From: NeilBrown <neilb@suse.de>
To: Jarkko Nikula <jarkko.nikula@bitmer.com>
Cc: Peter Ujfalusi <peter.ujfalusi@ti.com>,
Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>,
Tony Lindgren <tony@atomide.com>,
linux-omap@vger.kernel.org, lkml <linux-kernel@vger.kernel.org>
Subject: Commit 09d28d2c19 introduces set-after-free in arch/arm/mach-omap2/mcbsp.c
Date: Sun, 11 Dec 2011 17:08:13 +1100 [thread overview]
Message-ID: <20111211170813.02fd478a@notabene.brown> (raw)
[-- Attachment #1: Type: text/plain, Size: 2166 bytes --]
Hi,
commit 09d28d2c19fe5c2d51b3133329584166dec89f86
Author: Jarkko Nikula <jarkko.nikula@bitmer.com>
Date: Mon Sep 26 10:45:48 2011 +0300
ARM: OMAP: mcbsp: Start generalize omap2_mcbsp_set_clks_src
...
contains (when displayed with "-U10"):
diff --git a/arch/arm/mach-omap2/mcbsp.c b/arch/arm/mach-omap2/mcbsp.c
index 92bd5e2..3dd4c47 100644
--- a/arch/arm/mach-omap2/mcbsp.c
+++ b/arch/arm/mach-omap2/mcbsp.c
....
@@ -181,20 +173,21 @@ static int omap_init_mcbsp(struct omap_hwmod *oh, void *unused)
}
pdev = omap_device_build_ss(name, id, oh_device, count, pdata,
sizeof(*pdata), omap2_mcbsp_latency,
ARRAY_SIZE(omap2_mcbsp_latency), false);
kfree(pdata);
if (IS_ERR(pdev)) {
pr_err("%s: Can't build omap_device for %s:%s.\n", __func__,
name, oh->name);
return PTR_ERR(pdev);
}
+ pdata->set_clk_src = omap2_mcbsp_set_clk_src;
omap_mcbsp_count++;
return 0;
}
static int __init omap2_mcbsp_init(void)
{
omap_hwmod_for_each_by_class("mcbsp", omap_init_mcbsp, NULL);
mcbsp_ptr = kzalloc(omap_mcbsp_count * sizeof(struct omap_mcbsp *),
GFP_KERNEL);
which sets a field in pdata after it has been freed.
commit 7bc0c4bac72375517d904e02c46da2a23e079e8b
Author: Jarkko Nikula <jarkko.nikula@bitmer.com>
Date: Mon Sep 26 10:45:49 2011 +0300
then adds
@@ -181,6 +184,8 @@ static int omap_init_mcbsp(struct omap_hwmod *oh, void *unused)
return PTR_ERR(pdev);
}
pdata->set_clk_src = omap2_mcbsp_set_clk_src;
+ if (id == 1)
+ pdata->mux_signal = omap2_mcbsp1_mux_rx_clk;
omap_mcbsp_count++;
return 0;
}
which sets another field.
Should these settings just be moved up before the call to
omap_device_build_ss?? Doing that removes
[ 0.196014] Slab corruption: size-32 start=ded3edc0, len=32
warning.
Thanks,
NeilBrown
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next reply other threads:[~2011-12-11 6:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-11 6:08 NeilBrown [this message]
2011-12-12 8:15 ` Commit 09d28d2c19 introduces set-after-free in arch/arm/mach-omap2/mcbsp.c Jarkko Nikula
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111211170813.02fd478a@notabene.brown \
--to=neilb@suse.de \
--cc=jarkko.nikula@bitmer.com \
--cc=jkrzyszt@tis.icnet.pl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-omap@vger.kernel.org \
--cc=peter.ujfalusi@ti.com \
--cc=tony@atomide.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.