wrong mutex handler in amd_flash.c
Hiroaki KAMON
kamon at co-nss.co.jp
Wed Aug 20 02:24:03 EDT 2003
Hello,
I found a problem in "amd_flash.c". The kernel (TimeSys Linux) oops
due to access of bad area.
The pointer "chips->mute" for spin_lock_bh() is not pointing the area
in private structure, but local variable of amd_flash_probe().
Here's a patch to fix it.
Regards,
Hiroaki
Index: mtd/drivers/mtd/chips/amd_flash.c
===================================================================
RCS file: /home/cvs/mtd/drivers/mtd/chips/amd_flash.c,v
retrieving revision 1.23
diff -u -r1.23 amd_flash.c
--- mtd/drivers/mtd/chips/amd_flash.c 12 Jun 2003 09:24:13 -0000 1.23
+++ mtd/drivers/mtd/chips/amd_flash.c 20 Aug 2003 05:37:58 -0000
@@ -688,7 +688,6 @@
chips[0].start = 0;
chips[0].state = FL_READY;
- chips[0].mutex = &chips[0]._spinlock;
temp.numchips = 1;
for (size = mtd->size; size > 1; size >>= 1) {
temp.chipshift++;
@@ -775,6 +774,7 @@
for (i = 0; i < private->numchips; i++) {
init_waitqueue_head(&private->chips[i].wq);
spin_lock_init(&private->chips[i]._spinlock);
+ private->chips[i].mutex = &private->chips[i]._spinlock;
}
map->fldrv_priv = private;
---
Hiroaki KAMON <kamon at co-nss.co.jp>
Nissin Systems co.,ltd.
Realtime Component Dept. Engineer
(Phone) +81-75-344-7950 (FAX) +81-75-344-7888
Horikawa-douri Shijou-sagaru Higashigawa, Shimogyo-ku,
Kyoto, 600-8482, JAPAN
More information about the linux-mtd
mailing list