Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756220Ab1BYAzk (ORCPT ); Thu, 24 Feb 2011 19:55:40 -0500 Received: from smtp1.linux-foundation.org ([140.211.169.13]:38269 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755669Ab1BYAzi convert rfc822-to-8bit (ORCPT ); Thu, 24 Feb 2011 19:55:38 -0500 MIME-Version: 1.0 In-Reply-To: References: <20110222140349.GA20708@kryptos.osrc.amd.com>

From: Linus Torvalds Date: Thu, 24 Feb 2011 16:54:44 -0800 Message-ID: Subject: Re: Linux 2.6.38-rc6 To: Anca Emanuel Cc: Dave Airlie , linux-fbdev@vger.kernel.org, Ben Skeggs , dri-devel@lists.freedesktop.org, Borislav Petkov , Herton Ronaldo Krzesinski , Linux Kernel Mailing List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1366 Lines: 34 On Thu, Feb 24, 2011 at 4:48 PM, Anca Emanuel wrote: > > diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c > index e2bf953..e8f8925 100644 > --- a/drivers/video/fbmem.c > +++ b/drivers/video/fbmem.c > @@ -1511,6 +1511,7 @@ void remove_conflicting_framebuffers(struct > apertures_struct *a, > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? "%s vs %s - removing generic driver\n", > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? name, registered_fb[i]->fix.id); > ? ? ? ? ? ? ? ? ? ? ? ?unregister_framebuffer(registered_fb[i]); > + ? ? ? ? ? ? ? ? ? ? ? registered_fb[i] = NULL; > > Tested the patch, and now I get this: > dmesg: http://pastebin.com/ieMNrA7C > > [ ? 12.252328] BUG: unable to handle kernel NULL pointer dereference > at 00000000000003b8 > [ ? 12.252342] IP: [] fb_mmap+0x58/0x1d0 Ok, goodie. Or not so goodie, but it does make it clear that yeah, the fb code seems to be using stale pointers from that registered_fb[] array, and the whole unregistration process is just racing with people using it. Herton had that much bigger patch, can you test it? Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/