On Sun, Sep 02, 2012 at 03:41:34PM +0200, Bjørn Mork wrote:
> Fengguang Wu <fengguang.wu@xxxxxxxxx> writes:
>
> > After the __devinit* removal series, I can still get kernel panic in
> > show_uevent(). So there are more sources of bug..
> >
> > Debug patch:
> >
> > @@ -343,8 +343,11 @@ static ssize_t show_uevent(struct device
> > goto out;
> >
> > /* copy keys to file */
> > - for (i = 0; i < env->envp_idx; i++)
> > + dev_err(dev, "uevent %d env[%d]: %s/.../%s\n", env->buflen, env->envp_idx, top_kobj->name, dev->kobj.name);
> > + for (i = 0; i < env->envp_idx; i++) {
> > + printk(KERN_ERR "uevent %d env[%d]: %s\n", (int)count, i, env->envp[i]);
> > count += sprintf(&buf[count], "%s\n", env->envp[i]);
> > + }
> >
> > Oops message, the env[] is again not properly initilized:
> >
> > [ 44.068623] input input0: uevent 61 env[805306368]: input0/.../input0
> > [ 44.069552] uevent 0 env[0]: (null)
>
> This is a completely different CONFIG_HOTPLUG problem, only
> demonstrating another reason why CONFIG_HOTPLUG should go away. I had a
> hard time trying to disable it anyway ;-)
>
> The problem this time is lots of code assuming that a call to
> add_uevent_var() will guarantee that env->buflen > 0. This is not true
> if CONFIG_HOTPLUG is unset. So things like this end up overwriting
> env->envp_idx because the array index is -1:
>
> if (add_uevent_var(env, "MODALIAS="))
> return -ENOMEM;
> len = input_print_modalias(&env->buf[env->buflen - 1],
> sizeof(env->buf) - env->buflen,
> dev, 0);
>
>
> Don't know what the best action is, given that there seem to be a *lot*
> of this around the kernel. This patch "fixes" the problem for me, but I
It also works reliably for me: 300 boots without a single failure.
Tested-by: Fengguang Wu <fengguang.wu@xxxxxxxxx>
Thanks!
Fengguang
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
