Re: [patch] Crash on evdev disconnect.

[Zephaniah E. Hull]

On Mon, Aug 07, 2006 at 01:35:50PM -0400, Dmitry Torokhov wrote:
> Hi,
> 
> On 8/7/06, Zephaniah E. Hull <warp@xxxxxxxxxxx> wrote:
> >       if (evdev->open) {
> >               input_close_device(handle);
> >               wake_up_interruptible(&evdev->wait);
> >-               list_for_each_entry(list, &evdev->list, node)
> >+               list_for_each_entry_safe(list, next, &evdev->list, node)
> >                       kill_fasync(&list->fasync, SIGIO, POLL_HUP);
> 
> NAK. kill_fasync does not affect the list state so using _safe does
> not buy us anything.

Sorry, but you're wrong.

Immediately before the kill_fasync call list->node.next is a valid
pointer, immediately afterwords it is 0x100100, which happens to be
list_poison.  kill_fasync is triggering a close somehow, evdev_close
deletes that element of the list, which poisons the next value, which
can make us crash and burn.

I have a 100% reproducible crash case, which is fixed by the change.

If kill_fasync shouldn't be making it close that's another issue, but at
the moment it is and this is a fairly non-invasive change which fixes
it.

> 
> BTW, dtor_core@xxxxxxxxxxxxx address is dead, please use
> dmitry.torokhov@xxxxxxxxx or dtor@xxxxxxx or dtor@xxxxxxxxxxxxx

Noted, recommend updating the entry in MAINTAINERS. :)

Zephaniah E. Hull.

-- 
	  1024D/E65A7801 Zephaniah E. Hull <warp@xxxxxxxxxxx>
	   92ED 94E4 B1E6 3624 226D  5727 4453 008B E65A 7801
	    CCs of replies from mailing lists are requested.

> Is there an API or other means to determine what video
> card, namely the chipset, that the user has installed
> on his machine?

On a modern X86 machine use the PCI/AGP bus data. On a PS/2 use the MCA bus
data. On nubus use the nubus probe data. On old style ISA bus PCs done a large
pointy hat and spend several years reading arcane and forbidden scrolls

 -- Alan Cox

Attachment: signature.asc
Description: Digital signature