Re: [PATCH 2.6] 2/3 Serio: possible race in handle_events

From: Zwane Mwaikambo
Date: Sat Aug 23 2003 - 08:15:07 EST

Next message: Leandro Guimarães Faria Corsetti Dutra: "Re: SCO's "proof""
Previous message: Zwane Mwaikambo: "Re: Pentium-M?"
In reply to: Andrew Morton: "Re: [PATCH 2.6] 2/3 Serio: possible race in handle_events"
Next in thread: Dmitry Torokhov: "Re: [PATCH 2.6] 2/3 Serio: possible race in handle_events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 23 Aug 2003, Andrew Morton wrote:

> Dmitry Torokhov <dtor_core@xxxxxxxxxxxxx> wrote:
> >
> > Do you think we should introduce allocate_serio/free_serio pair for dynamically
> > allocated serios; free_serio would scan event_list and invalidate events that
> > refer to freed serio?
>
> I don't understand the subsystem well enough to say. But if we are
> receiving events which refer to an already-freed serio then something is
> very broken. We should be draining all those events before allowing the
> original object to be freed up.
>
> Let's wait for Vojtech's comments.

This sounds somewhat like;

http://bugzilla.kernel.org/show_bug.cgi?id=973

Jul 25 04:54:24 lap kernel: slab error in cache_free_debugcheck(): cache
`size-32': double free, or memory before object was overwritten
Jul 25 04:54:24 lap kernel: Call Trace:
Jul 25 04:54:24 lap kernel: [<c014f130>] kfree+0xf0/0x310
Jul 25 04:54:24 lap kernel: [<c02540fc>] psmouse_disconnect+0x2c/0x40
Jul 25 04:54:24 lap kernel: [<c02540fc>] psmouse_disconnect+0x2c/0x40
Jul 25 04:54:24 lap kernel: [<c025560d>] serio_handle_events+0xad/0xc0
Jul 25 04:54:24 lap kernel: [<c0255620>] serio_thread+0x0/0x100
Jul 25 04:54:24 lap kernel: [<c0255665>] serio_thread+0x45/0x100
Jul 25 04:54:24 lap kernel: [<c010a126>] work_resched+0x5/0x16
Jul 25 04:54:24 lap kernel: [<c0255620>] serio_thread+0x0/0x100
Jul 25 04:54:24 lap kernel: [<c0255620>] serio_thread+0x0/0x100
Jul 25 04:54:24 lap kernel: [<c01073b9>] kernel_thread_helper+0x5/0xc
Jul 25 04:54:24 lap kernel:
Jul 25 04:54:24 lap kernel: slab error in cache_free_debugcheck(): cache
`size-32': double free, or memory after object was overwritten

Jul 25 04:54:24 lap kernel: Call Trace:
Jul 25 04:54:24 lap kernel: [<c014f15e>] kfree+0x11e/0x310
Jul 25 04:54:24 lap kernel: [<c02540fc>] psmouse_disconnect+0x2c/0x40
Jul 25 04:54:24 lap kernel: [<c02540fc>] psmouse_disconnect+0x2c/0x40
Jul 25 04:54:24 lap kernel: [<c025560d>] serio_handle_events+0xad/0xc0
Jul 25 04:54:24 lap kernel: [<c0255620>] serio_thread+0x0/0x100
Jul 25 04:54:24 lap kernel: [<c0255665>] serio_thread+0x45/0x100
Jul 25 04:54:24 lap kernel: [<c010a126>] work_resched+0x5/0x16
Jul 25 04:54:24 lap kernel: [<c0255620>] serio_thread+0x0/0x100
Jul 25 04:54:24 lap kernel: [<c0255620>] serio_thread+0x0/0x100
Jul 25 04:54:24 lap kernel: [<c01073b9>] kernel_thread_helper+0x5/0xc
Jul 25 04:54:24 lap kernel:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Leandro Guimarães Faria Corsetti Dutra: "Re: SCO's "proof""
Previous message: Zwane Mwaikambo: "Re: Pentium-M?"
In reply to: Andrew Morton: "Re: [PATCH 2.6] 2/3 Serio: possible race in handle_events"
Next in thread: Dmitry Torokhov: "Re: [PATCH 2.6] 2/3 Serio: possible race in handle_events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]