Possible broken MM code in dell-laptop.c?

[Pali RohÃr]

Hello,

in drivers/platform/x86/dell-laptop.c is this part of code:

static int __init dell_init(void)
{
...
	/*
	 * Allocate buffer below 4GB for SMI data--only 32-bit physical addr
	 * is passed to SMI handler.
	 */
	bufferpage = alloc_page(GFP_KERNEL | GFP_DMA32);
	if (!bufferpage) {
		ret = -ENOMEM;
		goto fail_buffer;
	}
	buffer = page_address(bufferpage);

	ret = dell_setup_rfkill();

	if (ret) {
		pr_warn("Unable to setup rfkill\n");
		goto fail_rfkill;
	}
...
fail_rfkill:
	free_page((unsigned long)bufferpage);
fail_buffer:
...
}

Then there is another part:

static void __exit dell_exit(void)
{
...
	free_page((unsigned long)buffer);
}

I suspect that there is some problem with free_page() call. In dell_init 
is called free_page() on bufferpage and in dell_exit() on buffer.

Matthew and Stuart, you introduced this inconsistency in commit:

-------------------------------------------------
commit 116ee77b2858d9c89c0327f3a47c8ba864bf4a96
Author: Stuart Hayes <stuart_hayes@xxxxxxxx>
Committer: Matthew Garrett <mjg@xxxxxxxxxx>
Date:   Wed Feb 10 14:12:13 2010 -0500

    dell-laptop: Use buffer with 32-bit physical address

    Calls to communicate with system firmware via a SMI (using dcdbas)
    need to use a buffer that has a physical address of 4GB or less.
    Currently the dell-laptop driver does not guarantee this, and when 
the
    buffer address is higher than 4GB, the address is truncated to 32 
bits
    and the SMI handler writes to the wrong memory address.
    
    Signed-off-by: Stuart Hayes <stuart_hayes@xxxxxxxx>
    Acked-by: Matthew Garrett <mjg@xxxxxxxxxx>
-------------------------------------------------

Can you or somebody else (CCed linux-mm) look at this page related code? 
I think it is wrong, but somebody authoritative should provide answer.

Thanks.

-- 
Pali RohÃr
pali.rohar@xxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part.