Crash when unloading yenta_socket in Linux 2.5.69
Pavel Roskin
proski at gnu.org
Tue May 6 02:51:23 BST 2003
On Mon, 5 May 2003, Pavel Roskin wrote:
> Maybe. I'm also getting an oops without high memory support, but it looks
> very differently. It happens in class_device_del(). The output of dmesg
> is attached.
In both cases, the same thing happens, it's just that the crash happens in
different places. (I believe the high memory configuration crashes
earlier because of better sanity checks.)
socket->base is unmapped in yenta_close(), which is called by
cardbus_remove(). The value of socket->base is not changed to NULL, so it
becomes invalid.
Then cardbus_remove() calls class_device_unregister(), which calls
pcmcia_unregister_socket(), which it turn tries to access memory space
of the socket.
The attached patch fixes the problem.
--
Regards,
Pavel Roskin
-------------- next part --------------
--- linux.orig/drivers/pcmcia/pci_socket.c
+++ linux/drivers/pcmcia/pci_socket.c
@@ -196,9 +196,9 @@ static void __devexit cardbus_remove (st
pci_socket_t *socket = pci_get_drvdata(dev);
/* note: we are already unregistered from the cs core */
+ class_device_unregister(&socket->cls_d.class_dev);
if (socket->op && socket->op->close)
socket->op->close(socket);
- class_device_unregister(&socket->cls_d.class_dev);
pci_set_drvdata(dev, NULL);
}
More information about the linux-pcmcia
mailing list