chan is an index variable, used to loop over a list of channels, and here
it is used _after_ the loop, in which case it doesn't point to a DMA
channel struct anymore. Dereferencing it leads to a corruption of a random
memory location, which in my case was a pointer inside a clock struct. Fix
it by using a local variable pointing to the DMA device.
Signed-off-by: Guennadi Liakhovetski <[email protected]>
---
Guys, this was a _real_ bad joke, cost me almost a day, and that patch has
been reviewed by two persons...
<rant>
So far 2.6.29(-next) has been very bad for me, regressions all over the
place, lots of wasted time hunting them down:-(
</rant>
diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
index 59e0fb2..92438e9 100644
--- a/drivers/dma/dmaengine.c
+++ b/drivers/dma/dmaengine.c
@@ -726,7 +726,7 @@ int dma_async_device_register(struct dma_device *device)
}
list_add_tail_rcu(&device->global_node, &dma_device_list);
if (dma_has_cap(DMA_PRIVATE, device->cap_mask))
- chan->device->privatecnt++; /* Always private */
+ device->privatecnt++; /* Always private */
dma_channel_rebalance();
mutex_unlock(&dma_list_mutex);
Guennadi Liakhovetski wrote:
> chan is an index variable, used to loop over a list of channels, and here
> it is used _after_ the loop, in which case it doesn't point to a DMA
> channel struct anymore. Dereferencing it leads to a corruption of a random
> memory location, which in my case was a pointer inside a clock struct. Fix
> it by using a local variable pointing to the DMA device.
>
> Signed-off-by: Guennadi Liakhovetski <[email protected]>
> ---
>
> Guys, this was a _real_ bad joke, cost me almost a day, and that patch has
> been reviewed by two persons...
>
> <rant>
> So far 2.6.29(-next) has been very bad for me, regressions all over the
> place, lots of wasted time hunting them down:-(
> </rant>
>
Guennadi,
Thanks for testing the 'next' branch and finding this before it hit
mainline. I will fold this change into the existing commit with a
[[email protected]: fix bad usage of 'chan' in dma_async_device_register]
Regards,
Dan
On Tue, 31 Mar 2009 18:07:34 +0200 (CEST), Guennadi Liakhovetski <[email protected]> wrote:
> chan is an index variable, used to loop over a list of channels, and here
> it is used _after_ the loop, in which case it doesn't point to a DMA
> channel struct anymore. Dereferencing it leads to a corruption of a random
> memory location, which in my case was a pointer inside a clock struct. Fix
> it by using a local variable pointing to the DMA device.
>
> Signed-off-by: Guennadi Liakhovetski <[email protected]>
Oops! your fix is correct. Thank you for fixing this nasty bug.
---
Atsushi Nemoto