Crash when unloading yenta_socket in Linux 2.5.69

Pavel Roskin proski at gnu.org
Tue May 6 02:51:23 BST 2003


On Mon, 5 May 2003, Pavel Roskin wrote:

> Maybe.  I'm also getting an oops without high memory support, but it looks 
> very differently.  It happens in class_device_del().  The output of dmesg 
> is attached.

In both cases, the same thing happens, it's just that the crash happens in
different places.  (I believe the high memory configuration crashes
earlier because of better sanity checks.)

socket->base is unmapped in yenta_close(), which is called by
cardbus_remove().  The value of socket->base is not changed to NULL, so it
becomes invalid.

Then cardbus_remove() calls class_device_unregister(), which calls 
pcmcia_unregister_socket(), which it turn tries to access memory space 
of the socket.

The attached patch fixes the problem.

-- 
Regards,
Pavel Roskin
-------------- next part --------------
--- linux.orig/drivers/pcmcia/pci_socket.c
+++ linux/drivers/pcmcia/pci_socket.c
@@ -196,9 +196,9 @@ static void __devexit cardbus_remove (st
 	pci_socket_t *socket = pci_get_drvdata(dev);
 
 	/* note: we are already unregistered from the cs core */
+	class_device_unregister(&socket->cls_d.class_dev);
 	if (socket->op && socket->op->close)
 		socket->op->close(socket);
-	class_device_unregister(&socket->cls_d.class_dev);
 	pci_set_drvdata(dev, NULL);
 }
 


More information about the linux-pcmcia mailing list