Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755417Ab0KFOxO (ORCPT ); Sat, 6 Nov 2010 10:53:14 -0400 Received: from smtp1.linux-foundation.org ([140.211.169.13]:40918 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754061Ab0KFOxN (ORCPT ); Sat, 6 Nov 2010 10:53:13 -0400 MIME-Version: 1.0 In-Reply-To: <20101106121605.GA6736@redhat.com> References: <20101103161638.ddc75ace.randy.dunlap@oracle.com> <4CD48D5E.10309@oracle.com> <20101106121605.GA6736@redhat.com> From: Linus Torvalds Date: Sat, 6 Nov 2010 07:52:15 -0700 Message-ID: Subject: Re: Linux 2.6.37-rc1 (floppy module load: no device found) To: Vivek Goyal Cc: Randy Dunlap , Jens Axboe , David Miller , Eric Dumazet , Linux Kernel Mailing List Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1021 Lines: 24 On Sat, Nov 6, 2010 at 5:16 AM, Vivek Goyal wrote: > > While scanning the floopy code, I found one more instance of trying to > access disk->queue pointer after doing put_disk() on gendisk. For some > reason, floppy moule still loads/unloads fine. May be object is still > around with right pointer values. Yes - the normal use-after-free is fairly silent and only causes problems if something re-allocates the same memory immediately, which is quite a small race to hit under normal load. But if you had had slab poisoning on, you'd have seen the same oops Randy did (well, not the exact same one since the call trace would be slightly different due to being from a different point, but _very_ similar). Anyway, applied. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/