/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

null pointer dereference - appvm with sound-card pci-passed through (fedora-23, debian-8, whonix-ws) #2316

Closed
user393 opened this Issue Sep 14, 2016 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
3 participants
@user393 @marmarek @andrewdavidwong
@user393

user393 commented Sep 14, 2016
edited
Edited 1 time
  • @user393 user393 edited Sep 14, 2016 (most recent)

Qubes OS version:

R3.2rc3

Affected TemplateVMs :

fedora-23
debian-8
whonix-ws

Expected behavior:

pci-passthrough of the soundcard worked on the same machine with R3.1

Actual behavior:

see attached for full dmesg, lspci etc
[ 2.580300] input: PC Speaker as /devices/platform/pcspkr/input/input0
[ 2.585460] pcifront pci-0: Installing PCI frontend
[ 2.585669] pcifront pci-0: Creating PCI Frontend Bus 0000:00
[ 2.585727] pcifront pci-0: PCI host bridge to bus 0000:00
[ 2.585736] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
[ 2.585742] pci_bus 0000:00: root bus resource [mem 0x00000000-0xfffffffff]
[ 2.585750] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 2.588193] pci 0000:00:00.0: [8086:3b56] type 00 class 0x040300
[ 2.589074] pci 0000:00:00.0: reg 0x10: [mem 0xf2420000-0xf2423fff 64bit]
[ 2.599409] pcifront pci-0: claiming resource 0000:00:00.0/0
[ 2.958504] snd_hda_intel 0000:00:00.0: Xen PCI mapped GSI17 to IRQ15
[ 2.968582] snd_hda_codec_conexant hdaudioC0D0: CX20585: BIOS auto-probing.
[ 2.969535] snd_hda_codec_conexant hdaudioC0D0: autoconfig for CX20585: line_outs=1 (0x1f/0x0/0x0/0x0/0x0) type:speaker
[ 2.969550] snd_hda_codec_conexant hdaudioC0D0: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
[ 2.969560] snd_hda_codec_conexant hdaudioC0D0: hp_outs=2 (0x1c/0x19/0x0/0x0/0x0)
[ 2.969569] snd_hda_codec_conexant hdaudioC0D0: mono: mono_out=0x0
[ 2.969575] snd_hda_codec_conexant hdaudioC0D0: inputs:
[ 2.969582] snd_hda_codec_conexant hdaudioC0D0: Internal Mic=0x23
[ 2.969589] snd_hda_codec_conexant hdaudioC0D0: Mic=0x1b
[ 2.969595] snd_hda_codec_conexant hdaudioC0D0: Dock Mic=0x1a
[ 2.973806] snd_hda_codec_conexant hdaudioC0D0: Enable sync_write for stable communication
[ 2.973830] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[ 2.973841] IP: [] acpi_ns_walk_namespace+0x4b/0x193
[ 2.973855] PGD 0
[ 2.973860] Oops: 0000 [#1] SMP
[ 2.973867] Modules linked in: snd_hda_codec_conexant(+) snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore coretemp crct10dif_pclmul crc32_pclmul crc32c_intel pcspkr xen_pcifront xenfs dummy_hcd udc_core xen_privcmd u2mfn(O) xen_blkback xen_blkfront
[ 2.973911] CPU: 0 PID: 291 Comm: systemd-udevd Tainted: G O 4.4.14-11.pvops.qubes.x86_64 #1
[ 2.973921] task: ffff88002eed9bc0 ti: ffff88002ef28000 task.ti: ffff88002ef28000
[ 2.973930] RIP: e030:[] [] acpi_ns_walk_namespace+0x4b/0x193
[ 2.973941] RSP: e02b:ffff88002ef2b9d0 EFLAGS: 00010202
[ 2.973946] RAX: ffff88002ef2ba40 RBX: 0000000000000001 RCX: 0000000000000001
[ 2.973953] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: 0000000000000006
[ 2.973959] RBP: ffff88002ef2ba20 R08: ffffffff814535e7 R09: 0000000000000000
[ 2.973965] R10: ffff88002f419f00 R11: 0000000000000165 R12: 0000000000000001
[ 2.973971] R13: ffff88002ee48800 R14: 0000000000000000 R15: 0000000000000000
[ 2.973983] FS: 00007f1f564d78c0(0000) GS:ffff880031800000(0000) knlGS:0000000000000000
[ 2.973992] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 2.973998] CR2: 0000000000000018 CR3: 000000002d260000 CR4: 0000000000002660
[ 2.974006] Stack:
[ 2.974007] ffffffffa00f9af4 0000000000000000 ffffffff814535e7 00000001ffffffff
[ 2.974007] 0000000000000006 0000000000000000 0000000000000000 ffff88002ee48800
[ 2.974007] ffff88002ef1d000 0000000000000001 ffff88002ef2ba68 ffffffff814534ed
[ 2.974007] Call Trace:
[ 2.974007] [] ? snd_hda_get_bool_hint+0x84/0x90 [snd_hda_codec]
[ 2.974007] [] ? acpi_walk_namespace+0xd0/0xd0
[ 2.974007] [] acpi_get_devices+0x6a/0x94
[ 2.974007] [] ? 0xffffffffa00c9000
[ 2.974007] [] hda_fixup_thinkpad_acpi+0xbc/0x1f0 [snd_hda_codec_conexant]
[ 2.974007] [] apply_fixup+0x1a2/0x2a0 [snd_hda_codec]
[ 2.974007] [] snd_hda_apply_fixup+0x22/0x30 [snd_hda_codec]
[ 2.974007] [] patch_conexant_auto+0x302/0x4a3 [snd_hda_codec_conexant]
[ 2.974007] [] hda_codec_driver_probe+0x6b/0x100 [snd_hda_codec]
[ 2.974007] [] driver_probe_device+0x222/0x490
[ 2.974007] [] __driver_attach+0x84/0x90
[ 2.974007] [] ? driver_probe_device+0x490/0x490
[ 2.974007] [] bus_for_each_dev+0x6c/0xc0
[ 2.974007] [] driver_attach+0x1e/0x20
[ 2.974007] [] bus_add_driver+0x1eb/0x280
[ 2.974007] [] ? 0xffffffffa00d5000
[ 2.974007] [] driver_register+0x60/0xe0
[ 2.974007] [] __hda_codec_driver_register+0x5a/0x60 [snd_hda_codec]
[ 2.974007] [] conexant_driver_init+0x1e/0x1000 [snd_hda_codec_conexant]
[ 2.974007] [] do_one_initcall+0xb3/0x200
[ 2.974007] [] ? preempt_schedule_common+0x18/0x30
[ 2.974007] [] ? _cond_resched+0x1c/0x30
[ 2.974007] [] ? kmem_cache_alloc_trace+0x196/0x210
[ 2.974007] [] ? do_init_module+0x27/0x1cb
[ 2.974007] [] do_init_module+0x5f/0x1cb
[ 2.974007] [] load_module+0x151e/0x1a70
[ 2.974007] [] ? __symbol_put+0x60/0x60
[ 2.974007] [] ? kernel_read+0x50/0x80
[ 2.974007] [] SYSC_finit_module+0xb4/0xe0
[ 2.974007] [] SyS_finit_module+0xe/0x10
[ 2.974007] [] entry_SYSCALL_64_fastpath+0x12/0x71
[ 2.974007] Code: 28 48 ff c6 4c 0f 44 35 ad b0 bb 00 89 7d d0 89 55 c8 45 31 ff 89 4d cc 4c 89 45 c0 41 83 e4 01 4c 89 4d b8 c7 45 d4 00 00 00 00 <4d> 8b 6e 18 85 db 0f 84 ff 00 00 00 4d 85 ed 0f 84 f6 00 00 00
[ 2.974007] RIP [] acpi_ns_walk_namespace+0x4b/0x193
[ 2.974007] RSP
[ 2.974007] CR2: 0000000000000018
[ 2.974403] ---[ end trace b2bcbe2b32651592 ]---

nullpointerderef.txt

Steps to reproduce the behavior:

I had to 'qvm-prefs -s autostart true' in order to be able to assign the soundcard to any vm at all.

General notes:

I hear the usual/familiar pop from the speakers when the appvm boots, but sound doesn't work.

Related issues:

soundcard unavailable for pci-passthrough unless it is setup early by having the vm to which it is assigned autostart
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 14, 2016

Member

It looks like a bug in kernel driver for this device - it's looking for
ACPI device presence (to check whether it is thinkpad or not, to apply
some fixups), but ACPI is not available in VM at all.

You may receive some more meaningful help from sound or acpi
maintainers, according to MAINTAINERS file in kernel sources:
sound: alsa-devel@alsa-project.org
acpi: linux-acpi@vger.kernel.org

Interesting why starting it early matters at all.

As a workaround, you may try older kernel version (the one that worked
on R3.1) - BTW on which exactly kernel it worked before?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Sep 14, 2016

It looks like a bug in kernel driver for this device - it's looking for
ACPI device presence (to check whether it is thinkpad or not, to apply
some fixups), but ACPI is not available in VM at all.

You may receive some more meaningful help from sound or acpi
maintainers, according to MAINTAINERS file in kernel sources:
sound: alsa-devel@alsa-project.org
acpi: linux-acpi@vger.kernel.org

Interesting why starting it early matters at all.

As a workaround, you may try older kernel version (the one that worked
on R3.1) - BTW on which exactly kernel it worked before?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
@user393

This comment has been minimized.

Show comment
Hide comment
@user393

user393 Sep 14, 2016

Thanks for the pointers : ) . It was working on 4.1.24-10, and I also working with, AFAIR, all versions that I would have been running since whichever one came with R3.0.

Without autostart, any vm to which the soundcard is assigned won't even begin booting

user393 commented Sep 14, 2016

Thanks for the pointers : ) . It was working on 4.1.24-10, and I also working with, AFAIR, all versions that I would have been running since whichever one came with R3.0.

Without autostart, any vm to which the soundcard is assigned won't even begin booting
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Sep 15, 2016

Member

@marmarek: So, should this be closed as notourbug (with a label created for that)?
Member

andrewdavidwong commented Sep 15, 2016

@marmarek: So, should this be closed as notourbug (with a label created for that)?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 15, 2016

Member

On Thu, Sep 15, 2016 at 01:16:56AM -0700, Andrew David Wong wrote:

@marmarek: So, should this be closed as notourbug (with a label created for that)?

Yes, good idea.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Sep 15, 2016

On Thu, Sep 15, 2016 at 01:16:56AM -0700, Andrew David Wong wrote:

@marmarek: So, should this be closed as notourbug (with a label created for that)?

Yes, good idea.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

@andrewdavidwong andrewdavidwong added the notourbug label Sep 15, 2016

@andrewdavidwong andrewdavidwong closed this Sep 15, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment