From: Kronos <kronos@kronoz.cjb.net>
To: Russell King <rmk@arm.linux.org.uk>
Cc: linux-fbdev-devel@lists.sourceforge.net,
James Simmons <jsimmons@infradead.org>
Subject: Re: [PATCH] cyber2000fb: New framebuffer_alloc API and class_dev changes
Date: Mon, 15 Sep 2003 23:28:09 +0200 [thread overview]
Message-ID: <20030915212809.GA24924@dreamland.darkstar.lan> (raw)
In-Reply-To: <20030915220742.G10328@flint.arm.linux.org.uk>
Il Mon, Sep 15, 2003 at 10:07:42PM +0100, Russell King ha scritto:
> > struct cfb_info {
> > - struct fb_info fb;
> > + struct fb_info *fb;
>
> Oh god, do we have to add yet another level of indirection all over
> the framebuffer code?
Ok, I've been to vague...
Now there is a class_dev embedded in fb_info which registered with the
driver model. We need a dynamically allocated struct fb_info.
>
> > @@ -1635,6 +1638,16 @@
> > return err;
> > }
> >
> > +static void release_cfb_info(struct fb_info *info) {
> > + struct cfb_info *cfb = info->par;
> > +
> > + iounmap(cfb->region);
> > + fb_alloc_cmap(&info->cmap, 0, 0);
> > +
> > + if (cfb->dev)
> > + pci_release_regions(cfb->dev);
> > +}
> > +
> > static void __devexit cyberpro_pci_remove(struct pci_dev *dev)
> > {
> > struct cfb_info *cfb = pci_get_drvdata(dev);
>
> Who says "cfb->dev" remains valid after the PCI device has been removed.
> This looks like a perfect use-after-free bug waiting to happen.
cfb->dev is refcounted, it won't go away until we are done with the
cleanup. Maybe I misread driver core code...
Luca
--
Reply-To: kronos@kronoz.cjb.net
Home: http://kronoz.cjb.net
Windows NT: Designed for the Internet. The Internet: Designed for Unix.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
next prev parent reply other threads:[~2003-09-15 21:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-15 19:43 [PATCH] cyber2000fb: New framebuffer_alloc API and class_dev changes Kronos
2003-09-15 21:07 ` Russell King
2003-09-15 21:28 ` Kronos [this message]
2003-09-15 21:33 ` Russell King
2003-09-15 22:04 ` Kronos
2003-09-15 21:40 ` Russell King
2003-09-15 22:17 ` Kronos
2003-09-15 22:58 ` Russell King
2003-09-16 13:40 ` Kronos
2003-09-16 13:44 ` Russell King
2003-09-16 14:17 ` Kronos
2003-09-16 14:52 ` Russell King
2003-09-16 15:17 ` Kronos
2003-09-16 15:29 ` Russell King
2003-09-17 19:37 ` James Simmons
2003-09-17 19:41 ` Russell King
2003-09-17 19:58 ` James Simmons
2003-09-17 20:13 ` James Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030915212809.GA24924@dreamland.darkstar.lan \
--to=kronos@kronoz.cjb.net \
--cc=jsimmons@infradead.org \
--cc=linux-fbdev-devel@lists.sourceforge.net \
--cc=rmk@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.