Re: 2.6.39-rc2 boot crash
From: Eric B Munson
Date: Tue Apr 12 2011 - 11:59:58 EST
On Tue, 12 Apr 2011, Patrick McHardy wrote:
> On 12.04.2011 14:49, Patrick McHardy wrote:
> > On 12.04.2011 00:06, Evgeniy Polyakov wrote:
> >> Hi.
> >> On Mon, Apr 11, 2011 at 05:07:47PM -0400, Eric B Munson (emunson@xxxxxxxxx) wrote:
> >>>> I can't figure this out, the only thing that should have changed is the
> >>>> time the initial PROC_CN_MCAST_LISTEN message is received. Apparently
> >>>> at that point connector is not fully initialized yet. Please post your
> >>>> config and the full boot log. Thanks.
> >>> I am still seeing this on Linus' tree, is there anything more I can do to help
> >>> track the problem?
> > Sorry, I had a hardware failure, I'm back working on this now.
> >> Patrick, do you need my assist on this bug?
> > Thanks, but I can meanwhile reproduce the problem, so I think I
> > should have a fix soon.
> I think this patch should fix the problem. Eric, could you please
> give it a try?
This has me up and running again, thanks!
Tested-by: Eric B Munson <emunson@xxxxxxxxx>
> commit ad676e0dbbe8658ce46e192f449689bf3011bdf5
> Author: Patrick McHardy <kaber@xxxxxxxxx>
> Date: Tue Apr 12 17:37:04 2011 +0200
> connector: fix skb double free in cn_rx_skb()
> When a skb is delivered to a registered callback, cn_call_callback()
> incorrectly returns -ENODEV after freeing the skb, causing cn_rx_skb()
> to free the skb a second time.
> Reported-by: Eric B Munson <emunson@xxxxxxxxx>
> Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
> diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
> index d770058..219d88a 100644
> --- a/drivers/connector/connector.c
> +++ b/drivers/connector/connector.c
> @@ -142,6 +142,7 @@ static int cn_call_callback(struct sk_buff *skb)
> cbq->callback(msg, nsp);
> + err = 0;
> return err;
Description: Digital signature