Bug 119954

Summary: (ACPI PATCH)Opps after 'rmmod button'
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: acpi-bugzilla, pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-16 17:02:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114963, 123268    
Attachments:
Description Flags
A patch used in an attempt to fix "remove button none

Description Michal Jaegermann 2004-04-04 03:53:25 UTC 
Description of problem:
There is really no "button" on my machine to be handled by ACPI
and 'lsmod' shows usage 0.  Still 'rmmod button' ends up with
the following oops:

kernel BUG at fs/proc/generic.c:660!
invalid operand: 0000 [#1]
SMP 
CPU:    0
EIP:    0060:[<0218f128>]    Not tainted
EFLAGS: 00010202   (2.6.4-1.305smp) 
EIP is at remove_proc_entry+0xa6/0xf6
eax: 21ecc4b0   ebx: 228615f5   ecx: 00000000   edx: 21ecc4b0
esi: 21ecc4b0   edi: 20e82d80   ebp: 00000006   esp: 1ede3f50
ds: 007b   es: 007b   ss: 0068
Process rmmod (pid: 1218, threadinfo=1ede3000 task=1ee68670)
Stack: 21ecc480 228615f5 22861f80 02314b38 00000000 1ede3000 228614b2
0213817d 
       00000000 74747562 21006e6f 21015380 f70cb000 02150345 21ee7e00
f70cc000 
       021507f3 210153bc 1ed6a140 1f776080 00000246 21015380 1ede3fc0
00000004 
Call Trace:
 [<228614b2>] acpi_button_exit+0x1a/0x1b [button]
 [<0213817d>] sys_delete_module+0x115/0x157
 [<02150345>] unmap_vma_list+0xe/0x17
 [<021507f3>] do_munmap+0x17e/0x18a
 [<0211c220>] do_page_fault+0x0/0x4b0

Code: 0f 0b 94 02 3a de 2d 02 8b 47 40 85 c0 75 09 89 f8 e8 0c ff 

This is ACPI information from dmesg:

ACPI: S3 and PAE do not like each other for now, S3 disabled.
ACPI: RSDP (v000 PTLTD                                     ) @ 0x000f7190
ACPI: RSDT (v001 PTLTD    RSDT   0x06040000  LTP 0x00000000) @ 0x1fefd123
ACPI: FADT (v001 AMD    TECATE   0x06040000 PTL  0x000f4240) @ 0x1fefef2e
ACPI: MADT (v001 PTLTD  	 APIC   0x06040000  LTP 0x00000000) @
0x1fefefa2ACPI: DSDT (v001    AMD  AMDACPI 0x06040000 MSFT 0x0100000d)
@ 0x00000000
ACPI: PM-Timer IO Port: 0x8008
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x00] lapic_id[0x01] enabled)
ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1])
ACPI: IOAPIC (id[0x02] address[0xfec00000] global_irq_base[0x0])
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 high edge)
Using ACPI (MADT) for SMP configuration information
ACPI: Subsystem revision 20040326
ACPI: Interpreter enabled
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (00:00)
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.AGP_._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.OP2P._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 5 *10 11)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 5 10 11)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 5 *10 11)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 *5 10 11)

Yes, I know; "don't do it then".  Still oops is not that nice.

Version-Release number of selected component (if applicable):
kernel 2.6.4-1.305smp

How reproducible:
100%
Comment 1 Len Brown 2004-04-16 06:52:18 UTC 
Perhaps you can test the fix here: 
http://bugzilla.kernel.org/show_bug.cgi?id=2281
Comment 2 Michal Jaegermann 2004-04-18 00:44:11 UTC 
> Perhaps you can test the fix here: 
> http://bugzilla.kernel.org/show_bug.cgi?id=2281

A patch in this location is for 2.4 and not for 2.6.  Still
based on it I made something which seems to be an equivalent
for 2.6.5-1.326smp (attached).  Unfortunately this does not work.
In the same location this is causing somewhat different oops:

kernel BUG at fs/proc/generic.c:660!
invalid operand: 0000 [#1]
SMP
CPU:    0
EIP:    0060:[<021884fc>]    Not tainted
EFLAGS: 00010206   (2.6.5-1.326smp)
EIP is at remove_proc_entry+0xa6/0xf6
eax: 21ec3d30   ebx: 2284461d   ecx: 00000000   edx: 21ec3d30
esi: 21ec3d30   edi: 21c7d400   ebp: 00000006   esp: 1f66ef50
ds: 007b   es: 007b   ss: 0068
Process rmmod (pid: 1170, threadinfo=1f66e000 task=1eaae870)
Stack: 21ec3d00 2284461d 22845880 0231209c 00000000 1f66e000 228444d8
02133778
       00000000 74747562 1d006e6f 1dc76080 f70e3000 0214a8b0 1e141a00
00000001
       023d0000 02369000 02107c1f 1f66e000 02310238 1dc76080 1f66efc0
00000004
Call Trace:
 [<228444d8>] acpi_button_exit+0x40/0x41 [button]
 [<02133778>] sys_delete_module+0x124/0x166
 [<0214a8b0>] unmap_vma_list+0xe/0x17
 [<02107c1f>] do_IRQ+0x1c5/0x225

Code: 0f 0b 94 02 83 a6 2d 02 8b 47 40 85 c0 75 09 89 f8 e8 0c ff

and after that a machine dies immediately or pretty soon.

It is possible that my "port" is not really correct and/or sufficient.
Comment 3 Michal Jaegermann 2004-04-18 00:46:22 UTC 
Created attachment 99510 [details]
A patch used in an attempt to fix "remove button
Comment 4 shaohua li 2004-04-19 08:17:44 UTC 
And how about the patch in http://bugzilla.kernel.org/show_bug.cgi?
id=2457. It fixes similar issue for processor but it applied on 
Button driver as well. Thanks
Comment 5 Chris Tooley 2004-06-10 13:08:09 UTC 
Using the patch at bug id 2457 I was able to manually apply the patch
to a 2.6.5-1.358 kernel but without any progress.  I also downloaded
and built a 2.6.6 tree from kernel.org using the .config from my 358
kernel.   I'm still getting an oops removing battery, button, ac, et al.
Comment 6 Len Brown 2004-11-18 04:15:23 UTC 
still an issue in 2.6.9?
Comment 7 Michal Jaegermann 2004-11-21 01:22:10 UTC 
> still an issue in 2.6.9?
It does not seem to be at least when using 2.6.9-1.650_devel.
Comment 8 Dave Jones 2004-11-21 21:06:54 UTC 
Len, this is still an issue in mainline 2.6.9, as we carry a hack so that we
never kfree the object that gets referenced later..

diff -urNp linux-1130/drivers/acpi/ec.c linux-10000/drivers/acpi/ec.c
--- linux-1130/drivers/acpi/ec.c
+++ linux-10000/drivers/acpi/ec.c
@@ -600,7 +600,7 @@ acpi_ec_add (

        acpi_remove_gpe_handler(NULL, ec_ecdt->gpe_bit, &acpi_ec_gpe_handler);

-       kfree(ec_ecdt);
+//     kfree(ec_ecdt);
    }

    /* Get GPE bit assignment (EC events). */


Obviously, this is a really ugly hack, but leaking a few bytes at rmmod time is
favourable over crashing until this gets fixed properly.
Comment 9 Dave Jones 2005-07-15 18:32:58 UTC 
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.