On Fri, Feb 25, 2011 at 03:56:20AM +0200, Anca Emanuel wrote:
On Fri, Feb 25, 2011 at 3:47 AM, Anca Emanuel anca.emanuel@gmail.com wrote:
On Fri, Feb 25, 2011 at 3:14 AM, Dave Airlie airlied@redhat.com wrote:
On Thu, 2011-02-24 at 16:54 -0800, Linus Torvalds wrote:
On Thu, Feb 24, 2011 at 4:48 PM, Anca Emanuel anca.emanuel@gmail.com wrote:
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c index e2bf953..e8f8925 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -1511,6 +1511,7 @@ void remove_conflicting_framebuffers(struct apertures_struct *a, "%s vs %s - removing generic driver\n", name, registered_fb[i]->fix.id); unregister_framebuffer(registered_fb[i]);
- registered_fb[i] = NULL;
Tested the patch, and now I get this: dmesg: http://pastebin.com/ieMNrA7C
[ 12.252328] BUG: unable to handle kernel NULL pointer dereference at 00000000000003b8 [ 12.252342] IP: [<ffffffff81311178>] fb_mmap+0x58/0x1d0
Ok, goodie.
Or not so goodie, but it does make it clear that yeah, the fb code seems to be using stale pointers from that registered_fb[] array, and the whole unregistration process is just racing with people using it.
Herton had that much bigger patch, can you test it?
I think Andy's patch worked, not sure why it fell between the cracks, either didn't appear on lkml or in my inbox at all.
if we can get Herton to repost it properly + a tested by I'm happy for it to go in.
Dave.
Tested Andy's patch and it works ! http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-natty.git;a=commit;h=c5a742b5f7...
Tested-by: Anca Emanuel anca.emanuel@gmail.com
link to patch: http://is.gd/otIfGc
Adding Andy on CC (btw he is away for today, may get some time to answer).
Andy, can you repost the patch?
-- []'s Herton