Re: Linux 2.6.38-rc6
From: Dave Airlie
Date: Thu Feb 24 2011 - 20:15:42 EST
On Thu, 2011-02-24 at 16:54 -0800, Linus Torvalds wrote:
> On Thu, Feb 24, 2011 at 4:48 PM, Anca Emanuel <anca.emanuel@xxxxxxxxx> wrote:
> >
> > diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
> > index e2bf953..e8f8925 100644
> > --- a/drivers/video/fbmem.c
> > +++ b/drivers/video/fbmem.c
> > @@ -1511,6 +1511,7 @@ void remove_conflicting_framebuffers(struct
> > apertures_struct *a,
> > "%s vs %s - removing generic driver\n",
> > name, registered_fb[i]->fix.id);
> > unregister_framebuffer(registered_fb[i]);
> > + registered_fb[i] = NULL;
> >
> > Tested the patch, and now I get this:
> > dmesg: http://pastebin.com/ieMNrA7C
> >
> > [ 12.252328] BUG: unable to handle kernel NULL pointer dereference
> > at 00000000000003b8
> > [ 12.252342] IP: [<ffffffff81311178>] fb_mmap+0x58/0x1d0
>
> Ok, goodie.
>
> Or not so goodie, but it does make it clear that yeah, the fb code
> seems to be using stale pointers from that registered_fb[] array, and
> the whole unregistration process is just racing with people using it.
>
> Herton had that much bigger patch, can you test it?
I think Andy's patch worked, not sure why it fell between the cracks,
either didn't appear on lkml or in my inbox at all.
if we can get Herton to repost it properly + a tested by I'm happy for
it to go in.
Dave.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/