mirror of
https://github.com/FEX-Emu/linux.git
synced 2025-01-07 01:51:42 +00:00
025e4ab3db
This fixes a memory-corrupting bug: not only does it cause the warning,
but as a result of dropping the refcount to zero, it causes the
pcmcia_socket0 device structure to be freed while it still has
references, causing slab caches corruption. A fatal oops quickly
follows this warning - often even just a 'dmesg' following the warning
causes the kernel to oops.
While testing suspend/resume on an ARM device with PCMCIA support, and a
CF card inserted, I found that after five suspend and resumes, the
kernel would complain, and shortly die after with slab corruption.
WARNING: at include/linux/kref.h:41 kobject_get+0x28/0x50()
As the message doesn't give a clue about which kobject, and the built-in
debugging in drivers/base/power/main.c happens too late, this was added
right before each get_device():
printk("%s: %p [%s] %u\n", __func__, dev, kobject_name(&dev->kobj), atomic_read(&dev->kobj.kref.refcount));
and on the 3rd s2ram cycle, the following behaviour observed:
On the 3rd suspend/resume cycle:
dpm_prepare: c1a0d998 [pcmcia_socket0] 3
dpm_suspend: c1a0d998 [pcmcia_socket0] 3
dpm_suspend_noirq: c1a0d998 [pcmcia_socket0] 3
dpm_resume_noirq: c1a0d998 [pcmcia_socket0] 3
dpm_resume: c1a0d998 [pcmcia_socket0] 3
dpm_complete: c1a0d998 [pcmcia_socket0] 2
4th:
dpm_prepare: c1a0d998 [pcmcia_socket0] 2
dpm_suspend: c1a0d998 [pcmcia_socket0] 2
dpm_suspend_noirq: c1a0d998 [pcmcia_socket0] 2
dpm_resume_noirq: c1a0d998 [pcmcia_socket0] 2
dpm_resume: c1a0d998 [pcmcia_socket0] 2
dpm_complete: c1a0d998 [pcmcia_socket0] 1
5th:
dpm_prepare: c1a0d998 [pcmcia_socket0] 1
dpm_suspend: c1a0d998 [pcmcia_socket0] 1
dpm_suspend_noirq: c1a0d998 [pcmcia_socket0] 1
dpm_resume_noirq: c1a0d998 [pcmcia_socket0] 1
dpm_resume: c1a0d998 [pcmcia_socket0] 1
dpm_complete: c1a0d998 [pcmcia_socket0] 0
------------[ cut here ]------------
WARNING: at include/linux/kref.h:41 kobject_get+0x28/0x50()
Modules linked in: ucb1x00_core
Backtrace:
[<c0212090>] (dump_backtrace+0x0/0x110) from [<c04799dc>] (dump_stack+0x18/0x1c)
[<c04799c4>] (dump_stack+0x0/0x1c) from [<c021cba0>] (warn_slowpath_common+0x50/0x68)
[<c021cb50>] (warn_slowpath_common+0x0/0x68) from [<c021cbdc>] (warn_slowpath_null+0x24/0x28)
[<c021cbb8>] (warn_slowpath_null+0x0/0x28) from [<c0335374>] (kobject_get+0x28/0x50)
[<c033534c>] (kobject_get+0x0/0x50) from [<c03804f4>] (get_device+0x1c/0x24)
[<c0388c90>] (dpm_complete+0x0/0x1a0) from [<c0389cc0>] (dpm_resume_end+0x1c/0x20)
...
Looking at commit
|
||
---|---|---|
.. | ||
at91_cf.c | ||
bcm63xx_pcmcia.c | ||
bcm63xx_pcmcia.h | ||
bfin_cf_pcmcia.c | ||
cardbus.c | ||
cirrus.h | ||
cistpl.c | ||
cs_internal.h | ||
cs.c | ||
db1xxx_ss.c | ||
ds.c | ||
electra_cf.c | ||
i82092.c | ||
i82092aa.h | ||
i82365.c | ||
i82365.h | ||
Kconfig | ||
m8xx_pcmcia.c | ||
m32r_cfc.c | ||
m32r_cfc.h | ||
m32r_pcc.c | ||
m32r_pcc.h | ||
Makefile | ||
o2micro.h | ||
omap_cf.c | ||
pcmcia_cis.c | ||
pcmcia_resource.c | ||
pd6729.c | ||
pd6729.h | ||
pxa2xx_balloon3.c | ||
pxa2xx_base.c | ||
pxa2xx_base.h | ||
pxa2xx_cm_x2xx.c | ||
pxa2xx_cm_x255.c | ||
pxa2xx_cm_x270.c | ||
pxa2xx_colibri.c | ||
pxa2xx_e740.c | ||
pxa2xx_lubbock.c | ||
pxa2xx_mainstone.c | ||
pxa2xx_palmld.c | ||
pxa2xx_palmtc.c | ||
pxa2xx_palmtx.c | ||
pxa2xx_sharpsl.c | ||
pxa2xx_stargate2.c | ||
pxa2xx_trizeps4.c | ||
pxa2xx_viper.c | ||
pxa2xx_vpac270.c | ||
ricoh.h | ||
rsrc_iodyn.c | ||
rsrc_mgr.c | ||
rsrc_nonstatic.c | ||
sa11xx_base.c | ||
sa11xx_base.h | ||
sa1100_assabet.c | ||
sa1100_badge4.c | ||
sa1100_cerf.c | ||
sa1100_generic.c | ||
sa1100_generic.h | ||
sa1100_h3600.c | ||
sa1100_jornada720.c | ||
sa1100_nanoengine.c | ||
sa1100_neponset.c | ||
sa1100_shannon.c | ||
sa1100_simpad.c | ||
sa1111_generic.c | ||
sa1111_generic.h | ||
soc_common.c | ||
soc_common.h | ||
socket_sysfs.c | ||
tcic.c | ||
tcic.h | ||
ti113x.h | ||
topic.h | ||
vg468.h | ||
vrc4171_card.c | ||
vrc4173_cardu.c | ||
vrc4173_cardu.h | ||
xxs1500_ss.c | ||
yenta_socket.c | ||
yenta_socket.h |