Re: 2.6.17-mm4

From: Ingo Molnar
Date: Thu Jun 29 2006 - 17:13:08 EST

Next message: Gerhard Pircher: "Re: [Alsa-devel] RFC: dma_mmap_coherent() for powerpc/ppc architectureand ALSA?"
Previous message: Jeff Dike: "Re: 2.6.17-mm1: UML failing w/o SKAS enabled"
In reply to: Michal Piotrowski: "Re: 2.6.17-mm4"
Next in thread: Ingo Molnar: "Re: 2.6.17-mm4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Dave Jones <davej@xxxxxxxxxx> wrote:

> On Thu, Jun 29, 2006 at 10:39:33PM +0200, Michal Piotrowski wrote:
>
> > This looks very strange.
> >
> > BUG: unable to handle kernel paging request at virtual address 6b6b6c07
>
> Looks like a use after free.

i'm too hunting use-after-free bugs - the ones fixed below fix certain
crashes, but i'm still seeing a nasty one.

the crash is independent on lockdep enabled or disabled. See:

http://redhat.com/~mingo/misc/

for the config and the crash.log.

Ingo

-----------------
Subject: fix platform_device_put/del mishaps
From: Ingo Molnar <mingo@xxxxxxx>

this fixes drivers/char/pc8736x_gpio.c and drivers/char/scx200_gpio.c
to use the platform_device_del/put ops correctly.

Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
drivers/char/pc8736x_gpio.c | 5 +++--
drivers/char/scx200_gpio.c | 6 +++---
2 files changed, 6 insertions(+), 5 deletions(-)

Index: linux/drivers/char/pc8736x_gpio.c
===================================================================
--- linux.orig/drivers/char/pc8736x_gpio.c
+++ linux/drivers/char/pc8736x_gpio.c
@@ -319,9 +319,10 @@ static int __init pc8736x_gpio_init(void
return 0;

undo_platform_dev_add:
- platform_device_put(pdev);
+ platform_device_del(pdev);
undo_platform_dev_alloc:
- kfree(pdev);
+ platform_device_put(pdev);
+
return rc;
}

Index: linux/drivers/char/scx200_gpio.c
===================================================================
--- linux.orig/drivers/char/scx200_gpio.c
+++ linux/drivers/char/scx200_gpio.c
@@ -126,9 +126,10 @@ static int __init scx200_gpio_init(void)
undo_chrdev_region:
unregister_chrdev_region(dev, num_pins);
undo_platform_device_add:
- platform_device_put(pdev);
+ platform_device_del(pdev);
undo_malloc:
- kfree(pdev);
+ platform_device_put(pdev);
+
return rc;
}

@@ -136,7 +137,6 @@ static void __exit scx200_gpio_cleanup(v
{
kfree(scx200_devices);
unregister_chrdev_region(MKDEV(major, 0), num_pins);
- platform_device_put(pdev);
platform_device_unregister(pdev);
/* kfree(pdev); */
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gerhard Pircher: "Re: [Alsa-devel] RFC: dma_mmap_coherent() for powerpc/ppc architectureand ALSA?"
Previous message: Jeff Dike: "Re: 2.6.17-mm1: UML failing w/o SKAS enabled"
In reply to: Michal Piotrowski: "Re: 2.6.17-mm4"
Next in thread: Ingo Molnar: "Re: 2.6.17-mm4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]