[PATCH 2/2] staging: tidspbridge: fix incorrect free to drv_datap
Ramirez Luna, Omar
omar.ramirez at ti.com
Tue Jan 31 18:19:00 UTC 2012
On Tue, Jan 31, 2012 at 2:21 AM, Dan Carpenter <dan.carpenter at oracle.com> wrote:
> On Mon, Jan 30, 2012 at 07:20:18PM -0600, Omar Ramirez Luna wrote:
>> This structure is still used after it has been freed, since it
>> is being allocated in probe, calls to free it have been moved to
>> module's remove routine.
>>
>> This should fix the follwoing messages when attempting to remove the
>> module:
>> drv_get_first_dev_extension: Failed to retrieve the object handle
>> drv_get_first_dev_extension: Failed to retrieve the object handle
>> drv_destroy: Failed to store DRV object
>> mgr_destroy: Failed to store MGR object
>>
>
> So this is only triggered when you do an rmmod to remove the module?
Yes.
> Probably that's not stable material.
The critical issue is that for a small window the freed memory can be
filled with something else and the driver still might dereference that
memory which no longer belongs to it, thus causing a crash.
But I guess that falls into "this can be a problem", it is ok if it is
being left out of stable.
Thanks,
Omar
More information about the devel
mailing list