Re: Possible broken MM code in dell-laptop.c?
From: Pavel Machek
Date: Tue Jun 16 2015 - 06:12:25 EST
On Mon 2015-06-15 22:42:30, Pali Rohár wrote:
> On Monday 15 June 2015 22:36:45 Darren Hart wrote:
> > On Sun, Jun 14, 2015 at 11:05:07AM +0200, Pali Rohár wrote:
> > > Hello,
> > >
> > > in drivers/platform/x86/dell-laptop.c is this part of code:
> > >
> > > static int __init dell_init(void)
> > > {
> > > ...
> > >
> > > /*
> > >
> > > * Allocate buffer below 4GB for SMI data--only 32-bit physical
> > > addr * is passed to SMI handler.
> > > */
> > >
> > > bufferpage = alloc_page(GFP_KERNEL | GFP_DMA32);
> > > if (!bufferpage) {
> > >
> > > ret = -ENOMEM;
> > > goto fail_buffer;
> > >
> > > }
> > > buffer = page_address(bufferpage);
> > >
> > > ret = dell_setup_rfkill();
> > >
> > > if (ret) {
> > >
> > > pr_warn("Unable to setup rfkill\n");
> > > goto fail_rfkill;
> > >
> > > }
> > >
> > > ...
> > >
> > > fail_rfkill:
> > > free_page((unsigned long)bufferpage);
> > >
> > > fail_buffer:
> > > ...
> > > }
> > >
> > > Then there is another part:
> > >
> > > static void __exit dell_exit(void)
> > > {
> > > ...
> > >
> > > free_page((unsigned long)buffer);
> >
> > I believe you are correct, and this should be bufferpage. Have you
> > observed any failures?
>
> Rmmoding dell-laptop.ko works fine. There is no error in dmesg. I think
> that buffer (and not bufferpage) should be passed to free_page(). So in
> my opinion problem is at fail_rfkill: label and not in dell_exit().
You seem to be right. Interface is strange...
alloc_pages() returns struct page *,
__free_pages() takes struct page *,
free_pages() takes unsinged long.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/