[2Alexander: the memory breakage I mentioned looks to be actually not a
memory breakage, but a bug in linux device model code. So I'm reporting it
to kernel mailing list]
Hello.
While developing a driver for an embedded system, I am getting crashes in
calls to device_find().
I tried to find out what is going on, and found the following.
Device seems to be added it's bus'es device list in bus_add_device() by the
following statement:
list_add_tail(&dev->bus_list, &dev->bus->devices.list);
So struct device object gets linked to bus->devices.list using it's
bus_list field.
However, device_find() calls kset_find_obj(&bus->devices, name), which in
turn dereferences bus->devices in the following statement:
list_for_each(entry,&kset->list) {
struct kobject * k = to_kobj(entry);
...
where kset->list is the above bus->devices.list, and to_kobj is defined as
container_of(entry,struct kobject,entry)
So it assumes that objects are linked to bus->devices.list using
kobject::entry field. But actually struct device objects are linked to
bus->devices.list using their bus_list field, not kobj.entry field!
So code in kset_find_obj() gets an invalid pointer to kobj, which leads to
a crash.
Looks like a bug.
The above code snippets all exist in (currently latest) 2.6.12-pre4 kernel
tree from kernel.org.
I'm not familiar with linux device model. Could someone please help to find
the best way to fix this (other than not using device_find() at all)?
Nikita Youshchenko
P.S.
Please CC replies to my e-mail address, [email protected]