On Thu, Feb 24, 2011 at 4:48 PM, Anca Emanuel anca.emanuel@gmail.com wrote:
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c index e2bf953..e8f8925 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -1511,6 +1511,7 @@ void remove_conflicting_framebuffers(struct apertures_struct *a, "%s vs %s - removing generic driver\n", name, registered_fb[i]->fix.id); unregister_framebuffer(registered_fb[i]);
- registered_fb[i] = NULL;
Tested the patch, and now I get this: dmesg: http://pastebin.com/ieMNrA7C
[ 12.252328] BUG: unable to handle kernel NULL pointer dereference at 00000000000003b8 [ 12.252342] IP: [<ffffffff81311178>] fb_mmap+0x58/0x1d0
Ok, goodie.
Or not so goodie, but it does make it clear that yeah, the fb code seems to be using stale pointers from that registered_fb[] array, and the whole unregistration process is just racing with people using it.
Herton had that much bigger patch, can you test it?
Linus