From: Jeff Garzik <jeff@garzik.org>
To: Hannes Reinecke <hare@suse.de>
Cc: "Randy.Dunlap" <rdunlap@xenotime.net>, linux-ide@vger.kernel.org
Subject: Re: [PATCH] libata crashes on incorrectly initialised ports
Date: Mon, 13 Mar 2006 04:26:03 -0500 [thread overview]
Message-ID: <44153AAB.1000201@garzik.org> (raw)
In-Reply-To: <44153810.10702@suse.de>
Hannes Reinecke wrote:
> Hi all,
>
> Randy found an interesting usage of the label 'err_out' in
> libata-core.c:ata_device_add().
>
> 'err_out' is meant to be called to teardown existing sysfs entries.
> As such is it clearly wrong to call it if the sysfs registration fails.
>
> Please apply.
>
> Cheers,
>
> Hannes
>
>
> ------------------------------------------------------------------------
>
> From: Hannes Reinecke <hare@suse.de>
> Subject: libata crashes on incorrectly initialized ports
>
> Randy Dunlap noted:
> With the update ahci I am getting these messages (typed by
> me, no serial port for console), but ata2 drive is not present (!?):
>
> ata2: could not start DMA engine
> BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
>
> plus a Call Trace like so (names only transcribed here):
> class_device_del
> class_device_unregister
> scsi_remove_host
> ata_host_remove
> ata_device_add
> ahci_init_one
> ... normal pci driver init/register functions ...
>
>
> The label 'err_out' is used twice; the first usage of which is wrong
> as there is not host registered in sysfs which we could deregister.
> In fact, we haven't done anything (yet) so we might as well return
> here.
>
> Signed-off-by: Hannes Reinecke <hare@suse.de>
>
> diff --git a/drivers/scsi/libata-core.c b/drivers/scsi/libata-core.c
> index ab3257a..42e5c40 100644
> --- a/drivers/scsi/libata-core.c
> +++ b/drivers/scsi/libata-core.c
> @@ -4578,7 +4578,7 @@ int ata_device_add(const struct ata_prob
>
> ap = ata_host_add(ent, host_set, i);
> if (!ap)
> - goto err_out;
> + return 0;
NAK: This patch adds memory leaks.
The clear intent of the error handling was to clean up host_set and the
ports allocated so far. 'return 0' just leaks all that stuff, rather
than performing the incorrect error handling ;-)
AFAICT, all the error handling at the err_out label is correct, save for
one detail: do_unregister argument passed to ata_host_remove() should
be zero for the err_out callsite we are discussing.
Jeff
next prev parent reply other threads:[~2006-03-13 9:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-13 9:14 [PATCH] libata crashes on incorrectly initialised ports Hannes Reinecke
2006-03-13 9:26 ` Jeff Garzik [this message]
2006-03-13 10:00 ` Hannes Reinecke
2006-03-13 10:09 ` Jeff Garzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44153AAB.1000201@garzik.org \
--to=jeff@garzik.org \
--cc=hare@suse.de \
--cc=linux-ide@vger.kernel.org \
--cc=rdunlap@xenotime.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.