From: Artem Bityutskiy <dedekind1@gmail.com>
To: Adrian Hunter <adrian.hunter@nokia.com>
Cc: "Bityutskiy Artem \(Nokia-M/Helsinki\)"
<Artem.Bityutskiy@nokia.com>,
"linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Daniel Mack <daniel@caiaq.de>,
Adrian Hunter <ext-adrian.hunter@nokia.com>
Subject: Re: ubifs: error unwinding trouble
Date: Fri, 24 Jul 2009 15:17:46 +0300 [thread overview]
Message-ID: <1248437866.24676.79.camel@localhost> (raw)
In-Reply-To: <4A6991A5.4020105@nokia.com>
On Fri, 2009-07-24 at 13:49 +0300, Adrian Hunter wrote:
> Daniel Mack wrote:
> > On a recent git kernel, the error unwinding for UBIFS seems to have some
> > problem, most probably a double-free or something similar.
> >
> > When UBI is pointed to the right mtd partition (using command line
> > arguments) , everything is fine. But when it's (accidentionally) set to
> > some very small mtd, the attach process fails. Which wouldn't be a bad
> > thing by itself, but it somehow messes up the slub/slab allocators then
> > which causes very strange memory corruption effects - see the backtrace
> > below.
> >
> > The Ooops itself is unreleated to UBI, but it does not occur when UBI
> > succeeds in attaching the volume.
> >
> > Any idea? I searched for awhile but couldn't see anything obvious.
>
> Looks like a double free of the eba_tbl
>
> This might help:
>
> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c
> index 0f2034c..e4d9ef0 100644
> --- a/drivers/mtd/ubi/eba.c
> +++ b/drivers/mtd/ubi/eba.c
> @@ -1254,6 +1254,7 @@ out_free:
> if (!ubi->volumes[i])
> continue;
> kfree(ubi->volumes[i]->eba_tbl);
> + ubi->volumes[i]->eba_tbl = NULL;
> }
> return err;
> }
You are right. I've just pushed your patch to ubi-2.6.git/master.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)
WARNING: multiple messages have this Message-ID (diff)
From: Artem Bityutskiy <dedekind1@gmail.com>
To: Adrian Hunter <adrian.hunter@nokia.com>
Cc: Daniel Mack <daniel@caiaq.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Adrian Hunter <ext-adrian.hunter@nokia.com>,
"linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>,
"Bityutskiy Artem (Nokia-M/Helsinki)"
<Artem.Bityutskiy@nokia.com>
Subject: Re: ubifs: error unwinding trouble
Date: Fri, 24 Jul 2009 15:17:46 +0300 [thread overview]
Message-ID: <1248437866.24676.79.camel@localhost> (raw)
In-Reply-To: <4A6991A5.4020105@nokia.com>
On Fri, 2009-07-24 at 13:49 +0300, Adrian Hunter wrote:
> Daniel Mack wrote:
> > On a recent git kernel, the error unwinding for UBIFS seems to have some
> > problem, most probably a double-free or something similar.
> >
> > When UBI is pointed to the right mtd partition (using command line
> > arguments) , everything is fine. But when it's (accidentionally) set to
> > some very small mtd, the attach process fails. Which wouldn't be a bad
> > thing by itself, but it somehow messes up the slub/slab allocators then
> > which causes very strange memory corruption effects - see the backtrace
> > below.
> >
> > The Ooops itself is unreleated to UBI, but it does not occur when UBI
> > succeeds in attaching the volume.
> >
> > Any idea? I searched for awhile but couldn't see anything obvious.
>
> Looks like a double free of the eba_tbl
>
> This might help:
>
> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c
> index 0f2034c..e4d9ef0 100644
> --- a/drivers/mtd/ubi/eba.c
> +++ b/drivers/mtd/ubi/eba.c
> @@ -1254,6 +1254,7 @@ out_free:
> if (!ubi->volumes[i])
> continue;
> kfree(ubi->volumes[i]->eba_tbl);
> + ubi->volumes[i]->eba_tbl = NULL;
> }
> return err;
> }
You are right. I've just pushed your patch to ubi-2.6.git/master.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)
next prev parent reply other threads:[~2009-07-24 12:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-24 10:30 ubifs: error unwinding trouble Daniel Mack
2009-07-24 10:30 ` Daniel Mack
2009-07-24 10:49 ` Adrian Hunter
2009-07-24 10:49 ` Adrian Hunter
2009-07-24 12:17 ` Artem Bityutskiy [this message]
2009-07-24 12:17 ` Artem Bityutskiy
2009-07-24 15:46 ` Daniel Mack
2009-07-24 15:46 ` Daniel Mack
2009-07-24 15:47 ` Artem Bityutskiy
2009-07-24 15:47 ` Artem Bityutskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1248437866.24676.79.camel@localhost \
--to=dedekind1@gmail.com \
--cc=Artem.Bityutskiy@nokia.com \
--cc=adrian.hunter@nokia.com \
--cc=daniel@caiaq.de \
--cc=ext-adrian.hunter@nokia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.