Re: 2.6.17-mm4

[Ingo Molnar]

* Ingo Molnar <mingo@xxxxxxx> wrote:

> i'm too hunting use-after-free bugs - the ones fixed below fix certain 
> crashes, but i'm still seeing a nasty one.
> 
> the crash is independent on lockdep enabled or disabled. See:
> 
>   http://redhat.com/~mingo/misc/
> 
> for the config and the crash.log.

ok, managed to debug the reason for this crash via .config bisecting, 
it's caused by:

   CONFIG_SCSI_PATA_QDI=y

which is a new option in -mm4. Disabling it makes the -mm4 allyesconfig 
bzImage work again.

and running qdi_init() either causes memory corruption, or it causes 
something to be misprogrammed on the motherboard (something wrt. irq 
routing perhaps), which crashes the box afterwards. (but that happens 
dozens of initcalls later, so the breakage is subtle)

it does things like:

        static const unsigned long qd_port[2] = { 0x30, 0xB0 };
        static const unsigned long ide_port[2] = { 0x170, 0x1F0 };

        [...]
                unsigned long port = qd_port[i];
        [...]
                        r = inb_p(port);
                        outb_p(0x19, port);
                        res = inb_p(port);
                        outb_p(r, port);

so it reads/writes port 0x30 and 0xb0. Are those used by something else 
on modern hardware?

i know, i shouldnt be running an ancient Vesa Local Bus driver's init 
routine, but still, the allyesconfig bzImage is quite useful in finding 
various bugs ...

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/