Re: 2.6.17-mm4 - Ingo Molnar

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@elte.hu>
To: Dave Jones <davej@redhat.com>,
	Michal Piotrowski <michal.k.k.piotrowski@gmail.com>,
	Andrew Morton <akpm@osdl.org>,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: 2.6.17-mm4
Date: Thu, 29 Jun 2006 23:09:50 +0200	[thread overview]
Message-ID: <20060629210950.GA300@elte.hu> (raw)
In-Reply-To: <20060629204330.GC13619@redhat.com>


* Dave Jones <davej@redhat.com> wrote:

> On Thu, Jun 29, 2006 at 10:39:33PM +0200, Michal Piotrowski wrote:
> 
>  > This looks very strange.
>  > 
>  > BUG: unable to handle kernel paging request at virtual address 6b6b6c07
> 
> Looks like a use after free.

i'm too hunting use-after-free bugs - the ones fixed below fix certain 
crashes, but i'm still seeing a nasty one.

the crash is independent on lockdep enabled or disabled. See:

  http://redhat.com/~mingo/misc/

for the config and the crash.log.

	Ingo

-----------------
Subject: fix platform_device_put/del mishaps
From: Ingo Molnar <mingo@elte.hu>

this fixes drivers/char/pc8736x_gpio.c and drivers/char/scx200_gpio.c
to use the platform_device_del/put ops correctly.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 drivers/char/pc8736x_gpio.c |    5 +++--
 drivers/char/scx200_gpio.c  |    6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

Index: linux/drivers/char/pc8736x_gpio.c
===================================================================
--- linux.orig/drivers/char/pc8736x_gpio.c
+++ linux/drivers/char/pc8736x_gpio.c
@@ -319,9 +319,10 @@ static int __init pc8736x_gpio_init(void
 	return 0;
 
 undo_platform_dev_add:
-	platform_device_put(pdev);
+	platform_device_del(pdev);
 undo_platform_dev_alloc:
-	kfree(pdev);
+	platform_device_put(pdev);
+
 	return rc;
 }
 
Index: linux/drivers/char/scx200_gpio.c
===================================================================
--- linux.orig/drivers/char/scx200_gpio.c
+++ linux/drivers/char/scx200_gpio.c
@@ -126,9 +126,10 @@ static int __init scx200_gpio_init(void)
 undo_chrdev_region:
 	unregister_chrdev_region(dev, num_pins);
 undo_platform_device_add:
-	platform_device_put(pdev);
+	platform_device_del(pdev);
 undo_malloc:
-	kfree(pdev);
+	platform_device_put(pdev);
+
 	return rc;
 }
 
@@ -136,7 +137,6 @@ static void __exit scx200_gpio_cleanup(v
 {
 	kfree(scx200_devices);
 	unregister_chrdev_region(MKDEV(major, 0), num_pins);
-	platform_device_put(pdev);
 	platform_device_unregister(pdev);
 	/* kfree(pdev); */
 }

next prev parent reply	other threads:[~2006-06-29 21:14 UTC|newest]

Thread overview: 65+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-29  8:36 2.6.17-mm4 Andrew Morton
2006-06-29  9:44 ` 2.6.17-mm4 Benoit Boissinot
2006-06-29 11:25 ` 2.6.17-mm one process gets stuck in infinite loop in the kernel Helge Hafting
2006-06-29 17:41   ` Andrew Morton
2006-06-29 20:39     ` Ralf Hildebrandt
2006-06-29 21:00       ` Andrew Morton
2006-06-30 12:48     ` Helge Hafting
2006-06-30 21:54     ` Helge Hafting
2006-06-30 23:55       ` Andrew Morton
2006-07-01 10:58         ` Helge Hafting
2006-07-01 11:05           ` Andrew Morton
2006-06-29 11:44 ` 2.6.17-mm4 Reuben Farrelly
2006-06-29 11:45 ` 2.6.17-mm4 Reuben Farrelly
2006-06-29 17:52   ` 2.6.17-mm4 Andrew Morton
2006-06-30  7:18     ` 2.6.17-mm4 Reuben Farrelly
2006-06-30  7:33       ` 2.6.17-mm4 Andrew Morton
2006-06-29 17:53 ` 2.6.17-mm4 Jesse Brandeburg
2006-06-29 19:05   ` 2.6.17-mm4 Andrew Morton
2006-06-30 23:53     ` 2.6.17-mm4 Jesse Brandeburg
2006-07-01  0:12       ` 2.6.17-mm4 Andrew Morton
2006-07-01  0:17         ` 2.6.17-mm4 Jesse Brandeburg
2006-07-01  0:31           ` 2.6.17-mm4 john stultz
2006-07-01 17:33             ` 2.6.17-mm4 Jesse Brandeburg
2006-07-01 17:56               ` 2.6.17-mm4 john stultz
2006-07-01 23:57                 ` 2.6.17-mm4 Andrew Morton
2006-07-02  2:45                   ` 2.6.17-mm4 john stultz
2006-07-02  3:19                     ` 2.6.17-mm4 Andrew Morton
2006-07-02  3:37                       ` 2.6.17-mm4 john stultz
2006-07-01  0:52           ` 2.6.17-mm4 Andrew Morton
2006-07-01 18:18             ` 2.6.17-mm4 Jesse Brandeburg
2006-07-01  0:22         ` 2.6.17-mm4 Andrew Morton
2006-06-29 19:20 ` [-mm patch] drivers/message/fusion/mptsas.c: make 2 functions static Adrian Bunk
2006-06-29 19:20 ` [-mm patch] fs/nfs/: " Adrian Bunk
2006-06-29 19:36 ` Possible circular locking dependency detected in Reiser4 Andrew James Wade
2006-06-29 20:39 ` 2.6.17-mm4 Michal Piotrowski
2006-06-29 20:43   ` 2.6.17-mm4 Dave Jones
2006-06-29 20:46     ` 2.6.17-mm4 Michal Piotrowski
2006-06-29 20:49       ` 2.6.17-mm4 Dave Jones
2006-06-29 20:57         ` 2.6.17-mm4 Michal Piotrowski
2006-06-29 20:58       ` 2.6.17-mm4 Andrew Morton
2006-06-29 21:41         ` 2.6.17-mm4 Michal Piotrowski
2006-06-29 21:09     ` Ingo Molnar [this message]
2006-06-29 23:05       ` 2.6.17-mm4 Ingo Molnar
2006-06-30 10:07         ` 2.6.17-mm4 Alan Cox
2006-06-30  9:50           ` 2.6.17-mm4 Ingo Molnar
2006-06-30  9:54           ` 2.6.17-mm4 Arjan van de Ven
2006-06-30 11:01             ` 2.6.17-mm4 Andreas Mohr
2006-06-30 12:14             ` 2.6.17-mm4 Alan Cox
2006-06-30 17:27               ` 2.6.17-mm4 Dave Jones
2006-06-30 17:52                 ` 2.6.17-mm4 Alan Cox
2006-06-29 21:40 ` 2.6.17-mm4 Chris Rode
2006-06-29 22:18   ` 2.6.17-mm4 Andrew Morton
2006-06-29 23:27 ` 2.6.17-mm4 Ingo Molnar
2006-06-30 19:20 ` 2.6.17-mm4 Manuel Lauss
2006-06-30 23:26   ` 2.6.17-mm4 Andrew Morton
2006-07-01  7:12     ` 2.6.17-mm4 Manuel Lauss
2006-06-30 20:16 ` 2.6.17-mm4 Rafael J. Wysocki
2006-07-01 11:11 ` 2.6.17-mm4 raid bugs & traces Helge Hafting
2006-07-01 11:52   ` Andrew Morton
2006-07-01 16:25   ` Helge Hafting
2006-07-02  5:38     ` Reuben Farrelly
2006-07-02 18:46       ` Helge Hafting
2006-07-03 13:10         ` David Greaves
  -- strict thread matches above, loose matches on Subject: below --
2006-06-30 10:07 2.6.17-mm4 Chuck Ebbert
2006-06-30 10:22 ` 2.6.17-mm4 Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060629210950.GA300@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@osdl.org \
    --cc=davej@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michal.k.k.piotrowski@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox