aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/lockdep.c
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@linux.intel.com>2008-01-24 07:00:45 +0100
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-01-24 08:01:09 -0800
commitfabe874a48de45b137f99b4ed3641e0413f465ce (patch)
tree815204d845875bd14f5623766b2ec5bc6f1fe00c /kernel/lockdep.c
parent4784b11c4f49eb88f2dd74df6afc5170f193cedc (diff)
downloadkernel_samsung_smdk4412-fabe874a48de45b137f99b4ed3641e0413f465ce.tar.gz
kernel_samsung_smdk4412-fabe874a48de45b137f99b4ed3641e0413f465ce.tar.bz2
kernel_samsung_smdk4412-fabe874a48de45b137f99b4ed3641e0413f465ce.zip
lockdep: fix kernel crash on module unload
Michael Wu noticed in his lkml post at http://marc.info/?l=linux-kernel&m=119396182726091&w=2 that certain wireless drivers ended up having their name in module memory, which would then crash the kernel on module unload. The patch he proposed was a bit clumsy in that it increased the size of a lockdep entry significantly; the patch below tries another approach, it checks, on module teardown, if the name of a class is in module space and then zaps the class. This is very similar to what we already do with keys that are in module space. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/lockdep.c')
-rw-r--r--kernel/lockdep.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
index 4335f12a27c..e2c07ece367 100644
--- a/kernel/lockdep.c
+++ b/kernel/lockdep.c
@@ -2932,7 +2932,7 @@ static void zap_class(struct lock_class *class)
}
-static inline int within(void *addr, void *start, unsigned long size)
+static inline int within(const void *addr, void *start, unsigned long size)
{
return addr >= start && addr < start + size;
}
@@ -2955,9 +2955,12 @@ void lockdep_free_key_range(void *start, unsigned long size)
head = classhash_table + i;
if (list_empty(head))
continue;
- list_for_each_entry_safe(class, next, head, hash_entry)
+ list_for_each_entry_safe(class, next, head, hash_entry) {
if (within(class->key, start, size))
zap_class(class);
+ else if (within(class->name, start, size))
+ zap_class(class);
+ }
}
if (locked)