lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
23a99840d5
linux-kernel-test/drivers
History
Herton Ronaldo Krzesinski f05faa31c3 rt2x00: prevent double kfree when failing to register hardware 
In a scenario where there isn't any firmware available, we will have a
double kfree of rt2x00dev->spec.channels_info when ieee80211_register_hw
returns an error status inside rt2x00lib_probe_hw.

The problem is that if ieee80211_register_hw fails, we call
rt2x00lib_remove_hw twice:
* first inside rt2x00lib_probe_hw upon failure of ieee80211_register_hw
* error status is returned to rt2x00lib_probe_dev, which then sees it and
  calls in this case rt2x00lib_remove_dev that will again run
  rt2x00lib_remove_hw

Prevent this avoiding calling rt2x00lib_remove_hw inside
rt2x00lib_probe_hw

Problem was detected with CONFIG_DEBUG_PAGEALLOC=y, CONFIG_SLUB_DEBUG=y,
CONFIG_SLUB_DEBUG_ON=y, that dumps this with no firmware available:

rt61pci 0000:00:07.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
wmaster0 (rt61pci): not using net_device_ops yet
phy0: Selected rate control algorithm 'pid'
phy0: Failed to initialize wep: -2
phy0 -> rt2x00lib_probe_dev: Error - Failed to initialize hw.
=============================================================================
BUG kmalloc-128: Object already free
-----------------------------------------------------------------------------

INFO: Allocated in rt61pci_probe_hw+0x3e5/0x6e0 [rt61pci] age=340 cpu=0 pid=21
INFO: Freed in rt2x00lib_remove_hw+0x59/0x70 [rt2x00lib] age=0 cpu=0 pid=21
INFO: Slab 0xc13ac3e0 objects=23 used=10 fp=0xdd59f6e0 flags=0x400000c3
INFO: Object 0xdd59f6e0 @offset=1760 fp=0xdd59f790

Bytes b4 0xdd59f6d0:  15 00 00 00 b2 8a fb ff 5a 5a 5a 5a 5a 5a 5a 5a ....².ûÿZZZZZZZZ
  Object 0xdd59f6e0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f6f0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f700:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f710:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f720:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f730:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f740:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdd59f750:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
 Redzone 0xdd59f760:  bb bb bb bb                                     »»»»
 Padding 0xdd59f788:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ
Pid: 21, comm: stage1 Not tainted 2.6.29.1-desktop-1.1mnb #1
Call Trace:
 [<c01abbb3>] print_trailer+0xd3/0x120
 [<c01abd37>] object_err+0x37/0x50
 [<c01acf57>] __slab_free+0xe7/0x2f0
 [<c01ad1de>] kfree+0x7e/0xd0
 [<e0e4a239>] ? rt2x00lib_remove_hw+0x59/0x70 [rt2x00lib]
 [<e0e4a239>] ? rt2x00lib_remove_hw+0x59/0x70 [rt2x00lib]
 [<e0e4a239>] rt2x00lib_remove_hw+0x59/0x70 [rt2x00lib]
 [<e0e4acc7>] rt2x00lib_remove_dev+0x37/0x50 [rt2x00lib]
 [<e0e4b087>] rt2x00lib_probe_dev+0x1a7/0x3b0 [rt2x00lib]
 [<e0eb288f>] rt2x00pci_probe+0xdf/0x1ee [rt2x00pci]
 [<c026b9ee>] local_pci_probe+0xe/0x10
 [<c026c750>] pci_device_probe+0x60/0x80
 [<c02d5c2a>] driver_probe_device+0x9a/0x2e0
 [<c02d5ef9>] __driver_attach+0x89/0x90
 [<c02d541b>] bus_for_each_dev+0x4b/0x70
 [<c026c690>] ? pci_device_remove+0x0/0x40
 [<c02d59d9>] driver_attach+0x19/0x20
 [<c02d5e70>] ? __driver_attach+0x0/0x90
 [<c02d4cef>] bus_add_driver+0x1cf/0x2a0
 [<c026c690>] ? pci_device_remove+0x0/0x40
 [<c02d60c9>] driver_register+0x69/0x140
 [<c026c9b0>] __pci_register_driver+0x40/0x80
 [<e0ecc000>] ? rt61pci_init+0x0/0x19 [rt61pci]
 [<e0ecc017>] rt61pci_init+0x17/0x19 [rt61pci]
 [<c0101116>] do_one_initcall+0x26/0x1c0
 [<c01ab90c>] ? slab_pad_check+0x3c/0x120
 [<c01ab90c>] ? slab_pad_check+0x3c/0x120
 [<c01ac8da>] ? check_object+0xda/0x210
 [<c01b0026>] ? percpu_free+0x46/0x50
 [<c01ad09e>] ? __slab_free+0x22e/0x2f0
 [<c01b0026>] ? percpu_free+0x46/0x50
 [<c01b0026>] ? percpu_free+0x46/0x50
 [<c01b0026>] ? percpu_free+0x46/0x50
 [<c01687ec>] ? stop_machine_destroy+0x3c/0x40
 [<c015e515>] ? load_module+0xa5/0x1c50
 [<e0ec5000>] ? rt61pci_eepromregister_read+0x0/0x40 [rt61pci]
 [<e0eb2000>] ? rt2x00pci_write_tx_data+0x0/0x90 [rt2x00pci]
 [<c03ac2fb>] ? mutex_lock+0xb/0x20
 [<c03ac2fb>] ? mutex_lock+0xb/0x20
 [<c017ad16>] ? tracepoint_update_probe_range+0x76/0xa0
 [<c017ad6f>] ? tracepoint_module_notify+0x2f/0x40
 [<c03b02ed>] ? notifier_call_chain+0x2d/0x70
 [<c014f0ed>] ? __blocking_notifier_call_chain+0x4d/0x60
 [<c014f11a>] ? blocking_notifier_call_chain+0x1a/0x20
 [<c0160156>] sys_init_module+0x96/0x1d0
 [<c019dad6>] ? sys_munmap+0x46/0x60
 [<c0105546>] syscall_call+0x7/0xb
FIX kmalloc-128: Object at 0xdd59f6e0 not freed
rt61pci 0000:00:07.0: PCI INT A disabled
rt61pci: probe of 0000:00:07.0 failed with error -2

Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-04-16 10:39:15 -04:00
..
accessibility
acpi Revert "ACPI battery: fix async boot oops" 2009-04-11 12:45:20 -07:00
amba
ata ata: fix obviously wrong comment 2009-04-13 04:22:04 -04:00
atm dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
auxdisplay
base dma-mapping: replace all DMA_24BIT_MASK macro with DMA_BIT_MASK(24) 2009-04-07 08:31:12 -07:00
block xsysace: Fix dereferencing of cf_id after hd_driveid removal 2009-04-08 14:13:04 +02:00
bluetooth
cdrom
char esp: fix section mismatch warning 2009-04-07 08:31:03 -07:00
clocksource
connector
cpufreq
cpuidle
crypto dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
dca
dio
dma dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
edac
eisa
firewire
firmware dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
gpio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-04-03 15:24:35 -07:00
gpu Merge branch 'linus' into release 2009-04-05 02:14:15 -04:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2009-04-03 15:25:44 -07:00
hwmon Merge branch 'hwmon-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6 2009-04-07 08:44:43 -07:00
i2c i2c: Let new-style drivers implement attach_adapter 2009-04-13 17:02:14 +02:00
ide at91_ide: turn on PIO 6 support 2009-04-08 14:13:04 +02:00
idle dma-mapping: replace all DMA_64BIT_MASK macro with DMA_BIT_MASK(64) 2009-04-07 08:31:10 -07:00
ieee1394 dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2009-04-09 16:42:26 -07:00
input Merge branch 'next' into for-linus 2009-04-08 00:00:33 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-04-06 18:05:43 -07:00
leds leds: just ignore invalid GPIOs in leds-gpio 2009-04-08 14:13:48 +01:00
lguest
macintosh
mca
md dm kcopyd: fix callback race 2009-04-09 00:27:17 +01:00
media Merge git://git.infradead.org/~dwmw2/firmware-2.6 2009-04-10 12:01:22 -07:00
memstick dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
message dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
mfd mfd: fix da903x warning 2009-04-05 00:32:25 +02:00
misc dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
mmc mmc_spi: support for non-byte-aligned cards 2009-04-08 20:45:51 +02:00
mtd Merge branch 'linux-next' of git://git.infradead.org/ubi-2.6 2009-04-06 15:00:00 -07:00
net rt2x00: prevent double kfree when failing to register hardware 2009-04-16 10:39:15 -04:00
nubus
of
oprofile Merge branch 'tracing-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-04-05 11:04:19 -07:00
parisc
parport parport: Use the PCI IRQ if offered 2009-04-07 08:44:06 -07:00
pci Merge git://git.infradead.org/iommu-2.6 2009-04-13 11:35:50 -07:00
pcmcia
platform Merge branches 'release', 'APERF', 'ARAT', 'misc', 'kelvin', 'device-lock' and 'bjorn.notify' into release 2009-04-07 18:18:42 -04:00
pnp dma-mapping: replace all DMA_24BIT_MASK macro with DMA_BIT_MASK(24) 2009-04-07 08:31:12 -07:00
power Merge git://git.infradead.org/battery-2.6 2009-04-08 17:45:02 -07:00
ps3
rapidio dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
regulator
rtc Merge git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2009-04-05 11:15:54 -07:00
s390
sbus
scsi PM/Hibernate: Wait for SCSI devices scan to complete during resume 2009-04-13 11:37:07 -07:00
serial Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze 2009-04-13 08:17:52 -07:00
sh
sn dma-mapping: replace all DMA_64BIT_MASK macro with DMA_BIT_MASK(64) 2009-04-07 08:31:10 -07:00
spi spi_imx: set spi_master.dma_alignment = 4 2009-04-07 08:31:07 -07:00
ssb
staging serqt: initial clean up pass for tty side 2009-04-07 08:44:05 -07:00
tc
telephony
thermal
uio
usb Merge master.kernel.org:/home/rmk/linux-2.6-arm 2009-04-08 15:24:09 -07:00
uwb dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32) 2009-04-07 08:31:11 -07:00
video fbdev: i.MX31: fix panning, error handling, clean up 2009-04-07 08:31:09 -07:00
virtio
w1 mfd: remove DS1WM clock handling 2009-04-05 00:32:22 +02:00
watchdog [WATCHDOG] omap_wdt.c: move probe function to .devinit.text 2009-04-08 06:21:57 +00:00
xen Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-cpumask 2009-04-05 10:33:07 -07:00
zorro
Kconfig
Makefile