Re: [PATCH] ktimers subsystem 2.6.14-rc2-kt5

[john stultz]

On Wed, 2005-09-28 at 22:43 +0200, tglx@xxxxxxxxxxxxx wrote:
> +static int enqueue_ktimer(struct ktimer *timer, struct ktimer_base *base,
> +			   ktime_t *tim, int mode)
> +{
> +	struct rb_node **link = &base->active.rb_node;
> +	struct rb_node *parent = NULL;
> +	struct ktimer *entry;
> +	struct list_head *prev = &base->pending;
> +	ktime_t now;
> +
> +	/* Get current time */
> +	now = base->get_time();
> +
> +	/* Timer expiry mode */
> +	switch (mode & ~KTIMER_NOCHECK) {
> +	case KTIMER_ABS:
> +		timer->expires = *tim;
> +		break;
> +	case KTIMER_REL:
> +		timer->expires = ktime_add(now, *tim);
> +		break;
> +	case KTIMER_INCR:
> +		timer->expires = ktime_add(timer->expires, *tim);
> +		break;

...



> +static inline void do_remove_ktimer(struct ktimer *timer,
> +				    struct ktimer_base *base, int rearm)
> +{
> +	list_del(&timer->list);
> +	rb_erase(&timer->node, &base->active);
> +	timer->node.rb_parent = KTIMER_POISON;
> +	timer->status = KTIMER_INACTIVE;
> +	base->count--;
> +	BUG_ON(base->count < 0);
> +	/* Auto rearm the timer ? */
> +	if (rearm && ktime_cmp_val(timer->interval, !=, KTIME_ZERO))
> +		enqueue_ktimer(timer, base, NULL, KTIMER_REARM);
> +}


There's a couple of places like this where you pass NULL as the ktime_t
pointer tim to enqueue_ktimer(). However in enqueue_ktimer, you
dereference tim in a few spots w/o checking for NULL.

I'm guessing this is what Frank is seeing.

thanks
-john


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/