Re: PROBLEM: __list_del_entry in lib/list_debug.c does not deletethe node if the list is corrupted
From: Dave Jones
Date: Thu Jan 17 2013 - 09:51:59 EST
On Thu, Jan 17, 2013 at 03:53:11PM +0530, Shankar Brahadeeswaran wrote:
> Hi,
> The following is the Bug Report on list_debug.c implementation.
>
> [1.] The __list_del_entry implemented in lib/list_debug.c does not
> delete the node if the list is corrupted
>
> [2.] Full description of the problem/report:
> The function __list_del_entry implemented in include/linux/list.h
> always removes the node from the list it belongs to.
> But the same function implemented in lib/list_debug.c does not remove
> the node if the list it belongs to is corrupted.
> So based on whether CONFIG_DEBUG_LIST is defined or not the behavior
> of the function __list_del_entry changes
If the list is corrupt, we don't know if it's safe to do further
manipulation. Those nodes could be pointing anywhere, and dereferencing them
could lead to oopses, GPFs or even lockups depending on config options,
and what the corrupt pointers are.
> [2.1] Use Case in which the problem is seen (Assume that
> CONFIG_DEBUG_LIST is defined so implementation used is from
> list_debug.c)
> In the AOSP kernel version the file dpm_prepare in file
> drivers/base/power/main.c moves the "device" from dpm_list to
> dpm_prepare list.
> The following line of code does it.
>
> list_move_tail(&dev->power.entry, &dpm_prepared_list);
>
> Now the implementation of list_move_tail (include/linux/list.h) is as follows
> __list_del_entry(list);
> list_add_tail(list, head);
>
> If the list in which &dev->power.entry lives (dpm_list) is corrupted
> then the first call will not delete the node (Warning is thrown and
> returns)
Find out why that list is corrupt, and fix that.
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/