Re: RFC: Reproducible oops with lockdep on count_matching_names()

[Peter Zijlstra]

On Thu, 2007-11-01 at 19:26 -0400, Michael Wu wrote:
> On Thursday 01 November 2007 15:17:16 Luis R. Rodriguez wrote:
> > mcgrof@pogo:~/devel/wireless-2.6$ git-describe
> > v2.6.24-rc1-146-g2280253
> >
> > So I hit segfault with lockdep on count_matching_names() on the
> > strcmp() multiple times now. This is reproducible and with different
> > wireless drivers.
> >
> I've found the problem. It appears to be in lockdep. struct lock_class has a 
> const char *name field which points to a statically allocated string that 
> comes from the code which uses the lock. If that code/string is in a module 
> and gets unloaded, the pointer in |name| is no longer valid. Next time this 
> field is dereferenced (count_matching_names, in this case), we crash.
> 
> The following patch fixes the issue but there's probably a better way.

Thanks, and indeed. From my understanding lockdep_free_key_range()
should destroy all classes of a module on module unload.

So I'm not quite sure what has gone wrong here..


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/