On Mon, Jul 10, 2017 at 03:59:37PM -0700, Evgeny Baskakov wrote:
> On 6/30/17 5:57 PM, Jerome Glisse wrote:
> ...
>
> Hi Jerome,
>
> I am seeing a strange crash in our code that uses the hmm_device_new()
> helper. After the driver is repeatedly loaded/unloaded, hmm_device_new()
> suddenly returns NULL.
>
> I have reproduced this with the dummy driver from the hmm-next branch:
>
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000208
Horrible stupid bug in the code, most likely from cut and paste. Attached
patch should fix it. I don't know how long it took for you to trigger it.
Jérôme
>From 0abb8ba8e680406d8e860b2645f7f0e98f628916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= <jglisse@xxxxxxxxxx>
Date: Mon, 10 Jul 2017 19:39:24 -0400
Subject: [PATCH] mm/hmm: fix major device driver exhaustion (dumb cut and
paste mistake)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is likely the result of some cut and paste gone wrong.
Signed-off-by: Jérôme Glisse <jglisse@xxxxxxxxxx>
---
mm/hmm.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/mm/hmm.c b/mm/hmm.c
index 28e54e3..6d1705a 100644
--- a/mm/hmm.c
+++ b/mm/hmm.c
@@ -1206,18 +1206,11 @@ static void hmm_device_release(struct device *device)
struct hmm_device *hmm_device_new(void *drvdata)
{
struct hmm_device *hmm_device;
- int ret;
hmm_device = kzalloc(sizeof(*hmm_device), GFP_KERNEL);
if (!hmm_device)
return ERR_PTR(-ENOMEM);
- ret = alloc_chrdev_region(&hmm_device->device.devt, 0, 1, "hmm_device");
- if (ret < 0) {
- kfree(hmm_device);
- return NULL;
- }
-
spin_lock(&hmm_device_lock);
hmm_device->minor = find_first_zero_bit(hmm_device_mask, HMM_DEVICE_MAX);
if (hmm_device->minor >= HMM_DEVICE_MAX) {
--
2.9.4
