching to colour frame buffer device 128x48
Serial: 8250/16550 driver $Revision: 1.90 $ 8 ports, IRQ sharing enabled
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
parport: PnPBIOS parport detected.
parport0: PC-style at 0x378 (0x778), irq 7, dma 3 [PCSPP,TRISTATE,COMPAT,EPP,ECP,DMA]
Using anticipatory io scheduler
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
e100: Intel(R) PRO/100 Network Driver, 3.0.17
e100: Copyright(c) 1999-2004 Intel Corporation
e100: eth0: e100_probe: addr 0xeb100000, irq 10, MAC addr 00:50:8B:5C:21:8B
netconsole: device eth0 not up yet, forcing it
e100: eth0: e100_watchdog: link up, 10Mbps, half-duplex
netconsole: carrier detect appears flaky, waiting 10 seconds
netconsole: network logging started
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
VP_IDE: IDE controller at PCI slot 0000:00:11.1
VP_IDE: chipset revision 6
VP_IDE: not 100% native mode: will probe irqs later
VP_IDE: VIA vt8233a (rev 00) IDE UDMA133 controller on pci0000:00:11.1
    ide0: BM-DMA at 0xd400-0xd407, BIOS settings: hda:DMA, hdb:DMA
    ide1: BM-DMA at 0xd408-0xd40f, BIOS settings: hdc:DMA, hdd:DMA
hda: Maxtor 6Y120L0, ATA DISK drive
hdb: QUANTUM FIREBALLlct10 10, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hdc: _NEC DVD_RW ND-1300A, ATAPI CD/DVD-ROM drive
hdd: WAITEC ALADAR/1, ATAPI CD/DVD-ROM drive
ide1 at 0x170-0x177,0x376 on irq 15
hda: max request size: 128KiB
hda: 240121728 sectors (122942 MB) w/2048KiB Cache, CHS=65535/16/63, UDMA(133)
 hda: hda1 hda2 < hda5 hda6 hda7 hda8 > hda3
hda: task_no_data_intr: status=0x51 { DriveReady SeekComplete Error }
hda: task_no_data_intr: error=0x04 { DriveStatusError }
hda: Write Cache FAILED Flushing!
hdb: max request size: 128KiB
hdb: 20044080 sectors (10262 MB) w/418KiB Cache, CHS=19885/16/63
 hdb: hdb1 hdb2
hdc: ATAPI 40X DVD-ROM DVD-R CD-R/RW drive, 2048kB Cache, UDMA(33)
Uniform CD-ROM driver Revision: 3.20
hdd: ATAPI 40X CD-ROM CD-R/RW drive, 8192kB Cache, UDMA(33)
mice: PS/2 mouse device common for all mice
serio: i8042 AUX port at 0x60,0x64 irq 12
input: ImPS/2 Generic Wheel Mouse on isa0060/serio1
serio: i8042 KBD port at 0x60,0x64 irq 1
input: AT Translated Set 2 keyboard on isa0060/serio0
NET: Registered protocol family 2
IP: routing cache hash table of 2048 buckets, 64Kbytes
TCP: Hash tables configured (established 262144 bind 37449)
NET: Registered protocol family 1
NET: Registered protocol family 17
ACPI: (supports S0 S1 S3 S4 S5)
BIOS EDD facility v0.13 2004-Mar-09, 2 devices found
Please report your BIOS at http://linux.dell.com/edd/results.html
hda: task_no_data_intr: status=0x51 { DriveReady SeekComplete Error }
hda: task_no_data_intr: error=0x04 { DriveStatusError }
hda: Write Cache FAILED Flushing!
VFS: Mounted root (ext2 filesystem) readonly.
Freeing unused kernel memory: 176k freed
Adding 265064k swap on /dev/hdb2.  Priority:9 extents:1
NET: Registered protocol family 10
IPv6 over IPv4 tunneling driver
found reiserfs format "3.6" with standard journal
reiserfs: using ordered data mode
Reiserfs journal params: device hda7, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
reiserfs: checking transaction log (hda7) for (hda7)
Using r5 hash to sort names
SGI XFS with large block numbers, no debug enabled
XFS mounting filesystem hda6
XFS mounting filesystem hda8
NTFS driver 2.1.8 [Flags: R/O DEBUG MODULE].
NTFS volume version 3.1.
found reiserfs format "3.6" with standard journal
reiserfs: using ordered data mode
Reiserfs journal params: device hda3, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
reiserfs: checking transaction log (hda3) for (hda3)
Using r5 hash to sort names
Linux agpgart interface v0.100 (c) Dave Jones
agpgart: Detected VIA KT266/KY266x/KT333 chipset
agpgart: Maximum main memory to use for agp memory: 690M
agpgart: AGP aperture is 128M @ 0xd0000000
usbcore: registered new driver usbfs
usbcore: registered new driver hub
USB Universal Host Controller Interface driver v2.2
uhci_hcd 0000:00:11.2: VIA Technologies, Inc. USB
uhci_hcd 0000:00:11.2: irq 11, io base 0000d800
uhci_hcd 0000:00:11.2: new USB bus registered, assigned bus number 1
uhci_hcd 0000:00:11.2: detected 2 ports
usb usb1: Product: VIA Technologies, Inc. USB
usb usb1: Manufacturer: Linux 2.6.64kstack uhci_hcd
usb usb1: SerialNumber: 0000:00:11.2
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 2 ports detected
uhci_hcd 0000:00:11.3: VIA Technologies, Inc. USB (#2)
uhci_hcd 0000:00:11.3: irq 11, io base 0000dc00
uhci_hcd 0000:00:11.3: new USB bus registered, assigned bus number 2
uhci_hcd 0000:00:11.3: detected 2 ports
usb usb2: Product: VIA Technologies, Inc. USB (#2)
usb usb2: Manufacturer: Linux 2.6.64kstack uhci_hcd
usb usb2: SerialNumber: 0000:00:11.3
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
CBQ: class 00010001 has bad quantum==0, repaired.
atkbd.c: Unknown key released (translated set 2, code 0x7a on isa0060/serio0).
atkbd.c: This is an XFree86 bug. It shouldn't access hardware directly.
atkbd.c: Unknown key released (translated set 2, code 0x7a on isa0060/serio0).
atkbd.c: This is an XFree86 bug. It shouldn't access hardware directly.
hStart = 1048, hEnd = 1184, hTotal = 1344
vStart = 771, vEnd = 777, vTotal = 806
h_total_disp = 0x7f00a7	   hsync_strt_wid = 0x910422
v_total_disp = 0x2ff0325	   vsync_strt_wid = 0x860302
pixclock = 15384
freq = 6500
post div = 0x2
fb_div = 0x74
ppll_div_3 = 0x20074
do_IRQ: stack overflow: 460
Call Trace:
 [<c01086be>] do_IRQ+0x3fe/0x410
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c010633c>] common_interrupt+0x18/0x20
 [<c02e1baa>] radeon_write_pll_regs+0xbaa/0x1e10
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c02e3c5c>] radeon_calc_pll_regs+0xfc/0x120
 [<c02e333c>] radeon_write_mode+0x35c/0xb80
 [<c02e4509>] radeonfb_set_par+0x889/0xb50
 [<c011b59e>] recalc_task_prio+0x8e/0x1b0
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c011b81a>] try_to_wake_up+0x15a/0x290
 [<c011c75a>] __wake_up_common+0x3a/0x60
 [<c0137397>] queue_work+0x57/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c02829f3>] __make_request+0x463/0x730
 [<c0103aa6>] __switch_to+0x116/0x180
 [<c0378aed>] schedule+0x3ad/0x8d0
 [<c0173922>] __wait_on_buffer+0xa2/0xc0
 [<c0176416>] __find_get_block+0x76/0x110
 [<c01764df>] __getblk+0x2f/0x60
 [<c01e13a2>] is_tree_node+0x62/0x70
 [<c01e1aa1>] search_by_key+0x6f1/0xee0
 [<f1a13b2f>] xfs_bmbt_get_state+0x2f/0x40 [xfs]
 [<f1a0ab67>] xfs_bmap_do_search_extents+0xd7/0x3c0 [xfs]
 [<c01e2430>] search_for_position_by_key+0x1a0/0x3c0
 [<c01c93c4>] make_cpu_key+0x54/0x60
 [<c01e10d3>] pathrelse+0x23/0x40
 [<c01c9bb1>] _get_block_create_0+0x711/0x7b0
 [<c0207354>] __delay+0x14/0x20
 [<c01cb78e>] reiserfs_get_block+0x158e/0x1770
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c028763f>] as_update_iohist+0x11f/0x220
 [<c028776c>] as_update_arq+0x2c/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c02814c9>] get_request+0x279/0x5a0
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c0282941>] __make_request+0x3b1/0x730
 [<c0282e1d>] generic_make_request+0x15d/0x1e0
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c011e850>] autoremove_wake_function+0x0/0x50
 [<c014d62f>] __rmqueue+0xbf/0x110
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c014df92>] __alloc_pages+0xa2/0x300
 [<c02f2d8a>] radeon_match_mode+0xaa/0x1a0
 [<c02dffd0>] radeonfb_check_var+0x0/0x380
 [<c02e000a>] radeonfb_check_var+0x3a/0x380
 [<c02da3c6>] fb_set_var+0xe6/0xf0
 [<c02d8319>] fbcon_blank+0xb9/0x220
 [<c0176416>] __find_get_block+0x76/0x110
 [<c026532a>] do_unblank_screen+0x8a/0x160
 [<c025aba6>] vt_ioctl+0x366/0x1b60
 [<c0148946>] unlock_page+0x16/0x50
 [<c015cad2>] do_wp_page+0x422/0x5a0
 [<c015e430>] handle_mm_fault+0x220/0x300
 [<c011a2d0>] do_page_fault+0x360/0x57e
 [<c025a840>] vt_ioctl+0x0/0x1b60
 [<c025379e>] tty_ioctl+0x51e/0x610
 [<c019a763>] iput+0x63/0x80
 [<c018c165>] sys_ioctl+0x205/0x3e0
 [<c01059cf>] syscall_call+0x7/0xb

Unable to handle kernel paging request at virtual address 76656467
 printing eip:
c011c1b2
*pde = 00000000
Oops: 0002 [#1]
PREEMPT 
CPU:    0
EIP:    0060:[<c011c1b2>]    Not tainted
EFLAGS: 00013897   (2.6.64kstack) 
EIP is at scheduler_tick+0x102/0x650
eax: 7665645f   ebx: 00000001   ecx: 00000000   edx: 00000000
esi: c03d3830   edi: c0492020   ebp: c048df6c   esp: c048df3c
ds: 007b   es: 007b   ss: 0068
Process _driver (pid: 1701076837, threadinfo=c048d000 task=c03d3830)
Stack: 00000000 00000000 c027efdf efde5400 c048df8c c02a40fb efde5400 00000000 
       00000000 00000000 00000001 00000000 c048df8c c012cc56 00000000 00000001 
       00000001 00000000 00000000 ef373240 c048df9c c012d0f5 00000000 00000000 
Call Trace:
 [<c027efdf>] elv_queue_empty+0x1f/0x30
 [<c02a40fb>] ide_do_request+0x5b/0x4b0
 [<c012cc56>] update_process_times+0x46/0x50
 [<c012d0f5>] do_timer+0x35/0xf0
 [<c010e1a6>] timer_interrupt+0x176/0x3b0
 [<c02ace90>] ide_dma_intr+0x0/0xb0
 [<c0107dcb>] handle_IRQ_event+0x3b/0x70
 [<c010843d>] do_IRQ+0x17d/0x410
 =======================
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c010633c>] common_interrupt+0x18/0x20
 [<c02e1baa>] radeon_write_pll_regs+0xbaa/0x1e10
 [<c011c902>] __wake_up_locked+0x22/0x30
 [<c02e3c5c>] radeon_calc_pll_regs+0xfc/0x120
 [<c02e333c>] radeon_write_mode+0x35c/0xb80
 [<c02e4509>] radeonfb_set_par+0x889/0xb50
 [<c011b59e>] recalc_task_prio+0x8e/0x1b0
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c011b81a>] try_to_wake_up+0x15a/0x290
 [<c011c75a>] __wake_up_common+0x3a/0x60
 [<c0137397>] queue_work+0x57/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c02829f3>] __make_request+0x463/0x730
 [<c0103aa6>] __switch_to+0x116/0x180
 [<c0378aed>] schedule+0x3ad/0x8d0
 [<c0173922>] __wait_on_buffer+0xa2/0xc0
 [<c0176416>] __find_get_block+0x76/0x110
 [<c01764df>] __getblk+0x2f/0x60
 [<c01e13a2>] is_tree_node+0x62/0x70
 [<c01e1aa1>] search_by_key+0x6f1/0xee0
 [<f1a13b2f>] xfs_bmbt_get_state+0x2f/0x40 [xfs]
 [<f1a0ab67>] xfs_bmap_do_search_extents+0xd7/0x3c0 [xfs]
 [<c01e2430>] search_for_position_by_key+0x1a0/0x3c0
 [<c01c93c4>] make_cpu_key+0x54/0x60
 [<c01e10d3>] pathrelse+0x23/0x40
 [<c01c9bb1>] _get_block_create_0+0x711/0x7b0
 [<c0207354>] __delay+0x14/0x20
 [<c01cb78e>] reiserfs_get_block+0x158e/0x1770
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c028763f>] as_update_iohist+0x11f/0x220
 [<c028776c>] as_update_arq+0x2c/0x70
 [<c02885b9>] as_add_request+0x199/0x200
 [<c02814c9>] get_request+0x279/0x5a0
 [<c027ec9d>] __elv_add_request+0x2d/0x40
 [<c0282941>] __make_request+0x3b1/0x730
 [<c0282e1d>] generic_make_request+0x15d/0x1e0
 [<c014bec3>] mempool_alloc+0x63/0x2d0
 [<c011e850>] autoremove_wake_function+0x0/0x50
 [<c014d62f>] __rmqueue+0xbf/0x110
 [<c014dd24>] buffered_rmqueue+0xf4/0x2c0
 [<c014df92>] __alloc_pages+0xa2/0x300
 [<c02f2d8a>] radeon_match_mode+0xaa/0x1a0
 [<c02dffd0>] radeonfb_check_var+0x0/0x380
 [<c02e000a>] radeonfb_check_var+0x3a/0x380
 [<c02da3c6>] fb_set_var+0xe6/0xf0
 [<c02d8319>] fbcon_blank+0xb9/0x220
 [<c0176416>] __find_get_block+0x76/0x110
 [<c026532a>] do_unblank_screen+0x8a/0x160
 [<c025aba6>] vt_ioctl+0x366/0x1b60
 [<c0148946>] unlock_page+0x16/0x50
 [<c015cad2>] do_wp_page+0x422/0x5a0
 [<c015e430>] handle_mm_fault+0x220/0x300
 [<c011a2d0>] do_page_fault+0x360/0x57e
 [<c025a840>] vt_ioctl+0x0/0x1b60
 [<c025379e>] tty_ioctl+0x51e/0x610
 [<c019a763>] iput+0x63/0x80
 [<c018c165>] sys_ioctl+0x205/0x3e0
 [<c01059cf>] syscall_call+0x7/0xb

Code: 0f ba 68 08 03 83 c4 24 5b 5e 5f c9 c3 90 b8 00 f0 ff ff 21 
 <0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing
 

[-- Attachment #3: .config --]
[-- Type: text/plain, Size: 31201 bytes --]

#
# Automatically generated make config: don't edit
#
CONFIG_X86=y
CONFIG_MMU=y
CONFIG_UID16=y
CONFIG_GENERIC_ISA_DMA=y

#
# Code maturity level options
#
CONFIG_EXPERIMENTAL=y
# CONFIG_CLEAN_COMPILE is not set
# CONFIG_STANDALONE is not set
CONFIG_BROKEN=y
CONFIG_BROKEN_ON_SMP=y

#
# General setup
#
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_SYSCTL=y
# CONFIG_AUDIT is not set
CONFIG_LOG_BUF_SHIFT=14
CONFIG_HOTPLUG=y
# CONFIG_IKCONFIG is not set
# CONFIG_EMBEDDED is not set
CONFIG_KALLSYMS=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_AS=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set

#
# Loadable module support
#
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_OBSOLETE_MODPARM=y
CONFIG_MODVERSIONS=y
CONFIG_KMOD=y

#
# Processor type and features
#
CONFIG_X86_PC=y
# CONFIG_X86_ELAN is not set
# CONFIG_X86_VOYAGER is not set
# CONFIG_X86_NUMAQ is not set
# CONFIG_X86_SUMMIT is not set
# CONFIG_X86_BIGSMP is not set
# CONFIG_X86_VISWS is not set
# CONFIG_X86_GENERICARCH is not set
# CONFIG_X86_ES7000 is not set
# CONFIG_M386 is not set
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M586MMX is not set
# CONFIG_M686 is not set
# CONFIG_MPENTIUMII is not set
# CONFIG_MPENTIUMIII is not set
# CONFIG_MPENTIUMM is not set
# CONFIG_MPENTIUM4 is not set
# CONFIG_MK6 is not set
CONFIG_MK7=y
# CONFIG_MK8 is not set
# CONFIG_MCRUSOE is not set
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
# CONFIG_MCYRIXIII is not set
# CONFIG_MVIAC3_2 is not set
# CONFIG_X86_GENERIC is not set
CONFIG_X86_CMPXCHG=y
CONFIG_X86_XADD=y
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INVLPG=y
CONFIG_X86_BSWAP=y
CONFIG_X86_POPAD_OK=y
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_USE_3DNOW=y
# CONFIG_HPET_TIMER is not set
# CONFIG_HPET_EMULATE_RTC is not set
# CONFIG_SMP is not set
CONFIG_PREEMPT=y
CONFIG_X86_UP_APIC=y
CONFIG_X86_UP_IOAPIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_TSC=y
CONFIG_X86_MCE=y
CONFIG_X86_MCE_NONFATAL=y
# CONFIG_X86_MCE_P4THERMAL is not set
# CONFIG_TOSHIBA is not set
# CONFIG_I8K is not set
# CONFIG_MICROCODE is not set
CONFIG_X86_MSR=m
CONFIG_X86_CPUID=m

#
# Firmware Drivers
#
CONFIG_EDD=y
CONFIG_NOHIGHMEM=y
# CONFIG_HIGHMEM4G is not set
# CONFIG_HIGHMEM64G is not set
# CONFIG_MATH_EMULATION is not set
CONFIG_MTRR=y
# CONFIG_EFI is not set
CONFIG_HAVE_DEC_LOCK=y
# CONFIG_REGPARM is not set

#
# Power management options (ACPI, APM)
#
CONFIG_PM=y
CONFIG_SOFTWARE_SUSPEND=y
CONFIG_PM_DISK=y
CONFIG_PM_DISK_PARTITION="/dev/hdb2"

#
# ACPI (Advanced Configuration and Power Interface) Support
#
CONFIG_ACPI=y
CONFIG_ACPI_BOOT=y
CONFIG_ACPI_INTERPRETER=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_SLEEP_PROC_FS=y
CONFIG_ACPI_AC=m
# CONFIG_ACPI_BATTERY is not set
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_FAN=y
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_THERMAL=y
# CONFIG_ACPI_ASUS is not set
# CONFIG_ACPI_TOSHIBA is not set
CONFIG_ACPI_DEBUG=y
CONFIG_ACPI_BUS=y
CONFIG_ACPI_EC=y
CONFIG_ACPI_POWER=y
CONFIG_ACPI_PCI=y
CONFIG_ACPI_SYSTEM=y
CONFIG_X86_PM_TIMER=y

#
# APM (Advanced Power Management) BIOS Support
#
# CONFIG_APM is not set

#
# CPU Frequency scaling
#
# CONFIG_CPU_FREQ is not set

#
# Bus options (PCI, PCMCIA, EISA, MCA, ISA)
#
CONFIG_PCI=y
# CONFIG_PCI_GOBIOS is not set
# CONFIG_PCI_GOMMCONFIG is not set
# CONFIG_PCI_GODIRECT is not set
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
# CONFIG_PCI_USE_VECTOR is not set
CONFIG_PCI_LEGACY_PROC=y
CONFIG_PCI_NAMES=y
CONFIG_ISA=y
# CONFIG_EISA is not set
# CONFIG_MCA is not set
# CONFIG_SCx200 is not set

#
# PCMCIA/CardBus support
#
# CONFIG_PCMCIA is not set
CONFIG_PCMCIA_PROBE=y

#
# PCI Hotplug Support
#
# CONFIG_HOTPLUG_PCI is not set

#
# Executable file formats
#
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_AOUT=y
CONFIG_BINFMT_MISC=y

#
# Device Drivers
#

#
# Generic Driver Options
#
# CONFIG_FW_LOADER is not set
# CONFIG_DEBUG_DRIVER is not set

#
# Memory Technology Devices (MTD)
#
# CONFIG_MTD is not set

#
# Parallel port support
#
CONFIG_PARPORT=y
CONFIG_PARPORT_PC=y
CONFIG_PARPORT_PC_CML1=y
# CONFIG_PARPORT_SERIAL is not set
CONFIG_PARPORT_PC_FIFO=y
# CONFIG_PARPORT_PC_SUPERIO is not set
# CONFIG_PARPORT_OTHER is not set
CONFIG_PARPORT_1284=y

#
# Plug and Play support
#
CONFIG_PNP=y
CONFIG_PNP_DEBUG=y

#
# Protocols
#
# CONFIG_ISAPNP is not set
CONFIG_PNPBIOS=y
# CONFIG_PNPBIOS_PROC_FS is not set

#
# Block devices
#
CONFIG_BLK_DEV_FD=y
# CONFIG_BLK_DEV_XD is not set
# CONFIG_PARIDE is not set
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
# CONFIG_BLK_DEV_UMEM is not set
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_CARMEL is not set
CONFIG_BLK_DEV_RAM=m
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_LBD=y

#
# ATA/ATAPI/MFM/RLL support
#
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y

#
# Please see Documentation/ide.txt for help/info on IDE drives
#
# CONFIG_BLK_DEV_HD_IDE is not set
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_IDEDISK_MULTI_MODE=y
# CONFIG_IDEDISK_STROKE is not set
CONFIG_BLK_DEV_IDECD=y
# CONFIG_BLK_DEV_IDETAPE is not set
# CONFIG_BLK_DEV_IDEFLOPPY is not set
CONFIG_BLK_DEV_IDESCSI=y
# CONFIG_IDE_TASK_IOCTL is not set
CONFIG_IDE_TASKFILE_IO=y

#
# IDE chipset support/bugfixes
#
# CONFIG_IDE_GENERIC is not set
# CONFIG_BLK_DEV_CMD640 is not set
# CONFIG_BLK_DEV_IDEPNP is not set
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_IDEPCI_SHARE_IRQ=y
# CONFIG_BLK_DEV_OFFBOARD is not set
CONFIG_BLK_DEV_GENERIC=y
# CONFIG_BLK_DEV_OPTI621 is not set
# CONFIG_BLK_DEV_RZ1000 is not set
CONFIG_BLK_DEV_IDEDMA_PCI=y
# CONFIG_BLK_DEV_IDEDMA_FORCED is not set
CONFIG_IDEDMA_PCI_AUTO=y
# CONFIG_IDEDMA_ONLYDISK is not set
CONFIG_BLK_DEV_ADMA=y
# CONFIG_BLK_DEV_AEC62XX is not set
# CONFIG_BLK_DEV_ALI15X3 is not set
# CONFIG_BLK_DEV_AMD74XX is not set
# CONFIG_BLK_DEV_ATIIXP is not set
# CONFIG_BLK_DEV_CMD64X is not set
# CONFIG_BLK_DEV_TRIFLEX is not set
# CONFIG_BLK_DEV_CY82C693 is not set
# CONFIG_BLK_DEV_CS5520 is not set
# CONFIG_BLK_DEV_CS5530 is not set
# CONFIG_BLK_DEV_HPT34X is not set
# CONFIG_BLK_DEV_HPT366 is not set
# CONFIG_BLK_DEV_SC1200 is not set
# CONFIG_BLK_DEV_PIIX is not set
# CONFIG_BLK_DEV_NS87415 is not set
# CONFIG_BLK_DEV_PDC202XX_OLD is not set
# CONFIG_BLK_DEV_PDC202XX_NEW is not set
# CONFIG_BLK_DEV_SVWKS is not set
# CONFIG_BLK_DEV_SIIMAGE is not set
# CONFIG_BLK_DEV_SIS5513 is not set
# CONFIG_BLK_DEV_SLC90E66 is not set
# CONFIG_BLK_DEV_TRM290 is not set
CONFIG_BLK_DEV_VIA82CXXX=y
# CONFIG_IDE_CHIPSETS is not set
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_IDEDMA_IVB is not set
CONFIG_IDEDMA_AUTO=y
# CONFIG_BLK_DEV_HD is not set

#
# SCSI device support
#
CONFIG_SCSI=y
CONFIG_SCSI_PROC_FS=y

#
# SCSI support type (disk, tape, CD-ROM)
#
# CONFIG_BLK_DEV_SD is not set
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
CONFIG_BLK_DEV_SR=y
# CONFIG_BLK_DEV_SR_VENDOR is not set
CONFIG_CHR_DEV_SG=y

#
# Some SCSI devices (e.g. CD jukebox) support multiple LUNs
#
# CONFIG_SCSI_MULTI_LUN is not set
CONFIG_SCSI_REPORT_LUNS=y
# CONFIG_SCSI_CONSTANTS is not set
# CONFIG_SCSI_LOGGING is not set

#
# SCSI Transport Attributes
#
# CONFIG_SCSI_SPI_ATTRS is not set
# CONFIG_SCSI_FC_ATTRS is not set

#
# SCSI low-level drivers
#
# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
# CONFIG_SCSI_7000FASST is not set
# CONFIG_SCSI_ACARD is not set
# CONFIG_SCSI_AHA152X is not set
# CONFIG_SCSI_AHA1542 is not set
# CONFIG_SCSI_AACRAID is not set
# CONFIG_SCSI_AIC7XXX is not set
# CONFIG_SCSI_AIC7XXX_OLD is not set
# CONFIG_SCSI_AIC79XX is not set
# CONFIG_SCSI_DPT_I2O is not set
# CONFIG_SCSI_ADVANSYS is not set
# CONFIG_SCSI_IN2000 is not set
# CONFIG_SCSI_MEGARAID is not set
# CONFIG_SCSI_SATA is not set
# CONFIG_SCSI_BUSLOGIC is not set
# CONFIG_SCSI_CPQFCTS is not set
# CONFIG_SCSI_DMX3191D is not set
# CONFIG_SCSI_DTC3280 is not set
# CONFIG_SCSI_EATA is not set
# CONFIG_SCSI_EATA_PIO is not set
# CONFIG_SCSI_FUTURE_DOMAIN is not set
# CONFIG_SCSI_GDTH is not set
# CONFIG_SCSI_GENERIC_NCR5380 is not set
# CONFIG_SCSI_GENERIC_NCR5380_MMIO is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_SCSI_INITIO is not set
# CONFIG_SCSI_INIA100 is not set
# CONFIG_SCSI_PPA is not set
# CONFIG_SCSI_IMM is not set
# CONFIG_SCSI_NCR53C406A is not set
# CONFIG_SCSI_SYM53C8XX_2 is not set
# CONFIG_SCSI_PAS16 is not set
# CONFIG_SCSI_PCI2000 is not set
# CONFIG_SCSI_PCI2220I is not set
# CONFIG_SCSI_PSI240I is not set
# CONFIG_SCSI_QLOGIC_FAS is not set
# CONFIG_SCSI_QLOGIC_ISP is not set
# CONFIG_SCSI_QLOGIC_FC is not set
# CONFIG_SCSI_QLOGIC_1280 is not set
CONFIG_SCSI_QLA2XXX=y
# CONFIG_SCSI_QLA21XX is not set
# CONFIG_SCSI_QLA22XX is not set
# CONFIG_SCSI_QLA2300 is not set
# CONFIG_SCSI_QLA2322 is not set
# CONFIG_SCSI_QLA6312 is not set
# CONFIG_SCSI_QLA6322 is not set
# CONFIG_SCSI_SEAGATE is not set
# CONFIG_SCSI_SYM53C416 is not set
# CONFIG_SCSI_DC395x is not set
# CONFIG_SCSI_DC390T is not set
# CONFIG_SCSI_T128 is not set
# CONFIG_SCSI_U14_34F is not set
# CONFIG_SCSI_ULTRASTOR is not set
# CONFIG_SCSI_NSP32 is not set
# CONFIG_SCSI_DEBUG is not set

#
# Old CD-ROM drivers (not SCSI, not IDE)
#
# CONFIG_CD_NO_IDESCSI is not set

#
# Multi-device support (RAID and LVM)
#
# CONFIG_MD is not set

#
# Fusion MPT device support
#
# CONFIG_FUSION is not set

#
# IEEE 1394 (FireWire) support
#
# CONFIG_IEEE1394 is not set

#
# I2O device support
#
# CONFIG_I2O is not set

#
# Networking support
#
CONFIG_NET=y

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_NETLINK_DEV=m
CONFIG_UNIX=y
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
# CONFIG_IP_ROUTE_FWMARK is not set
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
# CONFIG_IP_ROUTE_TOS is not set
# CONFIG_IP_ROUTE_VERBOSE is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
# CONFIG_NET_IPGRE_BROADCAST is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set

#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
CONFIG_IPV6=m
# CONFIG_IPV6_PRIVACY is not set
# CONFIG_INET6_AH is not set
# CONFIG_INET6_ESP is not set
CONFIG_INET6_IPCOMP=m
# CONFIG_IPV6_TUNNEL is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
# CONFIG_IP_NF_TARGET_NOTRACK is not set
CONFIG_IP_NF_RAW=m

#
# IPv6: Netfilter Configuration
#
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_IP6_NF_RAW=m
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set

#
# SCTP Configuration (EXPERIMENTAL)
#
# CONFIG_IP_SCTP is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_NET_DIVERT is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_FASTROUTE is not set
# CONFIG_NET_HW_FLOWCONTROL is not set

#
# QoS and/or fair queueing
#
CONFIG_NET_SCHED=y
CONFIG_NET_SCH_CBQ=m
CONFIG_NET_SCH_HTB=m
# CONFIG_NET_SCH_HFSC is not set
CONFIG_NET_SCH_CSZ=m
CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_RED=m
CONFIG_NET_SCH_SFQ=m
CONFIG_NET_SCH_TEQL=m
CONFIG_NET_SCH_TBF=m
CONFIG_NET_SCH_GRED=m
CONFIG_NET_SCH_DSMARK=m
# CONFIG_NET_SCH_DELAY is not set
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_QOS=y
CONFIG_NET_ESTIMATOR=y
CONFIG_NET_CLS=y
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_ROUTE=y
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_NET_CLS_RSVP=m
CONFIG_NET_CLS_RSVP6=m
CONFIG_NET_CLS_POLICE=y

#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
CONFIG_NETPOLL=y
# CONFIG_NETPOLL_RX is not set
# CONFIG_NETPOLL_TRAP is not set
CONFIG_NET_POLL_CONTROLLER=y
# CONFIG_HAMRADIO is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
# CONFIG_BONDING is not set
# CONFIG_EQUALIZER is not set
# CONFIG_TUN is not set
# CONFIG_ETHERTAP is not set
# CONFIG_NET_SB1000 is not set

#
# ARCnet devices
#
# CONFIG_ARCNET is not set

#
# Ethernet (10 or 100Mbit)
#
CONFIG_NET_ETHERNET=y
CONFIG_MII=y
# CONFIG_HAPPYMEAL is not set
# CONFIG_SUNGEM is not set
# CONFIG_NET_VENDOR_3COM is not set
# CONFIG_LANCE is not set
# CONFIG_NET_VENDOR_SMC is not set
# CONFIG_NET_VENDOR_RACAL is not set

#
# Tulip family network device support
#
# CONFIG_NET_TULIP is not set
# CONFIG_AT1700 is not set
# CONFIG_DEPCA is not set
# CONFIG_HP100 is not set
# CONFIG_NET_ISA is not set
CONFIG_NET_PCI=y
# CONFIG_PCNET32 is not set
# CONFIG_AMD8111_ETH is not set
# CONFIG_ADAPTEC_STARFIRE is not set
# CONFIG_AC3200 is not set
# CONFIG_APRICOT is not set
# CONFIG_B44 is not set
# CONFIG_FORCEDETH is not set
# CONFIG_CS89x0 is not set
# CONFIG_DGRS is not set
# CONFIG_EEPRO100 is not set
CONFIG_E100=y
# CONFIG_E100_NAPI is not set
# CONFIG_FEALNX is not set
# CONFIG_NATSEMI is not set
# CONFIG_NE2K_PCI is not set
# CONFIG_8139CP is not set
# CONFIG_8139TOO is not set
# CONFIG_SIS900 is not set
# CONFIG_EPIC100 is not set
# CONFIG_SUNDANCE is not set
# CONFIG_TLAN is not set
# CONFIG_VIA_RHINE is not set
# CONFIG_NET_POCKET is not set

#
# Ethernet (1000 Mbit)
#
# CONFIG_ACENIC is not set
# CONFIG_DL2K is not set
# CONFIG_E1000 is not set
# CONFIG_NS83820 is not set
# CONFIG_HAMACHI is not set
# CONFIG_YELLOWFIN is not set
# CONFIG_R8169 is not set
# CONFIG_SK98LIN is not set
# CONFIG_TIGON3 is not set

#
# Ethernet (10000 Mbit)
#
# CONFIG_IXGB is not set
# CONFIG_S2IO is not set

#
# Token Ring devices
#
# CONFIG_TR is not set

#
# Wireless LAN (non-hamradio)
#
# CONFIG_NET_RADIO is not set

#
# Wan interfaces
#
# CONFIG_WAN is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_PLIP is not set
CONFIG_PPP=m
CONFIG_PPP_MULTILINK=y
# CONFIG_PPP_FILTER is not set
CONFIG_PPP_ASYNC=m
CONFIG_PPP_SYNC_TTY=m
CONFIG_PPP_DEFLATE=m
CONFIG_PPP_BSDCOMP=m
CONFIG_PPPOE=m
# CONFIG_SLIP is not set
# CONFIG_NET_FC is not set
# CONFIG_RCPCI is not set
# CONFIG_SHAPER is not set
CONFIG_NETCONSOLE=y

#
# ISDN subsystem
#
# CONFIG_ISDN is not set

#
# Telephony Support
#
# CONFIG_PHONE is not set

#
# Input device support
#
CONFIG_INPUT=y

#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
# CONFIG_INPUT_JOYDEV is not set
# CONFIG_INPUT_TSDEV is not set
# CONFIG_INPUT_EVDEV is not set
# CONFIG_INPUT_EVBUG is not set

#
# Input I/O drivers
#
# CONFIG_GAMEPORT is not set
CONFIG_SOUND_GAMEPORT=y
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
# CONFIG_SERIO_SERPORT is not set
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PARKBD is not set
# CONFIG_SERIO_PCIPS2 is not set

#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
# CONFIG_KEYBOARD_NEWTON is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=y
# CONFIG_MOUSE_SERIAL is not set
# CONFIG_MOUSE_INPORT is not set
# CONFIG_MOUSE_LOGIBM is not set
# CONFIG_MOUSE_PC110PAD is not set
# CONFIG_MOUSE_VSXXXAA is not set
# CONFIG_INPUT_JOYSTICK is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
CONFIG_INPUT_MISC=y
CONFIG_INPUT_PCSPKR=m
# CONFIG_INPUT_UINPUT is not set

#
# Character devices
#
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
# CONFIG_SERIAL_NONSTANDARD is not set

#
# Serial drivers
#
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_8250_ACPI=y
CONFIG_SERIAL_8250_NR_UARTS=4
CONFIG_SERIAL_8250_EXTENDED=y
# CONFIG_SERIAL_8250_MANY_PORTS is not set
CONFIG_SERIAL_8250_SHARE_IRQ=y
# CONFIG_SERIAL_8250_DETECT_IRQ is not set
# CONFIG_SERIAL_8250_MULTIPORT is not set
# CONFIG_SERIAL_8250_RSA is not set

#
# Non-8250 serial port support
#
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
CONFIG_UNIX98_PTYS=y
# CONFIG_LEGACY_PTYS is not set
CONFIG_PRINTER=m
# CONFIG_LP_CONSOLE is not set
# CONFIG_PPDEV is not set
# CONFIG_TIPAR is not set
# CONFIG_QIC02_TAPE is not set

#
# IPMI
#
# CONFIG_IPMI_HANDLER is not set

#
# Watchdog Cards
#
# CONFIG_WATCHDOG is not set
# CONFIG_HW_RANDOM is not set
# CONFIG_NVRAM is not set
CONFIG_RTC=m
CONFIG_GEN_RTC=m
CONFIG_GEN_RTC_X=y
# CONFIG_DTLK is not set
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_SONYPI is not set

#
# Ftape, the floppy tape device driver
#
# CONFIG_FTAPE is not set
CONFIG_AGP=m
# CONFIG_AGP_ALI is not set
# CONFIG_AGP_ATI is not set
# CONFIG_AGP_AMD is not set
# CONFIG_AGP_AMD64 is not set
# CONFIG_AGP_INTEL is not set
# CONFIG_AGP_INTEL_MCH is not set
# CONFIG_AGP_NVIDIA is not set
# CONFIG_AGP_SIS is not set
# CONFIG_AGP_SWORKS is not set
CONFIG_AGP_VIA=m
# CONFIG_AGP_EFFICEON is not set
# CONFIG_DRM is not set
# CONFIG_MWAVE is not set
# CONFIG_RAW_DRIVER is not set
# CONFIG_HANGCHECK_TIMER is not set

#
# I2C support
#
CONFIG_I2C=y
CONFIG_I2C_CHARDEV=m

#
# I2C Algorithms
#
CONFIG_I2C_ALGOBIT=y
# CONFIG_I2C_ALGOPCF is not set

#
# I2C Hardware Bus support
#
# CONFIG_I2C_ALI1535 is not set
# CONFIG_I2C_ALI1563 is not set
# CONFIG_I2C_ALI15X3 is not set
# CONFIG_I2C_AMD756 is not set
# CONFIG_I2C_AMD8111 is not set
# CONFIG_I2C_ELEKTOR is not set
# CONFIG_I2C_I801 is not set
# CONFIG_I2C_I810 is not set
CONFIG_I2C_ISA=m
# CONFIG_I2C_NFORCE2 is not set
# CONFIG_I2C_PARPORT is not set
# CONFIG_I2C_PARPORT_LIGHT is not set
# CONFIG_I2C_PIIX4 is not set
# CONFIG_I2C_PROSAVAGE is not set
# CONFIG_I2C_SAVAGE4 is not set
# CONFIG_SCx200_ACB is not set
# CONFIG_I2C_SIS5595 is not set
# CONFIG_I2C_SIS630 is not set
# CONFIG_I2C_SIS96X is not set
# CONFIG_I2C_VIA is not set
CONFIG_I2C_VIAPRO=m
# CONFIG_I2C_VOODOO3 is not set

#
# Hardware Sensors Chip support
#
CONFIG_I2C_SENSOR=m
# CONFIG_SENSORS_ADM1021 is not set
# CONFIG_SENSORS_ASB100 is not set
# CONFIG_SENSORS_DS1621 is not set
# CONFIG_SENSORS_FSCHER is not set
# CONFIG_SENSORS_GL518SM is not set
# CONFIG_SENSORS_IT87 is not set
# CONFIG_SENSORS_LM75 is not set
# CONFIG_SENSORS_LM78 is not set
# CONFIG_SENSORS_LM80 is not set
# CONFIG_SENSORS_LM83 is not set
# CONFIG_SENSORS_LM85 is not set
# CONFIG_SENSORS_LM90 is not set
# CONFIG_SENSORS_VIA686A is not set
CONFIG_SENSORS_W83781D=m
# CONFIG_SENSORS_W83L785TS is not set
CONFIG_SENSORS_W83627HF=m

#
# Other I2C Chip support
#
# CONFIG_SENSORS_EEPROM is not set
# CONFIG_SENSORS_PCF8574 is not set
# CONFIG_SENSORS_PCF8591 is not set
# CONFIG_I2C_DEBUG_CORE is not set
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_I2C_DEBUG_CHIP is not set

#
# Misc devices
#
# CONFIG_IBM_ASM is not set

#
# Multimedia devices
#
# CONFIG_VIDEO_DEV is not set

#
# Digital Video Broadcasting Devices
#
# CONFIG_DVB is not set

#
# Graphics support
#
CONFIG_FB=y
# CONFIG_FB_CIRRUS is not set
# CONFIG_FB_PM2 is not set
# CONFIG_FB_CYBER2000 is not set
# CONFIG_FB_IMSTT is not set
# CONFIG_FB_VGA16 is not set
# CONFIG_FB_VESA is not set
CONFIG_VIDEO_SELECT=y
# CONFIG_FB_HGA is not set
# CONFIG_FB_RIVA is not set
# CONFIG_FB_MATROX is not set
# CONFIG_FB_RADEON_OLD is not set
CONFIG_FB_RADEON=y
CONFIG_FB_RADEON_I2C=y
CONFIG_FB_RADEON_DEBUG=y
# CONFIG_FB_ATY128 is not set
# CONFIG_FB_ATY is not set
# CONFIG_FB_SIS is not set
# CONFIG_FB_NEOMAGIC is not set
# CONFIG_FB_KYRO is not set
# CONFIG_FB_3DFX is not set
# CONFIG_FB_VOODOO1 is not set
# CONFIG_FB_TRIDENT is not set
# CONFIG_FB_PM3 is not set
# CONFIG_FB_VIRTUAL is not set

#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
# CONFIG_MDA_CONSOLE is not set
CONFIG_DUMMY_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_PCI_CONSOLE=y
CONFIG_FONTS=y
CONFIG_FONT_8x8=y
CONFIG_FONT_8x16=y
CONFIG_FONT_6x11=y
CONFIG_FONT_PEARL_8x8=y
CONFIG_FONT_ACORN_8x8=y
CONFIG_FONT_MINI_4x6=y
CONFIG_FONT_SUN8x16=y
CONFIG_FONT_SUN12x22=y

#
# Logo configuration
#
CONFIG_LOGO=y
CONFIG_LOGO_LINUX_MONO=y
CONFIG_LOGO_LINUX_VGA16=y
CONFIG_LOGO_LINUX_CLUT224=y

#
# Sound
#
CONFIG_SOUND=m

#
# Advanced Linux Sound Architecture
#
CONFIG_SND=m
CONFIG_SND_TIMER=m
CONFIG_SND_PCM=m
CONFIG_SND_RAWMIDI=m
# CONFIG_SND_SEQUENCER is not set
CONFIG_SND_OSSEMUL=y
CONFIG_SND_MIXER_OSS=m
CONFIG_SND_PCM_OSS=m
CONFIG_SND_RTCTIMER=m
CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y
# CONFIG_SND_DEBUG_MEMORY is not set
CONFIG_SND_DEBUG_DETECT=y

#
# Generic devices
#
CONFIG_SND_MPU401_UART=m
# CONFIG_SND_DUMMY is not set
# CONFIG_SND_MTPAV is not set
# CONFIG_SND_SERIAL_U16550 is not set
# CONFIG_SND_MPU401 is not set

#
# ISA devices
#
# CONFIG_SND_AD1848 is not set
# CONFIG_SND_CS4231 is not set
# CONFIG_SND_CS4232 is not set
# CONFIG_SND_CS4236 is not set
# CONFIG_SND_ES1688 is not set
# CONFIG_SND_ES18XX is not set
# CONFIG_SND_GUSCLASSIC is not set
# CONFIG_SND_GUSEXTREME is not set
# CONFIG_SND_GUSMAX is not set
# CONFIG_SND_INTERWAVE is not set
# CONFIG_SND_INTERWAVE_STB is not set
# CONFIG_SND_OPTI92X_AD1848 is not set
# CONFIG_SND_OPTI92X_CS4231 is not set
# CONFIG_SND_OPTI93X is not set
# CONFIG_SND_SB8 is not set
# CONFIG_SND_SB16 is not set
# CONFIG_SND_SBAWE is not set
# CONFIG_SND_WAVEFRONT is not set
# CONFIG_SND_CMI8330 is not set
# CONFIG_SND_OPL3SA2 is not set
# CONFIG_SND_SGALAXY is not set
# CONFIG_SND_SSCAPE is not set

#
# PCI devices
#
CONFIG_SND_AC97_CODEC=m
# CONFIG_SND_ALI5451 is not set
# CONFIG_SND_ATIIXP is not set
# CONFIG_SND_AU8810 is not set
# CONFIG_SND_AU8820 is not set
# CONFIG_SND_AU8830 is not set
# CONFIG_SND_AZT3328 is not set
# CONFIG_SND_BT87X is not set
# CONFIG_SND_CS46XX is not set
# CONFIG_SND_CS4281 is not set
# CONFIG_SND_EMU10K1 is not set
# CONFIG_SND_KORG1212 is not set
# CONFIG_SND_MIXART is not set
# CONFIG_SND_NM256 is not set
# CONFIG_SND_RME32 is not set
# CONFIG_SND_RME96 is not set
# CONFIG_SND_RME9652 is not set
# CONFIG_SND_HDSP is not set
# CONFIG_SND_TRIDENT is not set
# CONFIG_SND_YMFPCI is not set
# CONFIG_SND_ALS4000 is not set
# CONFIG_SND_CMIPCI is not set
# CONFIG_SND_ENS1370 is not set
# CONFIG_SND_ENS1371 is not set
# CONFIG_SND_ES1938 is not set
# CONFIG_SND_ES1968 is not set
# CONFIG_SND_MAESTRO3 is not set
# CONFIG_SND_FM801 is not set
# CONFIG_SND_ICE1712 is not set
# CONFIG_SND_ICE1724 is not set
# CONFIG_SND_INTEL8X0 is not set
# CONFIG_SND_INTEL8X0M is not set
# CONFIG_SND_SONICVIBES is not set
CONFIG_SND_VIA82XX=m
# CONFIG_SND_VX222 is not set

#
# ALSA USB devices
#
# CONFIG_SND_USB_AUDIO is not set

#
# Open Sound System
#
# CONFIG_SOUND_PRIME is not set

#
# USB support
#
CONFIG_USB=m
CONFIG_USB_DEBUG=y

#
# Miscellaneous USB options
#
CONFIG_USB_DEVICEFS=y
# CONFIG_USB_BANDWIDTH is not set
# CONFIG_USB_DYNAMIC_MINORS is not set

#
# USB Host Controller Drivers
#
# CONFIG_USB_EHCI_HCD is not set
# CONFIG_USB_OHCI_HCD is not set
CONFIG_USB_UHCI_HCD=m

#
# USB Device Class drivers
#
# CONFIG_USB_AUDIO is not set
# CONFIG_USB_BLUETOOTH_TTY is not set
# CONFIG_USB_MIDI is not set
# CONFIG_USB_ACM is not set
CONFIG_USB_PRINTER=m
# CONFIG_USB_STORAGE is not set

#
# USB Human Interface Devices (HID)
#
CONFIG_USB_HID=m
CONFIG_USB_HIDINPUT=y
# CONFIG_HID_FF is not set
# CONFIG_USB_HIDDEV is not set

#
# USB HID Boot Protocol drivers
#
# CONFIG_USB_KBD is not set
# CONFIG_USB_MOUSE is not set
# CONFIG_USB_AIPTEK is not set
# CONFIG_USB_WACOM is not set
# CONFIG_USB_KBTAB is not set
# CONFIG_USB_POWERMATE is not set
# CONFIG_USB_MTOUCH is not set
# CONFIG_USB_XPAD is not set
# CONFIG_USB_ATI_REMOTE is not set

#
# USB Imaging devices
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
# CONFIG_USB_HPUSBSCSI is not set

#
# USB Multimedia devices
#
# CONFIG_USB_DABUSB is not set

#
# Video4Linux support is needed for USB Multimedia device support
#

#
# USB Network adaptors
#
# CONFIG_USB_CATC is not set
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
# CONFIG_USB_USBNET is not set

#
# USB port drivers
#
# CONFIG_USB_USS720 is not set

#
# USB Serial Converter support
#
# CONFIG_USB_SERIAL is not set

#
# USB Miscellaneous drivers
#
# CONFIG_USB_EMI62 is not set
# CONFIG_USB_EMI26 is not set
# CONFIG_USB_TIGL is not set
# CONFIG_USB_AUERSWALD is not set
# CONFIG_USB_RIO500 is not set
# CONFIG_USB_LEGOTOWER is not set
# CONFIG_USB_LCD is not set
# CONFIG_USB_LED is not set
# CONFIG_USB_CYTHERM is not set
# CONFIG_USB_TEST is not set

#
# USB Gadget Support
#
# CONFIG_USB_GADGET is not set

#
# File systems
#
CONFIG_EXT2_FS=y
# CONFIG_EXT2_FS_XATTR is not set
CONFIG_EXT3_FS=m
# CONFIG_EXT3_FS_XATTR is not set
CONFIG_JBD=m
# CONFIG_JBD_DEBUG is not set
CONFIG_REISERFS_FS=y
# CONFIG_REISERFS_CHECK is not set
CONFIG_REISERFS_PROC_INFO=y
# CONFIG_JFS_FS is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_RT is not set
# CONFIG_XFS_QUOTA is not set
# CONFIG_XFS_SECURITY is not set
# CONFIG_XFS_POSIX_ACL is not set
# CONFIG_MINIX_FS is not set
# CONFIG_ROMFS_FS is not set
# CONFIG_QUOTA is not set
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set

#
# CD-ROM/DVD Filesystems
#
CONFIG_ISO9660_FS=m
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_ZISOFS_FS=m
CONFIG_UDF_FS=m

#
# DOS/FAT/NT Filesystems
#
CONFIG_FAT_FS=m
CONFIG_MSDOS_FS=m
CONFIG_VFAT_FS=m
CONFIG_NTFS_FS=m
CONFIG_NTFS_DEBUG=y
# CONFIG_NTFS_RW is not set

#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_SYSFS=y
# CONFIG_DEVFS_FS is not set
# CONFIG_DEVPTS_FS_XATTR is not set
CONFIG_TMPFS=y
# CONFIG_HUGETLBFS is not set
# CONFIG_HUGETLB_PAGE is not set
CONFIG_RAMFS=y

#
# Miscellaneous filesystems
#
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_HFS_FS is not set
# CONFIG_HFSPLUS_FS is not set
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
# CONFIG_CRAMFS is not set
# CONFIG_VXFS_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set

#
# Network File Systems
#
CONFIG_NFS_FS=m
CONFIG_NFS_V3=y
CONFIG_NFS_V4=y
# CONFIG_NFS_DIRECTIO is not set
CONFIG_NFSD=m
CONFIG_NFSD_V3=y
CONFIG_NFSD_V4=y
CONFIG_NFSD_TCP=y
CONFIG_LOCKD=m
CONFIG_LOCKD_V4=y
CONFIG_EXPORTFS=m
CONFIG_SUNRPC=m
CONFIG_SUNRPC_GSS=m
CONFIG_RPCSEC_GSS_KRB5=m
CONFIG_SMB_FS=m
# CONFIG_SMB_NLS_DEFAULT is not set
CONFIG_CIFS=m
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_INTERMEZZO_FS is not set
# CONFIG_AFS_FS is not set

#
# Partition Types
#
# CONFIG_PARTITION_ADVANCED is not set
CONFIG_MSDOS_PARTITION=y

#
# Native Language Support
#
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-15"
CONFIG_NLS_CODEPAGE_437=m
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
CONFIG_NLS_CODEPAGE_850=m
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
CONFIG_NLS_ISO8859_1=m
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
CONFIG_NLS_ISO8859_15=m
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
CONFIG_NLS_UTF8=m

#
# Profiling support
#
# CONFIG_PROFILING is not set

#
# Kernel hacking
#
CONFIG_DEBUG_KERNEL=y
CONFIG_EARLY_PRINTK=y
CONFIG_DEBUG_STACKOVERFLOW=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_SLAB is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_SPINLOCK=y
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_INFO is not set
CONFIG_DEBUG_SPINLOCK_SLEEP=y
CONFIG_FRAME_POINTER=y
CONFIG_4KSTACKS=y
CONFIG_X86_FIND_SMP_CONFIG=y
CONFIG_X86_MPPARSE=y

#
# Security options
#
# CONFIG_SECURITY is not set

#
# Cryptographic options
#
CONFIG_CRYPTO=y
# CONFIG_CRYPTO_HMAC is not set
# CONFIG_CRYPTO_NULL is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=m
# CONFIG_CRYPTO_SHA1 is not set
# CONFIG_CRYPTO_SHA256 is not set
# CONFIG_CRYPTO_SHA512 is not set
CONFIG_CRYPTO_DES=m
# CONFIG_CRYPTO_BLOWFISH is not set
# CONFIG_CRYPTO_TWOFISH is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_AES is not set
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_ARC4 is not set
CONFIG_CRYPTO_DEFLATE=m
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_CRC32C is not set
# CONFIG_CRYPTO_TEST is not set

#
# Library routines
#
# CONFIG_CRC32 is not set
# CONFIG_LIBCRC32C is not set
CONFIG_ZLIB_INFLATE=m
CONFIG_ZLIB_DEFLATE=m
CONFIG_X86_BIOS_REBOOT=y
CONFIG_X86_STD_RESOURCES=y
CONFIG_PC=y

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Kronos]

Kronos <kronos@kronoz.cjb.net> ha scritto:
> do_IRQ: stack overflow: 460
> Call Trace:
> [<c01086be>] do_IRQ+0x3fe/0x410
> [<c011c902>] __wake_up_locked+0x22/0x30
> [<c010633c>] common_interrupt+0x18/0x20
> [<c02e1baa>] radeon_write_pll_regs+0xbaa/0x1e10
> [<c011c902>] __wake_up_locked+0x22/0x30
> [<c02e3c5c>] radeon_calc_pll_regs+0xfc/0x120
> [<c02e333c>] radeon_write_mode+0x35c/0xb80
> [<c02e4509>] radeonfb_set_par+0x889/0xb50

I think that the problem is here:

int radeonfb_set_par(struct fb_info *info)
{
        struct radeonfb_info *rinfo = info->par;
        struct fb_var_screeninfo *mode = &info->var;
        struct radeon_regs newmode;
        
struct radeon_regs is huge: 2356 bytes
Quick fix (I'll test ASAP):

--- linux-2.6/drivers/video/aty/radeon_base.c~	2004-05-13 16:51:08.000000000 +0200
+++ linux-2.6/drivers/video/aty/radeon_base.c	2004-05-13 16:55:09.000000000 +0200
@@ -1397,7 +1397,7 @@
 {
 	struct radeonfb_info *rinfo = info->par;
 	struct fb_var_screeninfo *mode = &info->var;
-	struct radeon_regs newmode;
+	struct radeon_regs *newmode;
 	int hTotal, vTotal, hSyncStart, hSyncEnd,
 	    hSyncPol, vSyncStart, vSyncEnd, vSyncPol, cSync;
 	u8 hsync_adj_tab[] = {0, 0x12, 9, 9, 6, 5};
@@ -1410,6 +1410,10 @@
 	int primary_mon = PRIMARY_MONITOR(rinfo);
 	int depth = var_to_depth(mode);
 
+	newmode = kmalloc(sizeof(*newmode), GFP_KERNEL);
+	if (!newmode)
+		return -ENOMEM;
+
 	/* We always want engine to be idle on a mode switch, even
 	 * if we won't actually change the mode
 	 */
@@ -1449,9 +1453,9 @@
 
 		if (rinfo->panel_info.use_bios_dividers) {
 			nopllcalc = 1;
-			newmode.ppll_div_3 = rinfo->panel_info.fbk_divider |
+			newmode->ppll_div_3 = rinfo->panel_info.fbk_divider |
 				(rinfo->panel_info.post_divider << 16);
-			newmode.ppll_ref_div = rinfo->panel_info.ref_divider;
+			newmode->ppll_ref_div = rinfo->panel_info.ref_divider;
 		}
 	}
 	dotClock = 1000000000 / pixClock;
@@ -1489,38 +1493,38 @@
 
 	hsync_start = hSyncStart - 8 + hsync_fudge;
 
-	newmode.crtc_gen_cntl = CRTC_EXT_DISP_EN | CRTC_EN |
+	newmode->crtc_gen_cntl = CRTC_EXT_DISP_EN | CRTC_EN |
 				(format << 8);
 
 	/* Clear auto-center etc... */
-	newmode.crtc_more_cntl = rinfo->init_state.crtc_more_cntl;
-	newmode.crtc_more_cntl &= 0xfffffff0;
+	newmode->crtc_more_cntl = rinfo->init_state.crtc_more_cntl;
+	newmode->crtc_more_cntl &= 0xfffffff0;
 	
 	if ((primary_mon == MT_DFP) || (primary_mon == MT_LCD)) {
-		newmode.crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN;
+		newmode->crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN;
 		if (mirror)
-			newmode.crtc_ext_cntl |= CRTC_CRT_ON;
+			newmode->crtc_ext_cntl |= CRTC_CRT_ON;
 
-		newmode.crtc_gen_cntl &= ~(CRTC_DBL_SCAN_EN |
+		newmode->crtc_gen_cntl &= ~(CRTC_DBL_SCAN_EN |
 					   CRTC_INTERLACE_EN);
 	} else {
-		newmode.crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN |
+		newmode->crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN |
 					CRTC_CRT_ON;
 	}
 
-	newmode.dac_cntl = /* INREG(DAC_CNTL) | */ DAC_MASK_ALL | DAC_VGA_ADR_EN |
+	newmode->dac_cntl = /* INREG(DAC_CNTL) | */ DAC_MASK_ALL | DAC_VGA_ADR_EN |
 			   DAC_8BIT_EN;
 
-	newmode.crtc_h_total_disp = ((((hTotal / 8) - 1) & 0x3ff) |
+	newmode->crtc_h_total_disp = ((((hTotal / 8) - 1) & 0x3ff) |
 				     (((mode->xres / 8) - 1) << 16));
 
-	newmode.crtc_h_sync_strt_wid = ((hsync_start & 0x1fff) |
+	newmode->crtc_h_sync_strt_wid = ((hsync_start & 0x1fff) |
 					(hsync_wid << 16) | (h_sync_pol << 23));
 
-	newmode.crtc_v_total_disp = ((vTotal - 1) & 0xffff) |
+	newmode->crtc_v_total_disp = ((vTotal - 1) & 0xffff) |
 				    ((mode->yres - 1) << 16);
 
-	newmode.crtc_v_sync_strt_wid = (((vSyncStart - 1) & 0xfff) |
+	newmode->crtc_v_sync_strt_wid = (((vSyncStart - 1) & 0xfff) |
 					 (vsync_wid << 16) | (v_sync_pol  << 23));
 
 	if (!radeon_accel_disabled()) {
@@ -1529,18 +1533,18 @@
  				& ~(0x3f)) >> 6;
 
 		/* Then, re-multiply it to get the CRTC pitch */
-		newmode.crtc_pitch = (rinfo->pitch << 3) / ((mode->bits_per_pixel + 1) / 8);
+		newmode->crtc_pitch = (rinfo->pitch << 3) / ((mode->bits_per_pixel + 1) / 8);
 	} else
-		newmode.crtc_pitch = (mode->xres_virtual >> 3);
+		newmode->crtc_pitch = (mode->xres_virtual >> 3);
 
-	newmode.crtc_pitch |= (newmode.crtc_pitch << 16);
+	newmode->crtc_pitch |= (newmode->crtc_pitch << 16);
 
 	/*
 	 * It looks like recent chips have a problem with SURFACE_CNTL,
 	 * setting SURF_TRANSLATION_DIS completely disables the
 	 * swapper as well, so we leave it unset now.
 	 */
-	newmode.surface_cntl = 0;
+	newmode->surface_cntl = 0;
 
 #if defined(__BIG_ENDIAN)
 
@@ -1550,28 +1554,28 @@
 	 */
 	switch (mode->bits_per_pixel) {
 		case 16:
-			newmode.surface_cntl |= NONSURF_AP0_SWP_16BPP;
-			newmode.surface_cntl |= NONSURF_AP1_SWP_16BPP;
+			newmode->surface_cntl |= NONSURF_AP0_SWP_16BPP;
+			newmode->surface_cntl |= NONSURF_AP1_SWP_16BPP;
 			break;
 		case 24:	
 		case 32:
-			newmode.surface_cntl |= NONSURF_AP0_SWP_32BPP;
-			newmode.surface_cntl |= NONSURF_AP1_SWP_32BPP;
+			newmode->surface_cntl |= NONSURF_AP0_SWP_32BPP;
+			newmode->surface_cntl |= NONSURF_AP1_SWP_32BPP;
 			break;
 	}
 #endif
 
 	/* Clear surface registers */
 	for (i=0; i<8; i++) {
-		newmode.surf_lower_bound[i] = 0;
-		newmode.surf_upper_bound[i] = 0x1f;
-		newmode.surf_info[i] = 0;
+		newmode->surf_lower_bound[i] = 0;
+		newmode->surf_upper_bound[i] = 0x1f;
+		newmode->surf_info[i] = 0;
 	}
 
 	RTRACE("h_total_disp = 0x%x\t   hsync_strt_wid = 0x%x\n",
-		newmode.crtc_h_total_disp, newmode.crtc_h_sync_strt_wid);
+		newmode->crtc_h_total_disp, newmode->crtc_h_sync_strt_wid);
 	RTRACE("v_total_disp = 0x%x\t   vsync_strt_wid = 0x%x\n",
-		newmode.crtc_v_total_disp, newmode.crtc_v_sync_strt_wid);
+		newmode->crtc_v_total_disp, newmode->crtc_v_sync_strt_wid);
 
 	rinfo->bpp = mode->bits_per_pixel;
 	rinfo->depth = depth;
@@ -1580,9 +1584,9 @@
 	RTRACE("freq = %lu\n", (unsigned long)freq);
 
 	if (!nopllcalc)
-		radeon_calc_pll_regs(rinfo, &newmode, freq);
+		radeon_calc_pll_regs(rinfo, newmode, freq);
 
-	newmode.vclk_ecp_cntl = rinfo->init_state.vclk_ecp_cntl;
+	newmode->vclk_ecp_cntl = rinfo->init_state.vclk_ecp_cntl;
 
 	if ((primary_mon == MT_DFP) || (primary_mon == MT_LCD)) {
 		unsigned int hRatio, vRatio;
@@ -1592,35 +1596,35 @@
 		if (mode->yres > rinfo->panel_info.yres)
 			mode->yres = rinfo->panel_info.yres;
 
-		newmode.fp_horz_stretch = (((rinfo->panel_info.xres / 8) - 1)
+		newmode->fp_horz_stretch = (((rinfo->panel_info.xres / 8) - 1)
 					   << HORZ_PANEL_SHIFT);
-		newmode.fp_vert_stretch = ((rinfo->panel_info.yres - 1)
+		newmode->fp_vert_stretch = ((rinfo->panel_info.yres - 1)
 					   << VERT_PANEL_SHIFT);
 
 		if (mode->xres != rinfo->panel_info.xres) {
 			hRatio = round_div(mode->xres * HORZ_STRETCH_RATIO_MAX,
 					   rinfo->panel_info.xres);
-			newmode.fp_horz_stretch = (((((unsigned long)hRatio) & HORZ_STRETCH_RATIO_MASK)) |
-						   (newmode.fp_horz_stretch &
+			newmode->fp_horz_stretch = (((((unsigned long)hRatio) & HORZ_STRETCH_RATIO_MASK)) |
+						   (newmode->fp_horz_stretch &
 						    (HORZ_PANEL_SIZE | HORZ_FP_LOOP_STRETCH |
 						     HORZ_AUTO_RATIO_INC)));
-			newmode.fp_horz_stretch |= (HORZ_STRETCH_BLEND |
+			newmode->fp_horz_stretch |= (HORZ_STRETCH_BLEND |
 						    HORZ_STRETCH_ENABLE);
 		}
-		newmode.fp_horz_stretch &= ~HORZ_AUTO_RATIO;
+		newmode->fp_horz_stretch &= ~HORZ_AUTO_RATIO;
 
 		if (mode->yres != rinfo->panel_info.yres) {
 			vRatio = round_div(mode->yres * VERT_STRETCH_RATIO_MAX,
 					   rinfo->panel_info.yres);
-			newmode.fp_vert_stretch = (((((unsigned long)vRatio) & VERT_STRETCH_RATIO_MASK)) |
-						   (newmode.fp_vert_stretch &
+			newmode->fp_vert_stretch = (((((unsigned long)vRatio) & VERT_STRETCH_RATIO_MASK)) |
+						   (newmode->fp_vert_stretch &
 						   (VERT_PANEL_SIZE | VERT_STRETCH_RESERVED)));
-			newmode.fp_vert_stretch |= (VERT_STRETCH_BLEND |
+			newmode->fp_vert_stretch |= (VERT_STRETCH_BLEND |
 						    VERT_STRETCH_ENABLE);
 		}
-		newmode.fp_vert_stretch &= ~VERT_AUTO_RATIO_EN;
+		newmode->fp_vert_stretch &= ~VERT_AUTO_RATIO_EN;
 
-		newmode.fp_gen_cntl = (rinfo->init_state.fp_gen_cntl & (u32)
+		newmode->fp_gen_cntl = (rinfo->init_state.fp_gen_cntl & (u32)
 				       ~(FP_SEL_CRTC2 |
 					 FP_RMX_HVSYNC_CONTROL_EN |
 					 FP_DFP_SYNC_SEL |
@@ -1630,46 +1634,46 @@
 					 FP_CRTC_USE_SHADOW_VEND |
 					 FP_CRT_SYNC_ALT));
 
-		newmode.fp_gen_cntl |= (FP_CRTC_DONT_SHADOW_VPAR |
+		newmode->fp_gen_cntl |= (FP_CRTC_DONT_SHADOW_VPAR |
 					FP_CRTC_DONT_SHADOW_HEND);
 
-		newmode.lvds_gen_cntl = rinfo->init_state.lvds_gen_cntl;
-		newmode.lvds_pll_cntl = rinfo->init_state.lvds_pll_cntl;
-		newmode.tmds_crc = rinfo->init_state.tmds_crc;
-		newmode.tmds_transmitter_cntl = rinfo->init_state.tmds_transmitter_cntl;
+		newmode->lvds_gen_cntl = rinfo->init_state.lvds_gen_cntl;
+		newmode->lvds_pll_cntl = rinfo->init_state.lvds_pll_cntl;
+		newmode->tmds_crc = rinfo->init_state.tmds_crc;
+		newmode->tmds_transmitter_cntl = rinfo->init_state.tmds_transmitter_cntl;
 
 		if (primary_mon == MT_LCD) {
-			newmode.lvds_gen_cntl |= (LVDS_ON | LVDS_BLON);
-			newmode.fp_gen_cntl &= ~(FP_FPON | FP_TMDS_EN);
+			newmode->lvds_gen_cntl |= (LVDS_ON | LVDS_BLON);
+			newmode->fp_gen_cntl &= ~(FP_FPON | FP_TMDS_EN);
 		} else {
 			/* DFP */
-			newmode.fp_gen_cntl |= (FP_FPON | FP_TMDS_EN);
-			newmode.tmds_transmitter_cntl = (TMDS_RAN_PAT_RST | TMDS_ICHCSEL) &
+			newmode->fp_gen_cntl |= (FP_FPON | FP_TMDS_EN);
+			newmode->tmds_transmitter_cntl = (TMDS_RAN_PAT_RST | TMDS_ICHCSEL) &
 							 ~(TMDS_PLLRST);
 			/* TMDS_PLL_EN bit is reversed on RV (and mobility) chips */
 			if ((rinfo->family == CHIP_FAMILY_R300) ||
 			    (rinfo->family == CHIP_FAMILY_R350) ||
 			    (rinfo->family == CHIP_FAMILY_RV350) ||
 			    (rinfo->family == CHIP_FAMILY_R200) || !rinfo->has_CRTC2)
-				newmode.tmds_transmitter_cntl &= ~TMDS_PLL_EN;
+				newmode->tmds_transmitter_cntl &= ~TMDS_PLL_EN;
 			else
-				newmode.tmds_transmitter_cntl |= TMDS_PLL_EN;
-			newmode.crtc_ext_cntl &= ~CRTC_CRT_ON;
+				newmode->tmds_transmitter_cntl |= TMDS_PLL_EN;
+			newmode->crtc_ext_cntl &= ~CRTC_CRT_ON;
 		}
 
-		newmode.fp_crtc_h_total_disp = (((rinfo->panel_info.hblank / 8) & 0x3ff) |
+		newmode->fp_crtc_h_total_disp = (((rinfo->panel_info.hblank / 8) & 0x3ff) |
 				(((mode->xres / 8) - 1) << 16));
-		newmode.fp_crtc_v_total_disp = (rinfo->panel_info.vblank & 0xffff) |
+		newmode->fp_crtc_v_total_disp = (rinfo->panel_info.vblank & 0xffff) |
 				((mode->yres - 1) << 16);
-		newmode.fp_h_sync_strt_wid = ((rinfo->panel_info.hOver_plus & 0x1fff) |
+		newmode->fp_h_sync_strt_wid = ((rinfo->panel_info.hOver_plus & 0x1fff) |
 				(hsync_wid << 16) | (h_sync_pol << 23));
-		newmode.fp_v_sync_strt_wid = ((rinfo->panel_info.vOver_plus & 0xfff) |
+		newmode->fp_v_sync_strt_wid = ((rinfo->panel_info.vOver_plus & 0xfff) |
 				(vsync_wid << 16) | (v_sync_pol  << 23));
 	}
 
 	/* do it! */
 	if (!rinfo->asleep) {
-		radeon_write_mode (rinfo, &newmode);
+		radeon_write_mode (rinfo, newmode);
 		/* (re)initialize the engine */
 		if (!radeon_accel_disabled())
 			radeonfb_engine_init (rinfo);
@@ -1689,6 +1693,7 @@
 	btext_update_display(rinfo->fb_base_phys, mode->xres, mode->yres,
 			     rinfo->depth, info->fix.line_length);
 #endif
+	kfree(newmode);
 
 	return 0;
 }


Luca
-- 
Home: http://kronoz.cjb.net
Runtime error 6D at f000:a12f : user incompetente

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Thu, 13 May 2004 16:56:40 +0200, Kronos wrote:
> Kronos <kronos@kronoz.cjb.net> ha scritto:
> > do_IRQ: stack overflow: 460
> > Call Trace:
> > [<c01086be>] do_IRQ+0x3fe/0x410
> > [<c011c902>] __wake_up_locked+0x22/0x30
> > [<c010633c>] common_interrupt+0x18/0x20
> > [<c02e1baa>] radeon_write_pll_regs+0xbaa/0x1e10
> > [<c011c902>] __wake_up_locked+0x22/0x30
> > [<c02e3c5c>] radeon_calc_pll_regs+0xfc/0x120
> > [<c02e333c>] radeon_write_mode+0x35c/0xb80
> > [<c02e4509>] radeonfb_set_par+0x889/0xb50
> 
> I think that the problem is here:
> 
> int radeonfb_set_par(struct fb_info *info)
> {
>         struct radeonfb_info *rinfo = info->par;
>         struct fb_var_screeninfo *mode = &info->var;
>         struct radeon_regs newmode;
>         
> struct radeon_regs is huge: 2356 bytes
> Quick fix (I'll test ASAP):

Even quicker fix:

--- linux-2.6/drivers/video/aty/radeon_base.c~	2004-05-13 16:51:08.000000000 +0200
+++ linux-2.6/drivers/video/aty/radeon_base.c	2004-05-13 16:55:09.000000000 +0200
@@ -1397,7 +1397,7 @@
 {
 	struct radeonfb_info *rinfo = info->par;
 	struct fb_var_screeninfo *mode = &info->var;
-	struct radeon_regs newmode;
+	static struct radeon_regs newmode;
 	int hTotal, vTotal, hSyncStart, hSyncEnd,
 	    hSyncPol, vSyncStart, vSyncEnd, vSyncPol, cSync;
 	u8 hsync_adj_tab[] = {0, 0x12, 9, 9, 6, 5};

I'm not sure what the point behind the radeon_write_mode() is at all.
The best solution could be to just merge radeon_write_mode() and
radeonfb_set_par() into a single function and do the tons of OUTREG()
directly.  In that case, don't bother to fix any typos.

Ben?  Wrong analysis?

Jörn

-- 
Don't patch bad code, rewrite it.
-- Kernigham and Pike, according to Rusty

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 696 bytes --]

On Thu, 13 May 2004 17:15:49 +0200, =?iso-8859-1?Q?J=F6rn?= Engel said:

> Even quicker fix:
> 
> --- linux-2.6/drivers/video/aty/radeon_base.c~	2004-05-13 16:51:08.000
000000 +0200
> +++ linux-2.6/drivers/video/aty/radeon_base.c	2004-05-13 16:55:09.000000000 +
0200
> @@ -1397,7 +1397,7 @@
>  {
>  	struct radeonfb_info *rinfo = info->par;
>  	struct fb_var_screeninfo *mode = &info->var;
> -	struct radeon_regs newmode;
> +	static struct radeon_regs newmode;
>  	int hTotal, vTotal, hSyncStart, hSyncEnd,
>  	    hSyncPol, vSyncStart, vSyncEnd, vSyncPol, cSync;
>  	u8 hsync_adj_tab[] = {0, 0x12, 9, 9, 6, 5};

Is that racy if you have more than one graphics card installed?

[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Thu, 13 May 2004 11:36:36 -0400, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 13 May 2004 17:15:49 +0200, =?iso-8859-1?Q?J=F6rn?= Engel said:
> 
> > Even quicker fix:
> > 
> > --- linux-2.6/drivers/video/aty/radeon_base.c~	2004-05-13 16:51:08.000
> 000000 +0200
> > +++ linux-2.6/drivers/video/aty/radeon_base.c	2004-05-13 16:55:09.000000000 +
> 0200
> > @@ -1397,7 +1397,7 @@
> >  {
> >  	struct radeonfb_info *rinfo = info->par;
> >  	struct fb_var_screeninfo *mode = &info->var;
> > -	struct radeon_regs newmode;
> > +	static struct radeon_regs newmode;
> >  	int hTotal, vTotal, hSyncStart, hSyncEnd,
> >  	    hSyncPol, vSyncStart, vSyncEnd, vSyncPol, cSync;
> >  	u8 hsync_adj_tab[] = {0, 0x12, 9, 9, 6, 5};
> 
> Is that racy if you have more than one graphics card installed?

Could be.  It's a quick hack, just like the kmalloc() variant.  For
the solution, see my previous mail.

Jörn

-- 
I can say that I spend most of my time fixing bugs even if I have lots
of new features to implement in mind, but I give bugs more priority.
-- Andrea Arcangeli, 2000

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Benjamin Herrenschmidt]

> 
> int radeonfb_set_par(struct fb_info *info)
> {
>         struct radeonfb_info *rinfo = info->par;
>         struct fb_var_screeninfo *mode = &info->var;
>         struct radeon_regs newmode;
>         
> struct radeon_regs is huge: 2356 bytes
> Quick fix (I'll test ASAP):

Wow, this is evil indeed, I didn't expect that struct to be that big,
but well... I did add a bunch of stuff to it lately.

Your fix looks good, I'll give it a try later today.


> --- linux-2.6/drivers/video/aty/radeon_base.c~	2004-05-13 16:51:08.000000000 +0200
> +++ linux-2.6/drivers/video/aty/radeon_base.c	2004-05-13 16:55:09.000000000 +0200
> @@ -1397,7 +1397,7 @@
>  {
>  	struct radeonfb_info *rinfo = info->par;
>  	struct fb_var_screeninfo *mode = &info->var;
> -	struct radeon_regs newmode;
> +	struct radeon_regs *newmode;
>  	int hTotal, vTotal, hSyncStart, hSyncEnd,
>  	    hSyncPol, vSyncStart, vSyncEnd, vSyncPol, cSync;
>  	u8 hsync_adj_tab[] = {0, 0x12, 9, 9, 6, 5};
> @@ -1410,6 +1410,10 @@
>  	int primary_mon = PRIMARY_MONITOR(rinfo);
>  	int depth = var_to_depth(mode);
>  
> +	newmode = kmalloc(sizeof(*newmode), GFP_KERNEL);
> +	if (!newmode)
> +		return -ENOMEM;
> +
>  	/* We always want engine to be idle on a mode switch, even
>  	 * if we won't actually change the mode
>  	 */
> @@ -1449,9 +1453,9 @@
>  
>  		if (rinfo->panel_info.use_bios_dividers) {
>  			nopllcalc = 1;
> -			newmode.ppll_div_3 = rinfo->panel_info.fbk_divider |
> +			newmode->ppll_div_3 = rinfo->panel_info.fbk_divider |
>  				(rinfo->panel_info.post_divider << 16);
> -			newmode.ppll_ref_div = rinfo->panel_info.ref_divider;
> +			newmode->ppll_ref_div = rinfo->panel_info.ref_divider;
>  		}
>  	}
>  	dotClock = 1000000000 / pixClock;
> @@ -1489,38 +1493,38 @@
>  
>  	hsync_start = hSyncStart - 8 + hsync_fudge;
>  
> -	newmode.crtc_gen_cntl = CRTC_EXT_DISP_EN | CRTC_EN |
> +	newmode->crtc_gen_cntl = CRTC_EXT_DISP_EN | CRTC_EN |
>  				(format << 8);
>  
>  	/* Clear auto-center etc... */
> -	newmode.crtc_more_cntl = rinfo->init_state.crtc_more_cntl;
> -	newmode.crtc_more_cntl &= 0xfffffff0;
> +	newmode->crtc_more_cntl = rinfo->init_state.crtc_more_cntl;
> +	newmode->crtc_more_cntl &= 0xfffffff0;
>  	
>  	if ((primary_mon == MT_DFP) || (primary_mon == MT_LCD)) {
> -		newmode.crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN;
> +		newmode->crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN;
>  		if (mirror)
> -			newmode.crtc_ext_cntl |= CRTC_CRT_ON;
> +			newmode->crtc_ext_cntl |= CRTC_CRT_ON;
>  
> -		newmode.crtc_gen_cntl &= ~(CRTC_DBL_SCAN_EN |
> +		newmode->crtc_gen_cntl &= ~(CRTC_DBL_SCAN_EN |
>  					   CRTC_INTERLACE_EN);
>  	} else {
> -		newmode.crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN |
> +		newmode->crtc_ext_cntl = VGA_ATI_LINEAR | XCRT_CNT_EN |
>  					CRTC_CRT_ON;
>  	}
>  
> -	newmode.dac_cntl = /* INREG(DAC_CNTL) | */ DAC_MASK_ALL | DAC_VGA_ADR_EN |
> +	newmode->dac_cntl = /* INREG(DAC_CNTL) | */ DAC_MASK_ALL | DAC_VGA_ADR_EN |
>  			   DAC_8BIT_EN;
>  
> -	newmode.crtc_h_total_disp = ((((hTotal / 8) - 1) & 0x3ff) |
> +	newmode->crtc_h_total_disp = ((((hTotal / 8) - 1) & 0x3ff) |
>  				     (((mode->xres / 8) - 1) << 16));
>  
> -	newmode.crtc_h_sync_strt_wid = ((hsync_start & 0x1fff) |
> +	newmode->crtc_h_sync_strt_wid = ((hsync_start & 0x1fff) |
>  					(hsync_wid << 16) | (h_sync_pol << 23));
>  
> -	newmode.crtc_v_total_disp = ((vTotal - 1) & 0xffff) |
> +	newmode->crtc_v_total_disp = ((vTotal - 1) & 0xffff) |
>  				    ((mode->yres - 1) << 16);
>  
> -	newmode.crtc_v_sync_strt_wid = (((vSyncStart - 1) & 0xfff) |
> +	newmode->crtc_v_sync_strt_wid = (((vSyncStart - 1) & 0xfff) |
>  					 (vsync_wid << 16) | (v_sync_pol  << 23));
>  
>  	if (!radeon_accel_disabled()) {
> @@ -1529,18 +1533,18 @@
>   				& ~(0x3f)) >> 6;
>  
>  		/* Then, re-multiply it to get the CRTC pitch */
> -		newmode.crtc_pitch = (rinfo->pitch << 3) / ((mode->bits_per_pixel + 1) / 8);
> +		newmode->crtc_pitch = (rinfo->pitch << 3) / ((mode->bits_per_pixel + 1) / 8);
>  	} else
> -		newmode.crtc_pitch = (mode->xres_virtual >> 3);
> +		newmode->crtc_pitch = (mode->xres_virtual >> 3);
>  
> -	newmode.crtc_pitch |= (newmode.crtc_pitch << 16);
> +	newmode->crtc_pitch |= (newmode->crtc_pitch << 16);
>  
>  	/*
>  	 * It looks like recent chips have a problem with SURFACE_CNTL,
>  	 * setting SURF_TRANSLATION_DIS completely disables the
>  	 * swapper as well, so we leave it unset now.
>  	 */
> -	newmode.surface_cntl = 0;
> +	newmode->surface_cntl = 0;
>  
>  #if defined(__BIG_ENDIAN)
>  
> @@ -1550,28 +1554,28 @@
>  	 */
>  	switch (mode->bits_per_pixel) {
>  		case 16:
> -			newmode.surface_cntl |= NONSURF_AP0_SWP_16BPP;
> -			newmode.surface_cntl |= NONSURF_AP1_SWP_16BPP;
> +			newmode->surface_cntl |= NONSURF_AP0_SWP_16BPP;
> +			newmode->surface_cntl |= NONSURF_AP1_SWP_16BPP;
>  			break;
>  		case 24:	
>  		case 32:
> -			newmode.surface_cntl |= NONSURF_AP0_SWP_32BPP;
> -			newmode.surface_cntl |= NONSURF_AP1_SWP_32BPP;
> +			newmode->surface_cntl |= NONSURF_AP0_SWP_32BPP;
> +			newmode->surface_cntl |= NONSURF_AP1_SWP_32BPP;
>  			break;
>  	}
>  #endif
>  
>  	/* Clear surface registers */
>  	for (i=0; i<8; i++) {
> -		newmode.surf_lower_bound[i] = 0;
> -		newmode.surf_upper_bound[i] = 0x1f;
> -		newmode.surf_info[i] = 0;
> +		newmode->surf_lower_bound[i] = 0;
> +		newmode->surf_upper_bound[i] = 0x1f;
> +		newmode->surf_info[i] = 0;
>  	}
>  
>  	RTRACE("h_total_disp = 0x%x\t   hsync_strt_wid = 0x%x\n",
> -		newmode.crtc_h_total_disp, newmode.crtc_h_sync_strt_wid);
> +		newmode->crtc_h_total_disp, newmode->crtc_h_sync_strt_wid);
>  	RTRACE("v_total_disp = 0x%x\t   vsync_strt_wid = 0x%x\n",
> -		newmode.crtc_v_total_disp, newmode.crtc_v_sync_strt_wid);
> +		newmode->crtc_v_total_disp, newmode->crtc_v_sync_strt_wid);
>  
>  	rinfo->bpp = mode->bits_per_pixel;
>  	rinfo->depth = depth;
> @@ -1580,9 +1584,9 @@
>  	RTRACE("freq = %lu\n", (unsigned long)freq);
>  
>  	if (!nopllcalc)
> -		radeon_calc_pll_regs(rinfo, &newmode, freq);
> +		radeon_calc_pll_regs(rinfo, newmode, freq);
>  
> -	newmode.vclk_ecp_cntl = rinfo->init_state.vclk_ecp_cntl;
> +	newmode->vclk_ecp_cntl = rinfo->init_state.vclk_ecp_cntl;
>  
>  	if ((primary_mon == MT_DFP) || (primary_mon == MT_LCD)) {
>  		unsigned int hRatio, vRatio;
> @@ -1592,35 +1596,35 @@
>  		if (mode->yres > rinfo->panel_info.yres)
>  			mode->yres = rinfo->panel_info.yres;
>  
> -		newmode.fp_horz_stretch = (((rinfo->panel_info.xres / 8) - 1)
> +		newmode->fp_horz_stretch = (((rinfo->panel_info.xres / 8) - 1)
>  					   << HORZ_PANEL_SHIFT);
> -		newmode.fp_vert_stretch = ((rinfo->panel_info.yres - 1)
> +		newmode->fp_vert_stretch = ((rinfo->panel_info.yres - 1)
>  					   << VERT_PANEL_SHIFT);
>  
>  		if (mode->xres != rinfo->panel_info.xres) {
>  			hRatio = round_div(mode->xres * HORZ_STRETCH_RATIO_MAX,
>  					   rinfo->panel_info.xres);
> -			newmode.fp_horz_stretch = (((((unsigned long)hRatio) & HORZ_STRETCH_RATIO_MASK)) |
> -						   (newmode.fp_horz_stretch &
> +			newmode->fp_horz_stretch = (((((unsigned long)hRatio) & HORZ_STRETCH_RATIO_MASK)) |
> +						   (newmode->fp_horz_stretch &
>  						    (HORZ_PANEL_SIZE | HORZ_FP_LOOP_STRETCH |
>  						     HORZ_AUTO_RATIO_INC)));
> -			newmode.fp_horz_stretch |= (HORZ_STRETCH_BLEND |
> +			newmode->fp_horz_stretch |= (HORZ_STRETCH_BLEND |
>  						    HORZ_STRETCH_ENABLE);
>  		}
> -		newmode.fp_horz_stretch &= ~HORZ_AUTO_RATIO;
> +		newmode->fp_horz_stretch &= ~HORZ_AUTO_RATIO;
>  
>  		if (mode->yres != rinfo->panel_info.yres) {
>  			vRatio = round_div(mode->yres * VERT_STRETCH_RATIO_MAX,
>  					   rinfo->panel_info.yres);
> -			newmode.fp_vert_stretch = (((((unsigned long)vRatio) & VERT_STRETCH_RATIO_MASK)) |
> -						   (newmode.fp_vert_stretch &
> +			newmode->fp_vert_stretch = (((((unsigned long)vRatio) & VERT_STRETCH_RATIO_MASK)) |
> +						   (newmode->fp_vert_stretch &
>  						   (VERT_PANEL_SIZE | VERT_STRETCH_RESERVED)));
> -			newmode.fp_vert_stretch |= (VERT_STRETCH_BLEND |
> +			newmode->fp_vert_stretch |= (VERT_STRETCH_BLEND |
>  						    VERT_STRETCH_ENABLE);
>  		}
> -		newmode.fp_vert_stretch &= ~VERT_AUTO_RATIO_EN;
> +		newmode->fp_vert_stretch &= ~VERT_AUTO_RATIO_EN;
>  
> -		newmode.fp_gen_cntl = (rinfo->init_state.fp_gen_cntl & (u32)
> +		newmode->fp_gen_cntl = (rinfo->init_state.fp_gen_cntl & (u32)
>  				       ~(FP_SEL_CRTC2 |
>  					 FP_RMX_HVSYNC_CONTROL_EN |
>  					 FP_DFP_SYNC_SEL |
> @@ -1630,46 +1634,46 @@
>  					 FP_CRTC_USE_SHADOW_VEND |
>  					 FP_CRT_SYNC_ALT));
>  
> -		newmode.fp_gen_cntl |= (FP_CRTC_DONT_SHADOW_VPAR |
> +		newmode->fp_gen_cntl |= (FP_CRTC_DONT_SHADOW_VPAR |
>  					FP_CRTC_DONT_SHADOW_HEND);
>  
> -		newmode.lvds_gen_cntl = rinfo->init_state.lvds_gen_cntl;
> -		newmode.lvds_pll_cntl = rinfo->init_state.lvds_pll_cntl;
> -		newmode.tmds_crc = rinfo->init_state.tmds_crc;
> -		newmode.tmds_transmitter_cntl = rinfo->init_state.tmds_transmitter_cntl;
> +		newmode->lvds_gen_cntl = rinfo->init_state.lvds_gen_cntl;
> +		newmode->lvds_pll_cntl = rinfo->init_state.lvds_pll_cntl;
> +		newmode->tmds_crc = rinfo->init_state.tmds_crc;
> +		newmode->tmds_transmitter_cntl = rinfo->init_state.tmds_transmitter_cntl;
>  
>  		if (primary_mon == MT_LCD) {
> -			newmode.lvds_gen_cntl |= (LVDS_ON | LVDS_BLON);
> -			newmode.fp_gen_cntl &= ~(FP_FPON | FP_TMDS_EN);
> +			newmode->lvds_gen_cntl |= (LVDS_ON | LVDS_BLON);
> +			newmode->fp_gen_cntl &= ~(FP_FPON | FP_TMDS_EN);
>  		} else {
>  			/* DFP */
> -			newmode.fp_gen_cntl |= (FP_FPON | FP_TMDS_EN);
> -			newmode.tmds_transmitter_cntl = (TMDS_RAN_PAT_RST | TMDS_ICHCSEL) &
> +			newmode->fp_gen_cntl |= (FP_FPON | FP_TMDS_EN);
> +			newmode->tmds_transmitter_cntl = (TMDS_RAN_PAT_RST | TMDS_ICHCSEL) &
>  							 ~(TMDS_PLLRST);
>  			/* TMDS_PLL_EN bit is reversed on RV (and mobility) chips */
>  			if ((rinfo->family == CHIP_FAMILY_R300) ||
>  			    (rinfo->family == CHIP_FAMILY_R350) ||
>  			    (rinfo->family == CHIP_FAMILY_RV350) ||
>  			    (rinfo->family == CHIP_FAMILY_R200) || !rinfo->has_CRTC2)
> -				newmode.tmds_transmitter_cntl &= ~TMDS_PLL_EN;
> +				newmode->tmds_transmitter_cntl &= ~TMDS_PLL_EN;
>  			else
> -				newmode.tmds_transmitter_cntl |= TMDS_PLL_EN;
> -			newmode.crtc_ext_cntl &= ~CRTC_CRT_ON;
> +				newmode->tmds_transmitter_cntl |= TMDS_PLL_EN;
> +			newmode->crtc_ext_cntl &= ~CRTC_CRT_ON;
>  		}
>  
> -		newmode.fp_crtc_h_total_disp = (((rinfo->panel_info.hblank / 8) & 0x3ff) |
> +		newmode->fp_crtc_h_total_disp = (((rinfo->panel_info.hblank / 8) & 0x3ff) |
>  				(((mode->xres / 8) - 1) << 16));
> -		newmode.fp_crtc_v_total_disp = (rinfo->panel_info.vblank & 0xffff) |
> +		newmode->fp_crtc_v_total_disp = (rinfo->panel_info.vblank & 0xffff) |
>  				((mode->yres - 1) << 16);
> -		newmode.fp_h_sync_strt_wid = ((rinfo->panel_info.hOver_plus & 0x1fff) |
> +		newmode->fp_h_sync_strt_wid = ((rinfo->panel_info.hOver_plus & 0x1fff) |
>  				(hsync_wid << 16) | (h_sync_pol << 23));
> -		newmode.fp_v_sync_strt_wid = ((rinfo->panel_info.vOver_plus & 0xfff) |
> +		newmode->fp_v_sync_strt_wid = ((rinfo->panel_info.vOver_plus & 0xfff) |
>  				(vsync_wid << 16) | (v_sync_pol  << 23));
>  	}
>  
>  	/* do it! */
>  	if (!rinfo->asleep) {
> -		radeon_write_mode (rinfo, &newmode);
> +		radeon_write_mode (rinfo, newmode);
>  		/* (re)initialize the engine */
>  		if (!radeon_accel_disabled())
>  			radeonfb_engine_init (rinfo);
> @@ -1689,6 +1693,7 @@
>  	btext_update_display(rinfo->fb_base_phys, mode->xres, mode->yres,
>  			     rinfo->depth, info->fix.line_length);
>  #endif
> +	kfree(newmode);
>  
>  	return 0;
>  }
> 
> 
> Luca
-- 
Benjamin Herrenschmidt <benh@kernel.crashing.org>

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Benjamin Herrenschmidt]

> --- linux-2.6/drivers/video/aty/radeon_base.c~	2004-05-13 16:51:08.000000000 +0200
> +++ linux-2.6/drivers/video/aty/radeon_base.c	2004-05-13 16:55:09.000000000 +0200
> @@ -1397,7 +1397,7 @@
>  {
>  	struct radeonfb_info *rinfo = info->par;
>  	struct fb_var_screeninfo *mode = &info->var;
> -	struct radeon_regs newmode;
> +	static struct radeon_regs newmode;
>  	int hTotal, vTotal, hSyncStart, hSyncEnd,
>  	    hSyncPol, vSyncStart, vSyncEnd, vSyncPol, cSync;
>  	u8 hsync_adj_tab[] = {0, 0x12, 9, 9, 6, 5};
> 
> I'm not sure what the point behind the radeon_write_mode() is at all.
> The best solution could be to just merge radeon_write_mode() and
> radeonfb_set_par() into a single function and do the tons of OUTREG()
> directly.  In that case, don't bother to fix any typos

No, they should stay separate functions. I may use write_mode in a
different way in the future (like restoring previous mode on module
unload for example) and I'm very much against merging 2 already too big
function into one huge horror.

Ben.
 

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Andrew Morton]

Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote:
>
>  > 
>  > int radeonfb_set_par(struct fb_info *info)
>  > {
>  >         struct radeonfb_info *rinfo = info->par;
>  >         struct fb_var_screeninfo *mode = &info->var;
>  >         struct radeon_regs newmode;
>  >         
>  > struct radeon_regs is huge: 2356 bytes
>  > Quick fix (I'll test ASAP):
> 
>  Wow, this is evil indeed,

There should be some sort of prize ;)

There's a script out there somewhere which can autodetect this: build with
frame pointers, parse the function preamble.  Does anyone have a copy
handly?

There's a `make buildcheck' target in -mm (from Arjan) into which we could
integrate such a tool.  Although probably it should be a different make
target.

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Randy.Dunlap]

On Thu, 13 May 2004 18:21:53 -0700 Andrew Morton <akpm@osdl.org> wrote:

| Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote:
| >
| >  > 
| >  > int radeonfb_set_par(struct fb_info *info)
| >  > {
| >  >         struct radeonfb_info *rinfo = info->par;
| >  >         struct fb_var_screeninfo *mode = &info->var;
| >  >         struct radeon_regs newmode;
| >  >         
| >  > struct radeon_regs is huge: 2356 bytes
| >  > Quick fix (I'll test ASAP):
| > 
| >  Wow, this is evil indeed,
| 
| There should be some sort of prize ;)
| 
| There's a script out there somewhere which can autodetect this: build with
| frame pointers, parse the function preamble.  Does anyone have a copy
| handly?

Sure, it's at http://www.kernelnewbies.org/scripts/,
look for check-stack.sh, along with some other useful scripts.

| There's a `make buildcheck' target in -mm (from Arjan) into which we could
| integrate such a tool.  Although probably it should be a different make
| target.


--
~Randy

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Arjan van de Ven]

On Fri, May 14, 2004 at 11:47:39AM +0200, Andrew Morton wrote:
> There's a `make buildcheck' target in -mm (from Arjan) into which we could
> integrate such a tool.  Although probably it should be a different make
> target.

I added it to buildcheck for now, based on Keith Owens' check-stack.sh
script. I added a tiny bit of perl (shudder) to it to 
1) Make it print in decimal not hex
2) Filter the stack users to users of 400 bytes and higher

I arbitrarily used 400; that surely is debatable.

Greetings,
    Arjan van de Ven

diff -purN linux-2.6.6/Makefile linux/Makefile
--- linux-2.6.6/Makefile	2004-05-14 09:22:43.735077088 +0200
+++ linux/Makefile	2004-05-14 11:44:40.277365864 +0200
@@ -1061,6 +1061,8 @@ versioncheck:
 
 buildcheck:
 	$(PERL) scripts/reference_discarded.pl
+	sh scripts/check-stack.sh vmlinux
+	find -name "*.ko" | xargs sh scripts/check-stack.sh
 
 endif #ifeq ($(config-targets),1)
 endif #ifeq ($(mixed-targets),1)
diff -purN linux-2.6.6/scripts/check-stack.sh linux/scripts/check-stack.sh
--- linux-2.6.6/scripts/check-stack.sh	1970-01-01 01:00:00.000000000 +0100
+++ linux/scripts/check-stack.sh	2004-05-14 11:43:12.484712376 +0200
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Written by Keith Owens, modified by Arjan van de Ven to output in deciman
+#
+# Usage :  check-stack.sh vmlinux $(/sbin/modprobe -l)
+#
+#	Run a compiled ix86 kernel and print large local stack usage.
+#
+#	/>:/{s/[<>:]*//g; h; }   On lines that contain '>:' (headings like
+#	c0100000 <_stext>:), remove <, > and : and hold the line.  Identifies
+#	the procedure and its start address.
+#
+#	/subl\?.*\$0x[^,][^,][^,].*,%esp/{    Select lines containing
+#	subl\?...0x...,%esp but only if there are at least 3 digits between 0x and
+#	,%esp.  These are local stacks of at least 0x100 bytes.
+#
+#	s/.*$0x\([^,]*\).*/\1/;   Extract just the stack adjustment
+#	/^[89a-f].......$/d;   Ignore line with 8 digit offsets that are
+#	negative.  Some compilers adjust the stack on exit, seems to be related
+#	to goto statements
+#	G;   Append the held line (procedure and start address).
+#	s/\(.*\)\n.* \(.*\)/\1 \2/;  Remove the newline and procedure start
+#	address.  Leaves just stack size and procedure name.
+#	p; };   Print stack size and procedure name.
+#
+#	/subl\?.*%.*,%esp/{   Selects adjustment of %esp by register, dynamic
+#	arrays on stack.
+#	G;   Append the held line (procedure and start address).
+#	s/\(.*\)\n\(.*\)/Dynamic \2 \1/;   Reformat to "Dynamic", procedure
+#	start address, procedure name and the instruction that adjusts the
+#	stack, including its offset within the proc.
+#	p; };   Print the dynamic line.
+#
+#
+#	Leading spaces in the sed string are required.
+#
+# first check if it's x86, since only that arch works for now
+file vmlinux  | grep 80386 > /dev/null || exit
+#
+objdump --disassemble "$@" | \
+sed -ne '/>:/{s/[<>:]*//g; h; }
+ /subl\?.*\$0x[^,][^,][^,].*,%esp/{
+ s/.*\$0x\([^,]*\).*/\1/; /^[89a-f].......$/d; G; s/\(.*\)\n.* \(.*\)/\1 \2/; p; };
+ /subl\?.*%.*,%esp/{ G; s/\(.*\)\n\(.*\)/Dynamic \2 \1/; p; }; ' | \
+ sort | \
+perl -e 'while (<>) { if (/^([0-9a-f]+)(.*)/) { $decn = hex("0x" . $1); if ($decn > 400) { print "$decn $2\n";} } }'
+

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Fri, 14 May 2004 08:56:21 +1000, Benjamin Herrenschmidt wrote:
> > 
> > I'm not sure what the point behind the radeon_write_mode() is at all.
> > The best solution could be to just merge radeon_write_mode() and
> > radeonfb_set_par() into a single function and do the tons of OUTREG()
> > directly.  In that case, don't bother to fix any typos
> 
> No, they should stay separate functions. I may use write_mode in a
> different way in the future (like restoring previous mode on module
> unload for example) and I'm very much against merging 2 already too big
> function into one huge horror.

Not sure if the combined function would really be bigger than either
one alone.  Basically, set_par writes to a temp struct and write_mode
writes from the temp struct to hardware.  Sounds like quite a bit of
redundant code could be removed.

With more users for write_mode the seperate function makes sense
again, so you should keep it.  Just the second argument isn't valid
imo.

Jörn

-- 
Correctness comes second.
Features come third.
Performance comes last.
Maintainability is needed for all of them.

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Fri, 14 May 2004 11:49:23 +0200, Arjan van de Ven wrote:
> On Fri, May 14, 2004 at 11:47:39AM +0200, Andrew Morton wrote:
> > There's a `make buildcheck' target in -mm (from Arjan) into which we could
> > integrate such a tool.  Although probably it should be a different make
> > target.
> 
> I added it to buildcheck for now, based on Keith Owens' check-stack.sh
> script. I added a tiny bit of perl (shudder) to it to 
> 1) Make it print in decimal not hex
> 2) Filter the stack users to users of 400 bytes and higher
> 
> I arbitrarily used 400; that surely is debatable.

Keith' script has the major disadvantage of not working on anything
but i386.  Here is my old script that works on a few more.

I have another more intrusive one that also follows down all call
paths and sums up the stack consumption.  Lawyers pevent me from
publishing it, though.  A real pain. :(

Jörn

-- 
A defeated army first battles and then seeks victory.
-- Sun Tzu

--- linux-2.6.0-test5/Makefile~checkstack	2003-10-02 10:35:27.000000000 +0200
+++ linux-2.6.0-test5/Makefile	2003-10-18 18:27:23.000000000 +0200
@@ -849,6 +849,11 @@
 endif #ifeq ($(config-targets),1)
 endif #ifeq ($(mixed-targets),1)
 
+.PHONY: checkstack
+checkstack: vmlinux FORCE
+	$(OBJDUMP) -d vmlinux | \
+	$(PERL) scripts/checkstack.pl $(ARCH)
+
 # FIXME Should go into a make.lib or something 
 # ===========================================================================
 
--- /dev/null	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0-test5/scripts/checkstack.pl	2003-10-21 15:31:33.000000000 +0200
@@ -0,0 +1,98 @@
+#!/usr/bin/perl
+
+#	Check the stack usage of functions
+#
+#	Copyright Joern Engel <joern@wh.fh-wedel.de>
+#	Inspired by Linus Torvalds
+#	Original idea maybe from Keith Owens
+#	s390 port and big speedup by Arnd Bergmann <arnd@bergmann-dalldorf.de>
+#	Mips port by Juan Quintela <quintela@mandrakesoft.com>
+#	IA64 port via Andreas Dilger
+#	Arm port by Holger Schurig
+#
+#	Usage:
+#	objdump -d vmlinux | stackcheck_ppc.pl [arch]
+#
+#	TODO :	Port to all architectures (one regex per arch)
+
+# check for arch
+# 
+# $re is used for three matches:
+# $& (whole re) matches the complete objdump line with the stack growth
+# $1 (first bracket) matches the code that will be displayed in the output
+# $2 (second bracket) matches the size of the stack growth
+#
+# use anything else and feel the pain ;)
+{
+	my $arch = shift;
+	if ($arch eq "") {
+		$arch = `uname -m`;
+	}
+
+	$x	= "[0-9a-f]";	# hex character
+	$xs	= "[0-9a-f ]";	# hex character or space
+	if ($arch =~ /^arm$/) {
+		#c0008ffc:	e24dd064	sub	sp, sp, #100	; 0x64
+		$re = qr/.*(sub.*sp, sp, #(([0-9]{2}|[3-9])[0-9]{2}))/o;
+	} elsif ($arch =~ /^i[3456]86$/) {
+		#c0105234:       81 ec ac 05 00 00       sub    $0x5ac,%esp
+		$re = qr/^.*(sub    \$(0x$x{3,5}),\%esp)$/o;
+	} elsif ($arch =~ /^ia64$/) {
+		#e0000000044011fc:       01 0f fc 8c     adds r12=-384,r12
+		$re = qr/.*(adds.*r12=-(([0-9]{2}|[3-9])[0-9]{2}),r12)/o;
+	} elsif ($arch =~ /^mips64$/) {
+		#8800402c:       67bdfff0        daddiu  sp,sp,-16
+		$re = qr/.*(daddiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+	} elsif ($arch =~ /^mips$/) {
+		#88003254:       27bdffe0        addiu   sp,sp,-32
+		$re = qr/.*(addiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+	} elsif ($arch =~ /^ppc$/) {
+		#c00029f4:       94 21 ff 30     stwu    r1,-208(r1)
+		$re = qr/.*(stwu.*r1,-($x{3,5})\(r1\))/o;
+	} elsif ($arch =~ /^s390x?$/) {
+		#   11160:       a7 fb ff 60             aghi   %r15,-160
+		$re = qr/.*(ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+	} else {
+		print("wrong or unknown architecture\n");
+		exit
+	}
+}
+
+sub bysize($) {
+	($asize = $a) =~ s/$re/\2/;
+	($bsize = $b) =~ s/$re/\2/;
+	$asize = hex($asize) if ($asize =~ /^0x/);
+	$bsize = hex($bsize) if ($bsize =~ /^0x/);
+	$bsize <=> $asize
+}
+
+#
+# main()
+#
+$funcre = qr/^$x* \<(.*)\>:$/;
+while ($line = <STDIN>) {
+	if ($line =~ m/$funcre/) {
+		($func = $line) =~ s/$funcre/\1/;
+		chomp($func);
+	}
+	if ($line =~ m/$re/) {
+		(my $addr = $line) =~ s/^($xs{8}).*/0x\1/o;
+		chomp($addr);
+
+		my $intro = "$addr $func:";
+		my $padlen = 56 - length($intro);
+		while ($padlen > 0) {
+			$intro .= '	';
+			$padlen -= 8;
+		}
+		(my $code = $line) =~ s/$re/\1/;
+
+		$stack[@stack] = "$intro $code";
+	}
+}
+
+@sortedstack = sort bysize @stack;
+
+foreach $i (@sortedstack) {
+	print("$i");
+}

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Kronos]

Il Fri, May 14, 2004 at 08:55:02AM +1000, Benjamin Herrenschmidt ha scritto: 
> 
> > 
> > int radeonfb_set_par(struct fb_info *info)
> > {
> >         struct radeonfb_info *rinfo = info->par;
> >         struct fb_var_screeninfo *mode = &info->var;
> >         struct radeon_regs newmode;
> >         
> > struct radeon_regs is huge: 2356 bytes
> > Quick fix (I'll test ASAP):
> 
> Wow, this is evil indeed, I didn't expect that struct to be that big,
> but well... I did add a bunch of stuff to it lately.

There are 2 arrays at the end of the struct:

struct radeon_regs {
        ....
        u32             palette[256];
        u32             palette2[256];
};

they take 2KB alone and AFAICS they are not used anywhere. Maybe they
can be removed?

Luca
-- 
Home: http://kronoz.cjb.net
"Sei l'unica donna della mia vita".
(Adamo)

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Benjamin Herrenschmidt]

> There are 2 arrays at the end of the struct:
> 
> struct radeon_regs {
>         ....
>         u32             palette[256];
>         u32             palette2[256];
> };
> 
> they take 2KB alone and AFAICS they are not used anywhere. Maybe they
> can be removed?

They are the result of some work in progress on my side. I started
adding the entire card state to the structure, but never finished.

I'll probably go back on that when I find time though.

Ben.

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Andrew Morton]

Jörn Engel <joern@wohnheim.fh-wedel.de> wrote:
>
> On Fri, 14 May 2004 11:49:23 +0200, Arjan van de Ven wrote:
> > On Fri, May 14, 2004 at 11:47:39AM +0200, Andrew Morton wrote:
> > > There's a `make buildcheck' target in -mm (from Arjan) into which we could
> > > integrate such a tool.  Although probably it should be a different make
> > > target.
> > 
> > I added it to buildcheck for now, based on Keith Owens' check-stack.sh
> > script. I added a tiny bit of perl (shudder) to it to 
> > 1) Make it print in decimal not hex
> > 2) Filter the stack users to users of 400 bytes and higher
> > 
> > I arbitrarily used 400; that surely is debatable.
> 
> Keith' script has the major disadvantage of not working on anything
> but i386.  Here is my old script that works on a few more.

That's nice and simple.  All due respect to Keith, this is something
which humans have a chance of understanding too ;)

I removed the `vmlinux FORCE' targets from the makefile - that was forcing
a full rebuild after I'd just done one.  Just let it check ./vmlinux and if
it's not there, it errors out...

It doesn't do modules, and hence requires a prior allyesconfig.  I think it
would be better to do:

find . -name '*.o' | xargs objdump -d | perl scripts/checkstack.pl i386

but that produces slightly screwy output and, for some reason, duplicated
output:


0x    387c zconf_fopen:					 sub    $0x101c,%esp
0x     3c0 huft_build:					 sub    $0x5ac,%esp
0x       0 huft_build:					 sub    $0x5ac,%esp
0x       0 huft_build:					 sub    $0x59c,%esp
0x     d30 inflate_dynamic:				 sub    $0x528,%esp
0x    10f0 inflate_dynamic:				 sub    $0x528,%esp
0x     c10 inflate_dynamic:				 sub    $0x524,%esp
0x      23 zconfparse:					 sub    $0x50c,%esp
   3:	81 ec fc 04 00 00    	sub    $0x4fc,%esp yyparse:	 sub    $0x4fc,%esp
0x     f9c inflate_fixed:				 sub    $0x490,%esp
0x     bdc inflate_fixed:				 sub    $0x490,%esp
0x     abc inflate_fixed:				 sub    $0x490,%esp
0x    3d54 conf_read:					 sub    $0x41c,%esp
0x    fca0 snd_pcm_hw_params_old_user:			 sub    $0x358,%esp
0x    fc28 snd_pcm_hw_refine_old_user:			 sub    $0x358,%esp
0x    6c58 snd_pcm_hw_refine_old_user:			 sub    $0x358,%esp
0x   10448 snd_pcm_hw_refine_old_user:			 sub    $0x358,%esp
0x   104c0 snd_pcm_hw_params_old_user:			 sub    $0x358,%esp
0x    54e0 snd_pcm_hw_params_old_user:			 sub    $0x358,%esp
0x    5468 snd_pcm_hw_refine_old_user:			 sub    $0x358,%esp
0x    6cd0 snd_pcm_hw_params_old_user:			 sub    $0x358,%esp
0x    42db conf_write:					 sub    $0x30c,%esp
0x      c8 nlmclnt_proc:				 sub    $0x280,%esp
0x    1b54 snd_pcm_oss_get_formats:			 sub    $0x280,%esp
0x   1d074 snd_pcm_oss_get_formats:			 sub    $0x280,%esp
0x   761c8 nlmclnt_proc:				 sub    $0x280,%esp
0x   1c854 snd_pcm_oss_get_formats:			 sub    $0x280,%esp
0x     4b8 nlmclnt_proc:				 sub    $0x280,%esp
0x    1b54 snd_pcm_oss_get_formats:			 sub    $0x280,%esp


You wanna take a look at that please?

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Andrew Morton]

Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote:
>
> 
> > There are 2 arrays at the end of the struct:
> > 
> > struct radeon_regs {
> >         ....
> >         u32             palette[256];
> >         u32             palette2[256];
> > };
> > 
> > they take 2KB alone and AFAICS they are not used anywhere. Maybe they
> > can be removed?
> 
> They are the result of some work in progress on my side. I started
> adding the entire card state to the structure, but never finished.
> 
> I'll probably go back on that when I find time though.

Can we remove them for now?  People's machines are crashing...

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Benjamin Herrenschmidt]

> 
> Can we remove them for now?  People's machines are crashing...

The proper fix is the kmalloc I suppose, but yes, remove them for
now.

Ben.

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Chris Wright]

* Andrew Morton (akpm@osdl.org) wrote:
> Jörn Engel <joern@wohnheim.fh-wedel.de> wrote:
> >
> > On Fri, 14 May 2004 11:49:23 +0200, Arjan van de Ven wrote:
> > > On Fri, May 14, 2004 at 11:47:39AM +0200, Andrew Morton wrote:
> > > > There's a `make buildcheck' target in -mm (from Arjan) into which we could
> > > > integrate such a tool.  Although probably it should be a different make
> > > > target.
> > > 
> > > I added it to buildcheck for now, based on Keith Owens' check-stack.sh
> > > script. I added a tiny bit of perl (shudder) to it to 
> > > 1) Make it print in decimal not hex
> > > 2) Filter the stack users to users of 400 bytes and higher
> > > 
> > > I arbitrarily used 400; that surely is debatable.
> > 
> > Keith' script has the major disadvantage of not working on anything
> > but i386.  Here is my old script that works on a few more.
> 
> That's nice and simple.  All due respect to Keith, this is something
> which humans have a chance of understanding too ;)
> 
> I removed the `vmlinux FORCE' targets from the makefile - that was forcing
> a full rebuild after I'd just done one.  Just let it check ./vmlinux and if
> it's not there, it errors out...
> 
> It doesn't do modules, and hence requires a prior allyesconfig.  I think it
> would be better to do:
> 
> find . -name '*.o' | xargs objdump -d | perl scripts/checkstack.pl i386
> 
> but that produces slightly screwy output and, for some reason, duplicated
> output:

maybe from the .o and .mod.o?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Andrew Morton]

Chris Wright <chrisw@osdl.org> wrote:
>
> > It doesn't do modules, and hence requires a prior allyesconfig.  I think it
> > would be better to do:
> > 
> > find . -name '*.o' | xargs objdump -d | perl scripts/checkstack.pl i386
> > 
> > but that produces slightly screwy output and, for some reason, duplicated
> > output:
> 
> maybe from the .o and .mod.o?

Well find .  -name '*.o' -a -not -name '*.mod.o' would fix that up but the
dupes are coming from the intermediate .o files which the build system
prepares.  sound/core/snd.o contains sound/core/snd-pcm.o contains
sound/core/pcm_native.o.

hmm.

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Chris Wright]

* Andrew Morton (akpm@osdl.org) wrote:
> Well find .  -name '*.o' -a -not -name '*.mod.o' would fix that up but the
> dupes are coming from the intermediate .o files which the build system
> prepares.  sound/core/snd.o contains sound/core/snd-pcm.o contains
> sound/core/pcm_native.o.

i wonder if limiting to vmlinux and .ko's would be clean?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Andrew Morton]

Chris Wright <chrisw@osdl.org> wrote:
>
> * Andrew Morton (akpm@osdl.org) wrote:
> > Well find .  -name '*.o' -a -not -name '*.mod.o' would fix that up but the
> > dupes are coming from the intermediate .o files which the build system
> > prepares.  sound/core/snd.o contains sound/core/snd-pcm.o contains
> > sound/core/pcm_native.o.
> 
> i wonder if limiting to vmlinux and .ko's would be clean?

Seems to work.

.PHONY: checkstack
checkstack:
	$(OBJDUMP) -d vmlinux $$(find . -name '*.ko') | \
	$(PERL) scripts/checkstack.pl $(ARCH)

But we still get a little bit of misparsing:

0xc01e37a0 sys_semtimedop:				 sub    $0x1d4,%esp
0xc01d1d0f do_udf_readdir:				 sub    $0x1cc,%esp
0xc01bbc0c nfs_writepage_sync:				 sub    $0x1b8,%esp
0xc02d79c4 snd_mixer_oss_build_input:			 sub    $0x1a4,%esp
0xc031c7ec ip_getsockopt:				 sub    $0x194,%esp
0xc04c5dc0 snd_seq_oss_midi_lookup_ports:		 sub    $0x190,%esp
0xc04c5f88 snd_seq_system_client_init:			 sub    $0x190,%esp
 4c4:	81 ec 90 01 00 00    	sub    $0x190,%esp snd_virmidi_dev_attach_seq: sub    $0x190,%esp
0xc02c1783 snd_ctl_elem_add:				 sub    $0x190,%esp
0xc01a715c fat_search_long:				 sub    $0x190,%esp
0xc027c2a4 sg_ioctl:					 sub    $0x184,%esp
0xc017843c ep_send_events:				 sub    $0x184,%esp

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Arjan van de Ven]

[-- Attachment #1: Type: text/plain, Size: 320 bytes --]

On Fri, May 14, 2004 at 03:15:20PM -0700, Andrew Morton wrote:
> would be better to do:
> 
> find . -name '*.o' | xargs objdump -d | perl scripts/checkstack.pl i386

if you do '*.ko' you only look at the modules not the intermediate results
(which duplicate the vmlinux twice, once for the .o, once for the
built-in.o)


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Fri, 14 May 2004 16:48:54 -0700, Andrew Morton wrote:
> 
> Seems to work.
> 
> .PHONY: checkstack
> checkstack:
> 	$(OBJDUMP) -d vmlinux $$(find . -name '*.ko') | \
> 	$(PERL) scripts/checkstack.pl $(ARCH)

Makes sense.

> But we still get a little bit of misparsing:
> 
> 0xc01e37a0 sys_semtimedop:				 sub    $0x1d4,%esp
> 0xc01d1d0f do_udf_readdir:				 sub    $0x1cc,%esp
> 0xc01bbc0c nfs_writepage_sync:				 sub    $0x1b8,%esp
> 0xc02d79c4 snd_mixer_oss_build_input:			 sub    $0x1a4,%esp
> 0xc031c7ec ip_getsockopt:				 sub    $0x194,%esp
> 0xc04c5dc0 snd_seq_oss_midi_lookup_ports:		 sub    $0x190,%esp
> 0xc04c5f88 snd_seq_system_client_init:			 sub    $0x190,%esp
>  4c4:	81 ec 90 01 00 00    	sub    $0x190,%esp snd_virmidi_dev_attach_seq: sub    $0x190,%esp
> 0xc02c1783 snd_ctl_elem_add:				 sub    $0x190,%esp
> 0xc01a715c fat_search_long:				 sub    $0x190,%esp
> 0xc027c2a4 sg_ioctl:					 sub    $0x184,%esp
> 0xc017843c ep_send_events:				 sub    $0x184,%esp

Can you send me your .config for recreation?  This is with -mm2, I
guess.

Jörn

-- 
It's not whether you win or lose, it's how you place the blame.
-- unknown

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Matt Mackall]

On Fri, May 14, 2004 at 03:15:20PM -0700, Andrew Morton wrote:
> J?rn Engel <joern@wohnheim.fh-wedel.de> wrote:
> >
> > On Fri, 14 May 2004 11:49:23 +0200, Arjan van de Ven wrote:
> > > On Fri, May 14, 2004 at 11:47:39AM +0200, Andrew Morton wrote:
> > > > There's a `make buildcheck' target in -mm (from Arjan) into which we could
> > > > integrate such a tool.  Although probably it should be a different make
> > > > target.
> > > 
> > > I added it to buildcheck for now, based on Keith Owens' check-stack.sh
> > > script. I added a tiny bit of perl (shudder) to it to 
> > > 1) Make it print in decimal not hex
> > > 2) Filter the stack users to users of 400 bytes and higher
> > > 
> > > I arbitrarily used 400; that surely is debatable.
> > 
> > Keith' script has the major disadvantage of not working on anything
> > but i386.  Here is my old script that works on a few more.
> 
> That's nice and simple.  All due respect to Keith, this is something
> which humans have a chance of understanding too ;)

I have a cleaned up version of this script in -tiny which is a bit
nicer for adding new arches to and produces simpler output:

 1428 huft_build
 1292 inflate_dynamic
 1168 inflate_fixed
  528 ip_setsockopt
  496 tcp_check_req
  496 tcp_v4_conn_request
  484 tcp_timewait_state_process
  440 ip_getsockopt
  408 extract_entropy
  364 shrink_zone
  324 do_execve
...

#!/usr/bin/perl

#	Check the stack usage of functions
#
#	Copyright Joern Engel <joern@wh.fh-wedel.de>
#	Inspired by Linus Torvalds
#	Original idea maybe from Keith Owens
#	s390 port and big speedup by Arnd Bergmann <arnd@bergmann-dalldorf.de>
#	Mips port by Juan Quintela <quintela@mandrakesoft.com>
#       Rewritten for -tiny - Matt Mackall <mpm@selenic.com>
#
#	Usage:
#	objdump -d vmlinux | checkstack.pl i386
#
#	TODO :	Port to all architectures (one regex per arch)

$arch = shift;
$x	= "[0-9a-f]";	# hex character
$xs	= "[0-9a-f ]";	# hex character or space
$funcre = qr/^$x* \<(.*)\>:$/;

%stack_re =
(
 #c0105234:       81 ec ac 05 00 00       sub    $0x5ac,%esp
 "^i386\$" => qr/^.*sub    \$(0x$x{3,5}),\%esp$/o,
 #c0008ffc:       e24dd064        sub     sp, sp, #100    ; 0x64
 "^arm\$" => qr/.*sub.*sp, sp, #(([0-9]{2}|[3-9])[0-9]{2})/o,
 #8800402c:       67bdfff0        daddiu  sp,sp,-16
 "^mips64\$" => qr/.*daddiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2})/o,
 #88003254:       27bdffe0        addiu   sp,sp,-32
 "^mips\$" => qr/.*addiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2})/o,
 #c00029f4:       94 21 ff 30     stwu    r1,-208(r1)
 "^ppc\$" => qr/.*stwu.*r1,-($x{3,5})\(r1\)/o,
 #   11160:       a7 fb ff 60             aghi   %r15,-160
 "^s390x?\$" => qr/.*ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2})/o
);

for $arch_re (keys(%stack_re)) {
    $re = $stack_re{$arch_re} if ($arch =~ /$arch_re/);
}
die "Unknown architecture $arch!\n" if !$re;

while ($line = <STDIN>) {
    $func = $1 if ($line =~ m/$funcre/);
    $size{$func} = hex($1) if ($line =~ m/$re/);
}

for $func (sort {$size{$b} <=> $size{$a}} keys(%size)) {
	printf "% 5d $func\n", $size{$func};
}

-- 
Matt Mackall : http://www.selenic.com : Linux development and consulting

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Andrew Morton]

Matt Mackall <mpm@selenic.com> wrote:
>
> I have a cleaned up version of this script in -tiny which is a bit
> nicer for adding new arches to and produces simpler output:

OK, thanks.  Joern, could you please own this megaproject?  Send
me any needed diffs against -mm3?

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[William Lee Irwin III]

On Mon, May 17, 2004 at 06:35:15PM -0500, Matt Mackall wrote:
> I have a cleaned up version of this script in -tiny which is a bit
> nicer for adding new arches to and produces simpler output:
>  1428 huft_build
>  1292 inflate_dynamic
>  1168 inflate_fixed
>   528 ip_setsockopt
>   496 tcp_check_req
>   496 tcp_v4_conn_request
>   484 tcp_timewait_state_process
>   440 ip_getsockopt
>   408 extract_entropy
>   364 shrink_zone
>   324 do_execve

By eyeballing things, I see >= 384B on-stack in ep_send_events(). Hence:

kmalloc() the event buffer, since 384B on-stack is a bit large for i386.
Also minor cleanups so the thing can actually be read.
Untested, but simple.

Index: mm3-2.6.6/fs/eventpoll.c
===================================================================
--- mm3-2.6.6.orig/fs/eventpoll.c	2004-05-16 19:54:38.000000000 -0700
+++ mm3-2.6.6/fs/eventpoll.c	2004-05-19 03:09:24.000000000 -0700
@@ -148,14 +148,6 @@
 #define EP_ITEM_FROM_EPQUEUE(p) (container_of(p, struct ep_pqueue, pt)->epi)
 
 /*
- * This is used to optimize the event transfer to userspace. Since this
- * is kept on stack, it should be pretty small.
- */
-#define EP_MAX_BUF_EVENTS 32
-
-
-
-/*
  * Node that is linked into the "wake_task_list" member of the "struct poll_safewake".
  * It is used to keep track on all tasks that are currently inside the wake_up() code
  * to 1) short-circuit the one coming from the same task and same wait queue head
@@ -1426,16 +1418,20 @@
  * This function is called without holding the "ep->lock" since the call to
  * __copy_to_user() might sleep, and also f_op->poll() might reenable the IRQ
  * because of the way poll() is traditionally implemented in Linux.
+ * Buffering events is used to optimize the event transfer to userspace.
  */
 static int ep_send_events(struct eventpoll *ep, struct list_head *txlist,
 			  struct epoll_event __user *events)
 {
-	int eventcnt = 0, eventbuf = 0;
+	int eventcnt = 0, eventbuf = 0, bytes;
 	unsigned int revents;
 	struct list_head *lnk;
 	struct epitem *epi;
-	struct epoll_event event[EP_MAX_BUF_EVENTS];
+	struct epoll_event *event;
 
+	event = kmalloc(PAGE_SIZE, GFP_KERNEL);
+	if (!event)
+		return -ENOMEM;
 	/*
 	 * We can loop without lock because this is a task private list.
 	 * The test done during the collection loop will guarantee us that
@@ -1458,30 +1454,36 @@
 		 * the item to its "txlist" will write this field.
 		 */
 		epi->revents = revents & epi->event.events;
+		if (!epi->revents)
+			continue;
 
-		if (epi->revents) {
-			event[eventbuf] = epi->event;
-			event[eventbuf].events &= revents;
-			eventbuf++;
-			if (eventbuf == EP_MAX_BUF_EVENTS) {
-				if (__copy_to_user(&events[eventcnt], event,
-						   eventbuf * sizeof(struct epoll_event)))
-					return -EFAULT;
-				eventcnt += eventbuf;
-				eventbuf = 0;
-			}
-			if (epi->event.events & EPOLLONESHOT)
-				epi->event.events &= EP_PRIVATE_BITS;
+		event[eventbuf] = epi->event;
+		event[eventbuf].events &= revents;
+		eventbuf++;
+		if (eventbuf < PAGE_SIZE/sizeof(struct epoll_event))
+			goto mask_private_bits;
+		bytes = eventbuf * sizeof(struct epoll_event);
+		if (__copy_to_user(&events[eventcnt], event, bytes)) {
+			eventcnt = -EFAULT;
+			goto out;
 		}
-	}
-
-	if (eventbuf) {
-		if (__copy_to_user(&events[eventcnt], event,
-				   eventbuf * sizeof(struct epoll_event)))
-			return -EFAULT;
 		eventcnt += eventbuf;
-	}
-
+		eventbuf = 0;
+mask_private_bits:
+		if (epi->event.events & EPOLLONESHOT)
+			epi->event.events &= EP_PRIVATE_BITS;
+	}
+
+	if (!eventbuf)
+		goto out;
+	bytes = eventbuf * sizeof(struct epoll_event);
+	if (__copy_to_user(&events[eventcnt], event, bytes)) {
+		eventcnt = -EFAULT;
+		goto out;
+	}
+	eventcnt += eventbuf;
+out:
+	kfree(event);
 	return eventcnt;
 }
 

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[William Lee Irwin III]

On Mon, May 17, 2004 at 06:35:15PM -0500, Matt Mackall wrote:
>> I have a cleaned up version of this script in -tiny which is a bit
>> nicer for adding new arches to and produces simpler output:
>>  1428 huft_build
>>  1292 inflate_dynamic
>>  1168 inflate_fixed
>>   528 ip_setsockopt
>>   496 tcp_check_req
>>   496 tcp_v4_conn_request
>>   484 tcp_timewait_state_process
>>   440 ip_getsockopt
>>   408 extract_entropy
>>   364 shrink_zone
>>   324 do_execve

On Wed, May 19, 2004 at 03:28:46AM -0700, William Lee Irwin III wrote:
> By eyeballing things, I see >= 384B on-stack in ep_send_events(). Hence:

I might as well hit something higher up in the list. Does this help
ip_setsockopt() any (untested)?


-- wli


Index: mm3-2.6.6/net/ipv4/ip_sockglue.c
===================================================================
--- mm3-2.6.6.orig/net/ipv4/ip_sockglue.c	2004-05-09 19:32:27.000000000 -0700
+++ mm3-2.6.6/net/ipv4/ip_sockglue.c	2004-05-19 04:48:13.000000000 -0700
@@ -384,6 +384,312 @@
  *	an IP socket.
  */
 
+static int ip_options_setsockopt(struct inet_opt *inet, struct sock *sk, char *optval, int optlen)
+{
+	int err;
+	struct ip_options *opt = NULL;
+
+	if (optlen > 40 || optlen < 0)
+		return -EINVAL;
+	err = ip_options_get(&opt, optval, optlen, 1);
+	if (err)
+		return err;
+	if (sk->sk_type == SOCK_STREAM) {
+		struct tcp_opt *tp = tcp_sk(sk);
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+		if (sk->sk_family == PF_INET ||
+		    (!((1 << sk->sk_state) &
+		       (TCPF_LISTEN | TCPF_CLOSE)) &&
+		     inet->daddr != LOOPBACK4_IPV6)) {
+#endif
+			if (inet->opt)
+				tp->ext_header_len -= inet->opt->optlen;
+			if (opt)
+				tp->ext_header_len += opt->optlen;
+			tcp_sync_mss(sk, tp->pmtu_cookie);
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+		}
+#endif
+	}
+	opt = xchg(&inet->opt, opt);
+	if (opt)
+		kfree(opt);
+	return err;
+}
+
+static int ip_membership_setsockopt(struct sock *sk, char *optval, int optlen, int optname)
+{
+	int err;
+	struct ip_mreqn mreq;
+
+	if (optlen < sizeof(struct ip_mreq))
+		return -EINVAL;
+	if (optlen >= sizeof(struct ip_mreqn)) {
+		if(copy_from_user(&mreq,optval,sizeof(mreq)))
+			return -EFAULT;
+	} else {
+		memset(&mreq, 0, sizeof(mreq));
+		if (copy_from_user(&mreq,optval,sizeof(struct ip_mreq)))
+			return -EFAULT; 
+	}
+
+	if (optname == IP_ADD_MEMBERSHIP)
+		err = ip_mc_join_group(sk, &mreq);
+	else
+		err = ip_mc_leave_group(sk, &mreq);
+	return err;
+}
+
+static int ip_multicast_if_setsockopt(struct inet_opt *inet, struct sock *sk, char *optval, int optlen)
+{
+	struct ip_mreqn mreq;
+	struct net_device *dev = NULL;
+
+	if (sk->sk_type == SOCK_STREAM)
+		return -EINVAL;
+	/*
+	 *	Check the arguments are allowable
+	 */
+
+	if (optlen >= sizeof(struct ip_mreqn)) {
+		if (copy_from_user(&mreq,optval,sizeof(mreq)))
+			return -EFAULT;
+	} else {
+		memset(&mreq, 0, sizeof(mreq));
+		if (optlen >= sizeof(struct in_addr) &&
+		    copy_from_user(&mreq.imr_address,optval,sizeof(struct in_addr)))
+			return -EFAULT;
+	}
+
+	if (!mreq.imr_ifindex) {
+		if (mreq.imr_address.s_addr == INADDR_ANY) {
+			inet->mc_index = 0;
+			inet->mc_addr  = 0;
+			return 0;
+		}
+		dev = ip_dev_find(mreq.imr_address.s_addr);
+		if (dev) {
+			mreq.imr_ifindex = dev->ifindex;
+			dev_put(dev);
+		}
+	} else
+		dev = __dev_get_by_index(mreq.imr_ifindex);
+
+
+	if (!dev)
+		return -EADDRNOTAVAIL;
+
+	if (sk->sk_bound_dev_if && mreq.imr_ifindex != sk->sk_bound_dev_if)
+		return -EINVAL;
+
+	inet->mc_index = mreq.imr_ifindex;
+	inet->mc_addr  = mreq.imr_address.s_addr;
+	return 0;
+}
+
+static int ip_msfilter_setsockopt(struct sock *sk, char *optval, int optlen)
+{
+	extern int sysctl_optmem_max;
+	extern int sysctl_igmp_max_msf;
+	int err;
+	struct ip_msfilter *msf;
+
+	if (optlen < IP_MSFILTER_SIZE(0))
+		return -EINVAL;
+	if (optlen > sysctl_optmem_max)
+		return -ENOBUFS;
+	msf = kmalloc(optlen, GFP_KERNEL);
+	if (!msf)
+		return -ENOBUFS;
+	if (copy_from_user(msf, optval, optlen)) {
+		kfree(msf);
+		return -EFAULT;
+	}
+	/* numsrc >= (1G-4) overflow in 32 bits */
+	if (msf->imsf_numsrc >= 0x3ffffffcU ||
+	    msf->imsf_numsrc > sysctl_igmp_max_msf) {
+		kfree(msf);
+		return -ENOBUFS;
+	}
+	if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
+		kfree(msf);
+		return -EINVAL;
+	}
+	err = ip_mc_msfilter(sk, msf, 0);
+	kfree(msf);
+	return err;
+}
+
+static int ip_source_membership_setsockopt(struct sock *sk, char *optval, int optlen, int optname)
+{
+	struct ip_mreq_source mreqs;
+	int omode, add;
+
+	if (optlen != sizeof(struct ip_mreq_source))
+		return -EINVAL;
+	if (copy_from_user(&mreqs, optval, sizeof(mreqs)))
+		return -EFAULT;
+	if (optname == IP_BLOCK_SOURCE) {
+		omode = MCAST_EXCLUDE;
+		add = 1;
+	} else if (optname == IP_UNBLOCK_SOURCE) {
+		omode = MCAST_EXCLUDE;
+		add = 0;
+	} else if (optname == IP_ADD_SOURCE_MEMBERSHIP) {
+		struct ip_mreqn mreq;
+		int err;
+
+		mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr;
+		mreq.imr_address.s_addr = mreqs.imr_interface;
+		mreq.imr_ifindex = 0;
+		err = ip_mc_join_group(sk, &mreq);
+		if (err)
+			return err;
+		omode = MCAST_INCLUDE;
+		add = 1;
+	} else /*IP_DROP_SOURCE_MEMBERSHIP */ {
+		omode = MCAST_INCLUDE;
+		add = 0;
+	}
+	return ip_mc_source(add, omode, sk, &mreqs, 0);
+}
+
+static int ip_mcast_group_setsockopt(struct sock *sk, char *optval, int optlen, int optname)
+{
+	int err;
+	struct group_req greq;
+	struct sockaddr_in *psin;
+	struct ip_mreqn mreq;
+
+	if (optlen < sizeof(struct group_req))
+		return -EINVAL;
+	if(copy_from_user(&greq, optval, sizeof(greq)))
+		return -EFAULT;
+	psin = (struct sockaddr_in *)&greq.gr_group;
+	if (psin->sin_family != AF_INET)
+		return -EINVAL;
+	memset(&mreq, 0, sizeof(mreq));
+	mreq.imr_multiaddr = psin->sin_addr;
+	mreq.imr_ifindex = greq.gr_interface;
+
+	if (optname == MCAST_JOIN_GROUP)
+		err = ip_mc_join_group(sk, &mreq);
+	else
+		err = ip_mc_leave_group(sk, &mreq);
+	return err;
+}
+
+static int ip_mcast_source_setsockopt(struct sock *sk, char *optval, int optlen, int optname)
+{
+	struct group_source_req greqs;
+	struct ip_mreq_source mreqs;
+	struct sockaddr_in *psin;
+	int omode, add;
+
+	if (optlen != sizeof(struct group_source_req))
+		return -EINVAL;
+	if (copy_from_user(&greqs, optval, sizeof(greqs)))
+		return -EFAULT;
+	if (greqs.gsr_group.ss_family != AF_INET ||
+	    greqs.gsr_source.ss_family != AF_INET)
+		return -EADDRNOTAVAIL;
+	psin = (struct sockaddr_in *)&greqs.gsr_group;
+	mreqs.imr_multiaddr = psin->sin_addr.s_addr;
+	psin = (struct sockaddr_in *)&greqs.gsr_source;
+	mreqs.imr_sourceaddr = psin->sin_addr.s_addr;
+	mreqs.imr_interface = 0; /* use index for mc_source */
+
+	if (optname == MCAST_BLOCK_SOURCE) {
+		omode = MCAST_EXCLUDE;
+		add = 1;
+	} else if (optname == MCAST_UNBLOCK_SOURCE) {
+		omode = MCAST_EXCLUDE;
+		add = 0;
+	} else if (optname == MCAST_JOIN_SOURCE_GROUP) {
+		int err;
+		struct ip_mreqn mreq;
+
+		psin = (struct sockaddr_in *)&greqs.gsr_group;
+		mreq.imr_multiaddr = psin->sin_addr;
+		mreq.imr_address.s_addr = 0;
+		mreq.imr_ifindex = greqs.gsr_interface;
+		err = ip_mc_join_group(sk, &mreq);
+		if (err)
+			return err;
+		omode = MCAST_INCLUDE;
+		add = 1;
+	} else /* MCAST_LEAVE_SOURCE_GROUP */ {
+		omode = MCAST_INCLUDE;
+		add = 0;
+	}
+	return ip_mc_source(add, omode, sk, &mreqs, greqs.gsr_interface);
+}
+
+static int ip_mcast_msfilter_setsockopt(struct sock *sk, char *optval, int optlen)
+{
+	extern int sysctl_optmem_max;
+	extern int sysctl_igmp_max_msf;
+	struct sockaddr_in *psin;
+	struct ip_msfilter *msf = NULL;
+	struct group_filter *gsf = NULL;
+	int msize, i, ifindex, err;
+
+	if (optlen < GROUP_FILTER_SIZE(0))
+		return -EINVAL;
+	if (optlen > sysctl_optmem_max)
+		return -ENOBUFS;
+	gsf = kmalloc(optlen, GFP_KERNEL);
+	if (!gsf)
+		return -ENOBUFS;
+	if (copy_from_user(gsf, optval, optlen)) {
+		err = -EFAULT;
+		goto mc_msf_out;
+	}
+	/* numsrc >= (4G-140)/128 overflow in 32 bits */
+	if (gsf->gf_numsrc >= 0x1ffffff ||
+	    gsf->gf_numsrc > sysctl_igmp_max_msf) {
+		err = -ENOBUFS;
+		goto mc_msf_out;
+	}
+	if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
+		err = -EINVAL;
+		goto mc_msf_out;
+	}
+	msize = IP_MSFILTER_SIZE(gsf->gf_numsrc);
+	msf = kmalloc(msize, GFP_KERNEL);
+	if (!msf) {
+		err = -ENOBUFS;
+		goto mc_msf_out;
+	}
+	ifindex = gsf->gf_interface;
+	psin = (struct sockaddr_in *)&gsf->gf_group;
+	if (psin->sin_family != AF_INET) {
+		err = -EADDRNOTAVAIL;
+		goto mc_msf_out;
+	}
+	msf->imsf_multiaddr = psin->sin_addr.s_addr;
+	msf->imsf_interface = 0;
+	msf->imsf_fmode = gsf->gf_fmode;
+	msf->imsf_numsrc = gsf->gf_numsrc;
+	err = -EADDRNOTAVAIL;
+	for (i=0; i<gsf->gf_numsrc; ++i) {
+		psin = (struct sockaddr_in *)&gsf->gf_slist[i];
+
+		if (psin->sin_family != AF_INET)
+			goto mc_msf_out;
+		msf->imsf_slist[i] = psin->sin_addr.s_addr;
+	}
+	kfree(gsf);
+	gsf = NULL;
+	err = ip_mc_msfilter(sk, msf, ifindex);
+mc_msf_out:
+	if (msf)
+		kfree(msf);
+	if (gsf)
+		kfree(gsf);
+	return err;
+}
+
 int ip_setsockopt(struct sock *sk, int level, int optname, char *optval, int optlen)
 {
 	struct inet_opt *inet = inet_sk(sk);
@@ -424,35 +730,8 @@
 
 	switch (optname) {
 		case IP_OPTIONS:
-		{
-			struct ip_options * opt = NULL;
-			if (optlen > 40 || optlen < 0)
-				goto e_inval;
-			err = ip_options_get(&opt, optval, optlen, 1);
-			if (err)
-				break;
-			if (sk->sk_type == SOCK_STREAM) {
-				struct tcp_opt *tp = tcp_sk(sk);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-				if (sk->sk_family == PF_INET ||
-				    (!((1 << sk->sk_state) &
-				       (TCPF_LISTEN | TCPF_CLOSE)) &&
-				     inet->daddr != LOOPBACK4_IPV6)) {
-#endif
-					if (inet->opt)
-						tp->ext_header_len -= inet->opt->optlen;
-					if (opt)
-						tp->ext_header_len += opt->optlen;
-					tcp_sync_mss(sk, tp->pmtu_cookie);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-				}
-#endif
-			}
-			opt = xchg(&inet->opt, opt);
-			if (opt)
-				kfree(opt);
+			err = ip_options_setsockopt(inet, sk, optval, optlen);
 			break;
-		}
 		case IP_PKTINFO:
 			if (val)
 				inet->cmsg_flags |= IP_CMSG_PKTINFO;
@@ -540,304 +819,34 @@
 			inet->mc_loop = !!val;
 	                break;
 		case IP_MULTICAST_IF: 
-		{
-			struct ip_mreqn mreq;
-			struct net_device *dev = NULL;
-
-			if (sk->sk_type == SOCK_STREAM)
-				goto e_inval;
-			/*
-			 *	Check the arguments are allowable
-			 */
-
-			err = -EFAULT;
-			if (optlen >= sizeof(struct ip_mreqn)) {
-				if (copy_from_user(&mreq,optval,sizeof(mreq)))
-					break;
-			} else {
-				memset(&mreq, 0, sizeof(mreq));
-				if (optlen >= sizeof(struct in_addr) &&
-				    copy_from_user(&mreq.imr_address,optval,sizeof(struct in_addr)))
-					break;
-			}
-
-			if (!mreq.imr_ifindex) {
-				if (mreq.imr_address.s_addr == INADDR_ANY) {
-					inet->mc_index = 0;
-					inet->mc_addr  = 0;
-					err = 0;
-					break;
-				}
-				dev = ip_dev_find(mreq.imr_address.s_addr);
-				if (dev) {
-					mreq.imr_ifindex = dev->ifindex;
-					dev_put(dev);
-				}
-			} else
-				dev = __dev_get_by_index(mreq.imr_ifindex);
-
-
-			err = -EADDRNOTAVAIL;
-			if (!dev)
-				break;
-
-			err = -EINVAL;
-			if (sk->sk_bound_dev_if &&
-			    mreq.imr_ifindex != sk->sk_bound_dev_if)
-				break;
-
-			inet->mc_index = mreq.imr_ifindex;
-			inet->mc_addr  = mreq.imr_address.s_addr;
-			err = 0;
+			err = ip_multicast_if_setsockopt(inet, sk, optval, optlen);
 			break;
-		}
-
 		case IP_ADD_MEMBERSHIP:
 		case IP_DROP_MEMBERSHIP: 
-		{
-			struct ip_mreqn mreq;
-
-			if (optlen < sizeof(struct ip_mreq))
-				goto e_inval;
-			err = -EFAULT;
-			if (optlen >= sizeof(struct ip_mreqn)) {
-				if(copy_from_user(&mreq,optval,sizeof(mreq)))
-					break;
-			} else {
-				memset(&mreq, 0, sizeof(mreq));
-				if (copy_from_user(&mreq,optval,sizeof(struct ip_mreq)))
-					break; 
-			}
-
-			if (optname == IP_ADD_MEMBERSHIP)
-				err = ip_mc_join_group(sk, &mreq);
-			else
-				err = ip_mc_leave_group(sk, &mreq);
+			err = ip_membership_setsockopt(sk, optval, optlen, optname);
 			break;
-		}
 		case IP_MSFILTER:
-		{
-			extern int sysctl_optmem_max;
-			extern int sysctl_igmp_max_msf;
-			struct ip_msfilter *msf;
-
-			if (optlen < IP_MSFILTER_SIZE(0))
-				goto e_inval;
-			if (optlen > sysctl_optmem_max) {
-				err = -ENOBUFS;
-				break;
-			}
-			msf = (struct ip_msfilter *)kmalloc(optlen, GFP_KERNEL);
-			if (msf == 0) {
-				err = -ENOBUFS;
-				break;
-			}
-			err = -EFAULT;
-			if (copy_from_user(msf, optval, optlen)) {
-				kfree(msf);
-				break;
-			}
-			/* numsrc >= (1G-4) overflow in 32 bits */
-			if (msf->imsf_numsrc >= 0x3ffffffcU ||
-			    msf->imsf_numsrc > sysctl_igmp_max_msf) {
-				kfree(msf);
-				err = -ENOBUFS;
-				break;
-			}
-			if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
-				kfree(msf);
-				err = -EINVAL;
-				break;
-			}
-			err = ip_mc_msfilter(sk, msf, 0);
-			kfree(msf);
+			err = ip_msfilter_setsockopt(sk, optval, optlen);
 			break;
-		}
 		case IP_BLOCK_SOURCE:
 		case IP_UNBLOCK_SOURCE:
 		case IP_ADD_SOURCE_MEMBERSHIP:
 		case IP_DROP_SOURCE_MEMBERSHIP:
-		{
-			struct ip_mreq_source mreqs;
-			int omode, add;
-
-			if (optlen != sizeof(struct ip_mreq_source))
-				goto e_inval;
-			if (copy_from_user(&mreqs, optval, sizeof(mreqs))) {
-				err = -EFAULT;
-				break;
-			}
-			if (optname == IP_BLOCK_SOURCE) {
-				omode = MCAST_EXCLUDE;
-				add = 1;
-			} else if (optname == IP_UNBLOCK_SOURCE) {
-				omode = MCAST_EXCLUDE;
-				add = 0;
-			} else if (optname == IP_ADD_SOURCE_MEMBERSHIP) {
-				struct ip_mreqn mreq;
-
-				mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr;
-				mreq.imr_address.s_addr = mreqs.imr_interface;
-				mreq.imr_ifindex = 0;
-				err = ip_mc_join_group(sk, &mreq);
-				if (err)
-					break;
-				omode = MCAST_INCLUDE;
-				add = 1;
-			} else /*IP_DROP_SOURCE_MEMBERSHIP */ {
-				omode = MCAST_INCLUDE;
-				add = 0;
-			}
-			err = ip_mc_source(add, omode, sk, &mreqs, 0);
+			err = ip_source_membership_setsockopt(sk, optval, optlen, optname);
 			break;
-		}
 		case MCAST_JOIN_GROUP:
 		case MCAST_LEAVE_GROUP: 
-		{
-			struct group_req greq;
-			struct sockaddr_in *psin;
-			struct ip_mreqn mreq;
-
-			if (optlen < sizeof(struct group_req))
-				goto e_inval;
-			err = -EFAULT;
-			if(copy_from_user(&greq, optval, sizeof(greq)))
-				break;
-			psin = (struct sockaddr_in *)&greq.gr_group;
-			if (psin->sin_family != AF_INET)
-				goto e_inval;
-			memset(&mreq, 0, sizeof(mreq));
-			mreq.imr_multiaddr = psin->sin_addr;
-			mreq.imr_ifindex = greq.gr_interface;
-
-			if (optname == MCAST_JOIN_GROUP)
-				err = ip_mc_join_group(sk, &mreq);
-			else
-				err = ip_mc_leave_group(sk, &mreq);
+			err = ip_mcast_group_setsockopt(sk, optval, optlen, optname);
 			break;
-		}
 		case MCAST_JOIN_SOURCE_GROUP:
 		case MCAST_LEAVE_SOURCE_GROUP:
 		case MCAST_BLOCK_SOURCE:
 		case MCAST_UNBLOCK_SOURCE:
-		{
-			struct group_source_req greqs;
-			struct ip_mreq_source mreqs;
-			struct sockaddr_in *psin;
-			int omode, add;
-
-			if (optlen != sizeof(struct group_source_req))
-				goto e_inval;
-			if (copy_from_user(&greqs, optval, sizeof(greqs))) {
-				err = -EFAULT;
-				break;
-			}
-			if (greqs.gsr_group.ss_family != AF_INET ||
-			    greqs.gsr_source.ss_family != AF_INET) {
-				err = -EADDRNOTAVAIL;
-				break;
-			}
-			psin = (struct sockaddr_in *)&greqs.gsr_group;
-			mreqs.imr_multiaddr = psin->sin_addr.s_addr;
-			psin = (struct sockaddr_in *)&greqs.gsr_source;
-			mreqs.imr_sourceaddr = psin->sin_addr.s_addr;
-			mreqs.imr_interface = 0; /* use index for mc_source */
-
-			if (optname == MCAST_BLOCK_SOURCE) {
-				omode = MCAST_EXCLUDE;
-				add = 1;
-			} else if (optname == MCAST_UNBLOCK_SOURCE) {
-				omode = MCAST_EXCLUDE;
-				add = 0;
-			} else if (optname == MCAST_JOIN_SOURCE_GROUP) {
-				struct ip_mreqn mreq;
-
-				psin = (struct sockaddr_in *)&greqs.gsr_group;
-				mreq.imr_multiaddr = psin->sin_addr;
-				mreq.imr_address.s_addr = 0;
-				mreq.imr_ifindex = greqs.gsr_interface;
-				err = ip_mc_join_group(sk, &mreq);
-				if (err)
-					break;
-				omode = MCAST_INCLUDE;
-				add = 1;
-			} else /* MCAST_LEAVE_SOURCE_GROUP */ {
-				omode = MCAST_INCLUDE;
-				add = 0;
-			}
-			err = ip_mc_source(add, omode, sk, &mreqs,
-				greqs.gsr_interface);
+			err = ip_mcast_source_setsockopt(sk, optval, optlen, optname);
 			break;
-		}
 		case MCAST_MSFILTER:
-		{
-			extern int sysctl_optmem_max;
-			extern int sysctl_igmp_max_msf;
-			struct sockaddr_in *psin;
-			struct ip_msfilter *msf = 0;
-			struct group_filter *gsf = 0;
-			int msize, i, ifindex;
-
-			if (optlen < GROUP_FILTER_SIZE(0))
-				goto e_inval;
-			if (optlen > sysctl_optmem_max) {
-				err = -ENOBUFS;
-				break;
-			}
-			gsf = (struct group_filter *)kmalloc(optlen,GFP_KERNEL);
-			if (gsf == 0) {
-				err = -ENOBUFS;
-				break;
-			}
-			err = -EFAULT;
-			if (copy_from_user(gsf, optval, optlen)) {
-				goto mc_msf_out;
-			}
-			/* numsrc >= (4G-140)/128 overflow in 32 bits */
-			if (gsf->gf_numsrc >= 0x1ffffff ||
-			    gsf->gf_numsrc > sysctl_igmp_max_msf) {
-				err = -ENOBUFS;
-				goto mc_msf_out;
-			}
-			if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
-				err = -EINVAL;
-				goto mc_msf_out;
-			}
-			msize = IP_MSFILTER_SIZE(gsf->gf_numsrc);
-			msf = (struct ip_msfilter *)kmalloc(msize,GFP_KERNEL);
-			if (msf == 0) {
-				err = -ENOBUFS;
-				goto mc_msf_out;
-			}
-			ifindex = gsf->gf_interface;
-			psin = (struct sockaddr_in *)&gsf->gf_group;
-			if (psin->sin_family != AF_INET) {
-				err = -EADDRNOTAVAIL;
-				goto mc_msf_out;
-			}
-			msf->imsf_multiaddr = psin->sin_addr.s_addr;
-			msf->imsf_interface = 0;
-			msf->imsf_fmode = gsf->gf_fmode;
-			msf->imsf_numsrc = gsf->gf_numsrc;
-			err = -EADDRNOTAVAIL;
-			for (i=0; i<gsf->gf_numsrc; ++i) {
-				psin = (struct sockaddr_in *)&gsf->gf_slist[i];
-
-				if (psin->sin_family != AF_INET)
-					goto mc_msf_out;
-				msf->imsf_slist[i] = psin->sin_addr.s_addr;
-			}
-			kfree(gsf);
-			gsf = 0;
-
-			err = ip_mc_msfilter(sk, msf, ifindex);
-mc_msf_out:
-			if (msf)
-				kfree(msf);
-			if (gsf)
-				kfree(gsf);
+			err = ip_mcast_msfilter_setsockopt(sk, optval, optlen);
 			break;
-		}
 		case IP_ROUTER_ALERT:	
 			err = ip_ra_control(sk, val ? 1 : 0, NULL);
 			break;

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Mon, 17 May 2004 16:59:19 -0700, Andrew Morton wrote:
> Matt Mackall <mpm@selenic.com> wrote:
> >
> > I have a cleaned up version of this script in -tiny which is a bit
> > nicer for adding new arches to and produces simpler output:
> 
> OK, thanks.  Joern, could you please own this megaproject?  Send
> me any needed diffs against -mm3?

Below.  I've picked up some of Matt's ideas, but not his code.  While
being short and lean, it is wrong.  There may be more than one
function with the same name, for whatever reason, and Matt's code will
choke on such things.

Matt, if you can send me a patch that doesn't suffer this problem,
I'll gladly accept it.  Your perl is nicer than mine, no doubt.


Oh, and since Linus RFD sounds good and is *MUCH* nicer than what FSF
or RedHat want, I'll just accept the certificate.

        Developer's Certificate of Origin 1.0

        By making a contribution to this project, I certify that:

        (a) The contribution was created in whole or in part by me and I
            have the right to submit it under the open source license
            indicated in the file; or

        (b) The contribution is based upon previous work that, to the best
            of my knowledge, is covered under an appropriate open source
            license and I have the right under that license to submit that
            work with modifications, whether created in whole or in part
            by me, under the same open source license (unless I am   
            permitted to submit under a different license), as indicated
            in the file; or

        (c) The contribution was provided directly to me by some other
            person who certified (a), (b) or (c) and I have not modified
            it.

Jörn

-- 
People will accept your ideas much more readily if you tell them
that Benjamin Franklin said it first.
-- unknown

o Fix the misparsing on *.ko noticed by Andrew Morton.
o Slightly simplify the output format.
o Slightly simplify the code

Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de>

 checkstack.pl |   47 +++++++++++++++++++++++++----------------------
 1 files changed, 25 insertions(+), 22 deletions(-)

--- linux-2.6.6mm5/scripts/checkstack.pl~checkstack	2004-05-26 00:35:53.000000000 +0200
+++ linux-2.6.6mm5/scripts/checkstack.pl	2004-05-26 00:45:18.000000000 +0200
@@ -9,6 +9,7 @@
 #	Mips port by Juan Quintela <quintela@mandrakesoft.com>
 #	IA64 port via Andreas Dilger
 #	Arm port by Holger Schurig
+#	Random bits by Matt Mackall <mpm@selenic.com>
 #
 #	Usage:
 #	objdump -d vmlinux | stackcheck_ppc.pl [arch]
@@ -16,11 +17,10 @@
 #	TODO :	Port to all architectures (one regex per arch)
 
 # check for arch
-#
-# $re is used for three matches:
+# 
+# $re is used for two matches:
 # $& (whole re) matches the complete objdump line with the stack growth
-# $1 (first bracket) matches the code that will be displayed in the output
-# $2 (second bracket) matches the size of the stack growth
+# $1 (first bracket) matches the size of the stack growth
 #
 # use anything else and feel the pain ;)
 {
@@ -33,25 +33,28 @@
 	$xs	= "[0-9a-f ]";	# hex character or space
 	if ($arch =~ /^arm$/) {
 		#c0008ffc:	e24dd064	sub	sp, sp, #100	; 0x64
-		$re = qr/.*(sub.*sp, sp, #(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*sub.*sp, sp, #(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} elsif ($arch =~ /^i[3456]86$/) {
 		#c0105234:       81 ec ac 05 00 00       sub    $0x5ac,%esp
-		$re = qr/^.*(sub    \$(0x$x{3,5}),\%esp)$/o;
+		$re = qr/^.*sub    \$(0x$x{3,5}),\%esp$/o;
 	} elsif ($arch =~ /^ia64$/) {
 		#e0000000044011fc:       01 0f fc 8c     adds r12=-384,r12
-		$re = qr/.*(adds.*r12=-(([0-9]{2}|[3-9])[0-9]{2}),r12)/o;
+		$re = qr/.*adds.*r12=-(([0-9]{2}|[3-9])[0-9]{2}),r12/o;
 	} elsif ($arch =~ /^mips64$/) {
 		#8800402c:       67bdfff0        daddiu  sp,sp,-16
-		$re = qr/.*(daddiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*daddiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} elsif ($arch =~ /^mips$/) {
 		#88003254:       27bdffe0        addiu   sp,sp,-32
-		$re = qr/.*(addiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*addiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} elsif ($arch =~ /^ppc$/) {
 		#c00029f4:       94 21 ff 30     stwu    r1,-208(r1)
-		$re = qr/.*(stwu.*r1,-($x{3,5})\(r1\))/o;
+		$re = qr/.*stwu.*r1,-($x{3,5})\(r1\)/o;
+	} elsif ($arch =~ /^ppc64$/) {
+		#XXX
+		$re = qr/.*stdu.*r1,-($x{3,5})\(r1\)/o;
 	} elsif ($arch =~ /^s390x?$/) {
 		#   11160:       a7 fb ff 60             aghi   %r15,-160
-		$re = qr/.*(ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} else {
 		print("wrong or unknown architecture\n");
 		exit
@@ -59,10 +62,8 @@
 }
 
 sub bysize($) {
-	($asize = $a) =~ s/$re/\2/;
-	($bsize = $b) =~ s/$re/\2/;
-	$asize = hex($asize) if ($asize =~ /^0x/);
-	$bsize = hex($bsize) if ($bsize =~ /^0x/);
+	($asize = $a) =~ s/.*	+(.*)$/$1/;
+	($bsize = $b) =~ s/.*	+(.*)$/$1/;
 	$bsize <=> $asize
 }
 
@@ -72,12 +73,16 @@
 $funcre = qr/^$x* \<(.*)\>:$/;
 while ($line = <STDIN>) {
 	if ($line =~ m/$funcre/) {
-		($func = $line) =~ s/$funcre/\1/;
-		chomp($func);
+		$func = $1;
 	}
 	if ($line =~ m/$re/) {
-		(my $addr = $line) =~ s/^($xs{8}).*/0x\1/o;
-		chomp($addr);
+		my $size = $1;
+		$size = hex($size) if ($size =~ /^0x/);
+
+		$line =~ m/^($xs*).*/;
+		my $addr = $1;
+		$addr =~ s/ /0/g;
+		$addr = "0x$addr";
 
 		my $intro = "$addr $func:";
 		my $padlen = 56 - length($intro);
@@ -85,9 +90,7 @@
 			$intro .= '	';
 			$padlen -= 8;
 		}
-		(my $code = $line) =~ s/$re/\1/;
-
-		$stack[@stack] = "$intro $code";
+		$stack[@stack] = "$intro$size\n";
 	}
 }
 

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

Forgot Anton's ppc64 port in the description.

Jörn

-- 
Victory in war is not repetitious.
-- Sun Tzu

o Fix the misparsing on *.ko noticed by Andrew Morton.
o Slightly simplify the output format.
o Slightly simplify the code
o Added ppc64 architecture (re by Anton Blanchard)

Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de>

 checkstack.pl |   47 +++++++++++++++++++++++++----------------------
 1 files changed, 25 insertions(+), 22 deletions(-)

--- linux-2.6.6mm5/scripts/checkstack.pl~checkstack	2004-05-26 00:35:53.000000000 +0200
+++ linux-2.6.6mm5/scripts/checkstack.pl	2004-05-26 00:45:18.000000000 +0200
@@ -9,6 +9,7 @@
 #	Mips port by Juan Quintela <quintela@mandrakesoft.com>
 #	IA64 port via Andreas Dilger
 #	Arm port by Holger Schurig
+#	Random bits by Matt Mackall <mpm@selenic.com>
 #
 #	Usage:
 #	objdump -d vmlinux | stackcheck_ppc.pl [arch]
@@ -16,11 +17,10 @@
 #	TODO :	Port to all architectures (one regex per arch)
 
 # check for arch
-#
-# $re is used for three matches:
+# 
+# $re is used for two matches:
 # $& (whole re) matches the complete objdump line with the stack growth
-# $1 (first bracket) matches the code that will be displayed in the output
-# $2 (second bracket) matches the size of the stack growth
+# $1 (first bracket) matches the size of the stack growth
 #
 # use anything else and feel the pain ;)
 {
@@ -33,25 +33,28 @@
 	$xs	= "[0-9a-f ]";	# hex character or space
 	if ($arch =~ /^arm$/) {
 		#c0008ffc:	e24dd064	sub	sp, sp, #100	; 0x64
-		$re = qr/.*(sub.*sp, sp, #(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*sub.*sp, sp, #(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} elsif ($arch =~ /^i[3456]86$/) {
 		#c0105234:       81 ec ac 05 00 00       sub    $0x5ac,%esp
-		$re = qr/^.*(sub    \$(0x$x{3,5}),\%esp)$/o;
+		$re = qr/^.*sub    \$(0x$x{3,5}),\%esp$/o;
 	} elsif ($arch =~ /^ia64$/) {
 		#e0000000044011fc:       01 0f fc 8c     adds r12=-384,r12
-		$re = qr/.*(adds.*r12=-(([0-9]{2}|[3-9])[0-9]{2}),r12)/o;
+		$re = qr/.*adds.*r12=-(([0-9]{2}|[3-9])[0-9]{2}),r12/o;
 	} elsif ($arch =~ /^mips64$/) {
 		#8800402c:       67bdfff0        daddiu  sp,sp,-16
-		$re = qr/.*(daddiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*daddiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} elsif ($arch =~ /^mips$/) {
 		#88003254:       27bdffe0        addiu   sp,sp,-32
-		$re = qr/.*(addiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*addiu.*sp,sp,-(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} elsif ($arch =~ /^ppc$/) {
 		#c00029f4:       94 21 ff 30     stwu    r1,-208(r1)
-		$re = qr/.*(stwu.*r1,-($x{3,5})\(r1\))/o;
+		$re = qr/.*stwu.*r1,-($x{3,5})\(r1\)/o;
+	} elsif ($arch =~ /^ppc64$/) {
+		#XXX
+		$re = qr/.*stdu.*r1,-($x{3,5})\(r1\)/o;
 	} elsif ($arch =~ /^s390x?$/) {
 		#   11160:       a7 fb ff 60             aghi   %r15,-160
-		$re = qr/.*(ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2}))/o;
+		$re = qr/.*ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2})/o;
 	} else {
 		print("wrong or unknown architecture\n");
 		exit
@@ -59,10 +62,8 @@
 }
 
 sub bysize($) {
-	($asize = $a) =~ s/$re/\2/;
-	($bsize = $b) =~ s/$re/\2/;
-	$asize = hex($asize) if ($asize =~ /^0x/);
-	$bsize = hex($bsize) if ($bsize =~ /^0x/);
+	($asize = $a) =~ s/.*	+(.*)$/$1/;
+	($bsize = $b) =~ s/.*	+(.*)$/$1/;
 	$bsize <=> $asize
 }
 
@@ -72,12 +73,16 @@
 $funcre = qr/^$x* \<(.*)\>:$/;
 while ($line = <STDIN>) {
 	if ($line =~ m/$funcre/) {
-		($func = $line) =~ s/$funcre/\1/;
-		chomp($func);
+		$func = $1;
 	}
 	if ($line =~ m/$re/) {
-		(my $addr = $line) =~ s/^($xs{8}).*/0x\1/o;
-		chomp($addr);
+		my $size = $1;
+		$size = hex($size) if ($size =~ /^0x/);
+
+		$line =~ m/^($xs*).*/;
+		my $addr = $1;
+		$addr =~ s/ /0/g;
+		$addr = "0x$addr";
 
 		my $intro = "$addr $func:";
 		my $padlen = 56 - length($intro);
@@ -85,9 +90,7 @@
 			$intro .= '	';
 			$padlen -= 8;
 		}
-		(my $code = $line) =~ s/$re/\1/;
-
-		$stack[@stack] = "$intro $code";
+		$stack[@stack] = "$intro$size\n";
 	}
 }

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Tue, 18 May 2004 12:47:34 -0500, Matt Mackall wrote:
> 
> Unfortunately, apparently at least objdump for parisc prints hex with
> no leading 0x, and IA64 does something much uglier (as it is wont to
> do), so I'll have to do something a bit more clever here.

Don't waste too much time with it, this is an ugly hack by design
already, for two reasons:

1. It really ought to be part of gcc.  Gcc needs  a
   -Wstack-per-function option that will give a warning whenever the
   stack for any function exceeds some user-defined value.  alloca()
   will exceed any value.
2. We don't care much about the usage per function, but for a complete
   code path.  An expanded checker to do this already exists, I'm
   merely not allowed to give it to anyone.  Lawyers.

Apart from that, go ahead and have fun!

Jörn

-- 
Data expands to fill the space available for storage.
-- Parkinson's Law

Re: [4KSTACK][2.6.6] Stack overflow in radeonfb

[Jörn Engel]

On Wed, 19 May 2004 05:01:38 -0700, William Lee Irwin III wrote:
> On Mon, May 17, 2004 at 06:35:15PM -0500, Matt Mackall wrote:
> >> I have a cleaned up version of this script in -tiny which is a bit
> >> nicer for adding new arches to and produces simpler output:
> >>  1428 huft_build
> >>  1292 inflate_dynamic
> >>  1168 inflate_fixed
> >>   528 ip_setsockopt
> >>   496 tcp_check_req
> >>   496 tcp_v4_conn_request
> >>   484 tcp_timewait_state_process
> >>   440 ip_getsockopt
> >>   408 extract_entropy
> >>   364 shrink_zone
> >>   324 do_execve
> 
> On Wed, May 19, 2004 at 03:28:46AM -0700, William Lee Irwin III wrote:
> > By eyeballing things, I see >= 384B on-stack in ep_send_events(). Hence:
> 
> I might as well hit something higher up in the list. Does this help
> ip_setsockopt() any (untested)?

If you have time for this, here are some more. :)
First list is my running kernel, second is with allmodconfig (sans
aic7*, which doesn't compile).

Jörn

-- 
Everything should be made as simple as possible, but not simpler.
-- Albert Einstein

0xc021a736 ide_unregister:                              1552
0xc01003ab huft_build:                                  1436
0xc01010e4 inflate_dynamic:                             1340
0xc0100f62 inflate_fixed:                               1196
0x0214 orinoco_cs_config:                               984
0x000046c4 arlan_sysctl_info:                           936
0x0239 atmel_config:                                    920
0x00002b34 wv_hw_reset:                                 916
0x023f airo_config:                                     912
0xc019f22d nfs_writepage_sync:                          904
0xc027a4e0 snd_pcm_hw_refine_old_user:                  892
0xc027a5b0 snd_pcm_hw_params_old_user:                  892
0xc019d90b nfs_readpage_sync:                           872
0x0000456b setup_card:                                  860
0x00000434 mhz_mfc_config:                              716
0x00000df0 ds_ioctl:                                    708
0x00000750 has_ce2_string:                              688
0x00000636 mhz_setup:                                   684
0x000008a8 smc_config:                                  684
0x00000994 smc_setup:                                   684
0x000003d9 axnet_config:                                668
0x000006fc pcnet_config:                                660
0xc01abcb6 nlmclnt_proc:                                656
0xc0288676 snd_pcm_oss_get_formats:                     652
0xc01ac77b nlmclnt_reclaim:                             640



0x00002178 CpqTsProcessIMQEntry:                        2064
0x0000203a PeekIMQEntry:                                2052
0x000064f5 ioc_rescan:                                  1568
0x00006387 ioc_hdrlist:                                 1528
0xc01005ed huft_build:                                  1444
0xc0101225 inflate_dynamic:                             1312
0x00007b11 send_panic_events:                           1268
0xc01010ce inflate_fixed:                               1168
0x01f0 ide_config:                                      1168
0x016e parport_config:                                  1144
0x02e4 ixj_config:                                      1144
0x00000502 gdth_get_info:                               1076
0x0000d8e9 nfsd4_proc_compound:                         1024
0x00004d45 zoran_do_ioctl:                              1020
0x00000de8 bt3c_config:                                 1016
0x0bb0 btuart_config:                                   1016
0x0000030e snd_mixart_add_ref_pipe:                     1016
0x0171 sedlbauer_config:                                1012
0x00000ee0 bluecard_config:                             1012
0x0c7b dtl1_config:                                     1012
0x00003e72 ixgb_ethtool_ioctl:                          1008
0x00010ac2 dohash:                                      1004
0x0000113e wavefront_load_gus_patch:                    984
0x00001a16 nsp_cs_config:                               980
0x0197 orinoco_cs_config:                               968
0x0000a1c8 Vpd:                                         960
0x00000305 mgslpc_config:                               956
0x00019d42 nfs_direct_write_seg:                        952
0x00007b7e cpqhp_set_irq:                               948
0x000049b5 arlan_sysctl_info:                           936
0x0013 com90xx_probe:                                   928
0x000096fe nfs_writepage_sync:                          920
0x00002adf wv_hw_reset:                                 912
0x00006e9d cs46xx_dsp_scb_and_task_init:                912
0x01b1 airo_config:                                     904
0x01b0 atmel_config:                                    900
0x00008147 nfs_readpage_sync:                           888
0x000199db nfs_direct_read_seg:                         888
0x00009546 sig_ind:                                     884
0x00007201 snd_pcm_hw_refine_old_user:                  868
0x0000727c snd_pcm_hw_params_old_user:                  868
0x000037cd setup_card:                                  852
0x000035e2 hfsplus_readdir:                             852
0x00000006 sha512_transform:                            844
0x000019c3 sb1000_dev_ioctl:                            824
0x00000210 NFTL_foldchain:                              816
0x00007164 isd200_action:                               812
0x00003eb5 calculate_clipping_registers_rect:           808
0xc0210449 calc_mode_timings:                           804
0x00001e4a netdev_ethtool_ioctl:                        796
0x0000198f get_ports:                                   788
0x069c multi_config:                                    764
0x03c6 simple_config:                                   760
0x00001982 add_card:                                    760
0x00002a23 atp870u_probe:                               756
0x00000257 INFTL_foldchain:                             752
0x00000c2e restore_mixer_state:                         728
0x00000b6b save_mixer_state:                            724
0x00008686 SkPnmiGetStruct:                             716
0x0208 elsa_cs_config:                                  708
0x0208 teles_cs_config:                                 708
0x0000034a mhz_mfc_config:                              704
0x00011582 nfsd4_encode_fattr:                          704
0x09a7 serial_config:                                   692
0x00000d35 ds_ioctl:                                    680
0x000004f5 mhz_setup:                                   676
0x000037f4 ncp_ioctl:                                   676
0x000006d5 smc_config:                                  672
0x00000783 smc_setup:                                   672
0x0000055d has_ce2_string:                              672
0x00000523 nlmclnt_proc:                                664
0x000078d4 reiserfs_rename:                             660
0x0254 avma1cs_config:                                  652
0x0000029e axnet_config:                                648
0x00001a45 snd_pcm_oss_get_formats:                     648
0x0000051d pcnet_config:                                644
0x00000f38 nlmclnt_reclaim:                             644
0x00001404 ncp_create_new:                              644
0x00001645 ncp_mkdir:                                   644
0x000011a4 ncp_lookup:                                  640