* Commit 09d28d2c19 introduces set-after-free in arch/arm/mach-omap2/mcbsp.c
@ 2011-12-11 6:08 NeilBrown
2011-12-12 8:15 ` Jarkko Nikula
0 siblings, 1 reply; 2+ messages in thread
From: NeilBrown @ 2011-12-11 6:08 UTC (permalink / raw)
To: Jarkko Nikula
Cc: Peter Ujfalusi, Janusz Krzysztofik, Tony Lindgren, linux-omap, lkml
[-- Attachment #1: Type: text/plain, Size: 2166 bytes --]
Hi,
commit 09d28d2c19fe5c2d51b3133329584166dec89f86
Author: Jarkko Nikula <jarkko.nikula@bitmer.com>
Date: Mon Sep 26 10:45:48 2011 +0300
ARM: OMAP: mcbsp: Start generalize omap2_mcbsp_set_clks_src
...
contains (when displayed with "-U10"):
diff --git a/arch/arm/mach-omap2/mcbsp.c b/arch/arm/mach-omap2/mcbsp.c
index 92bd5e2..3dd4c47 100644
--- a/arch/arm/mach-omap2/mcbsp.c
+++ b/arch/arm/mach-omap2/mcbsp.c
....
@@ -181,20 +173,21 @@ static int omap_init_mcbsp(struct omap_hwmod *oh, void *unused)
}
pdev = omap_device_build_ss(name, id, oh_device, count, pdata,
sizeof(*pdata), omap2_mcbsp_latency,
ARRAY_SIZE(omap2_mcbsp_latency), false);
kfree(pdata);
if (IS_ERR(pdev)) {
pr_err("%s: Can't build omap_device for %s:%s.\n", __func__,
name, oh->name);
return PTR_ERR(pdev);
}
+ pdata->set_clk_src = omap2_mcbsp_set_clk_src;
omap_mcbsp_count++;
return 0;
}
static int __init omap2_mcbsp_init(void)
{
omap_hwmod_for_each_by_class("mcbsp", omap_init_mcbsp, NULL);
mcbsp_ptr = kzalloc(omap_mcbsp_count * sizeof(struct omap_mcbsp *),
GFP_KERNEL);
which sets a field in pdata after it has been freed.
commit 7bc0c4bac72375517d904e02c46da2a23e079e8b
Author: Jarkko Nikula <jarkko.nikula@bitmer.com>
Date: Mon Sep 26 10:45:49 2011 +0300
then adds
@@ -181,6 +184,8 @@ static int omap_init_mcbsp(struct omap_hwmod *oh, void *unused)
return PTR_ERR(pdev);
}
pdata->set_clk_src = omap2_mcbsp_set_clk_src;
+ if (id == 1)
+ pdata->mux_signal = omap2_mcbsp1_mux_rx_clk;
omap_mcbsp_count++;
return 0;
}
which sets another field.
Should these settings just be moved up before the call to
omap_device_build_ss?? Doing that removes
[ 0.196014] Slab corruption: size-32 start=ded3edc0, len=32
warning.
Thanks,
NeilBrown
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Commit 09d28d2c19 introduces set-after-free in arch/arm/mach-omap2/mcbsp.c
2011-12-11 6:08 Commit 09d28d2c19 introduces set-after-free in arch/arm/mach-omap2/mcbsp.c NeilBrown
@ 2011-12-12 8:15 ` Jarkko Nikula
0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Nikula @ 2011-12-12 8:15 UTC (permalink / raw)
To: NeilBrown
Cc: Peter Ujfalusi, Janusz Krzysztofik, Tony Lindgren, linux-omap, lkml
On 12/11/2011 08:08 AM, NeilBrown wrote:
> Should these settings just be moved up before the call to
> omap_device_build_ss?? Doing that removes
> [ 0.196014] Slab corruption: size-32 start=ded3edc0, len=32
> warning.
>
Good catch! Yes, they must be set before omap_device_build_ss and
definitely before kfree. I just wonder how did I managed to put them
after both. Perhaps my own rebasing error or just plain stupidity...
I'll send a patch soon.
--
Jarkko
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-12-12 8:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-11 6:08 Commit 09d28d2c19 introduces set-after-free in arch/arm/mach-omap2/mcbsp.c NeilBrown
2011-12-12 8:15 ` Jarkko Nikula
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.