From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751662AbbFNJFT (ORCPT ); Sun, 14 Jun 2015 05:05:19 -0400 Received: from mail-wg0-f54.google.com ([74.125.82.54]:33775 "EHLO mail-wg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751035AbbFNJFK (ORCPT ); Sun, 14 Jun 2015 05:05:10 -0400 From: Pali =?utf-8?q?Roh=C3=A1r?= To: Hans de Goede , Darren Hart , Ben Skeggs , Stuart Hayes , Matthew Garrett , Andrew Morton , Michal Hocko Subject: Possible broken MM code in dell-laptop.c? Date: Sun, 14 Jun 2015 11:05:07 +0200 User-Agent: KMail/1.13.7 (Linux/3.13.0-54-generic; KDE/4.14.2; x86_64; ; ) Cc: platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4151917.2Ma5RsCSLe"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201506141105.07171@pali> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --nextPart4151917.2Ma5RsCSLe Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, in drivers/platform/x86/dell-laptop.c is this part of code: static int __init dell_init(void) { =2E.. /* * Allocate buffer below 4GB for SMI data--only 32-bit physical addr * is passed to SMI handler. */ bufferpage =3D alloc_page(GFP_KERNEL | GFP_DMA32); if (!bufferpage) { ret =3D -ENOMEM; goto fail_buffer; } buffer =3D page_address(bufferpage); ret =3D dell_setup_rfkill(); if (ret) { pr_warn("Unable to setup rfkill\n"); goto fail_rfkill; } =2E.. fail_rfkill: free_page((unsigned long)bufferpage); fail_buffer: =2E.. } Then there is another part: static void __exit dell_exit(void) { =2E.. free_page((unsigned long)buffer); } I suspect that there is some problem with free_page() call. In dell_init=20 is called free_page() on bufferpage and in dell_exit() on buffer. Matthew and Stuart, you introduced this inconsistency in commit: =2D------------------------------------------------ commit 116ee77b2858d9c89c0327f3a47c8ba864bf4a96 Author: Stuart Hayes Committer: Matthew Garrett Date: Wed Feb 10 14:12:13 2010 -0500 dell-laptop: Use buffer with 32-bit physical address Calls to communicate with system firmware via a SMI (using dcdbas) need to use a buffer that has a physical address of 4GB or less. Currently the dell-laptop driver does not guarantee this, and when=20 the buffer address is higher than 4GB, the address is truncated to 32=20 bits and the SMI handler writes to the wrong memory address. =20 Signed-off-by: Stuart Hayes Acked-by: Matthew Garrett =2D------------------------------------------------ Can you or somebody else (CCed linux-mm) look at this page related code?=20 I think it is wrong, but somebody authoritative should provide answer. Thanks. =2D-=20 Pali Roh=C3=A1r pali.rohar@gmail.com --nextPart4151917.2Ma5RsCSLe Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAlV9Q8MACgkQi/DJPQPkQ1J0UACdHR0APSrYqgL+780YeaHg5762 rN4AoKgqmDBEOE0OFNDra9d8ZG+anJ5z =cav6 -----END PGP SIGNATURE----- --nextPart4151917.2Ma5RsCSLe--