On Thursday 01 November 2007 15:17:16 Luis R. Rodriguez wrote: > mcgrof@pogo:~/devel/wireless-2.6$ git-describe > v2.6.24-rc1-146-g2280253 > > So I hit segfault with lockdep on count_matching_names() on the > strcmp() multiple times now. This is reproducible and with different > wireless drivers. > I've found the problem. It appears to be in lockdep. struct lock_class has a const char *name field which points to a statically allocated string that comes from the code which uses the lock. If that code/string is in a module and gets unloaded, the pointer in |name| is no longer valid. Next time this field is dereferenced (count_matching_names, in this case), we crash. The following patch fixes the issue but there's probably a better way. -Michael Wu --- diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 4c4d236..2aa0d35 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -114,7 +114,7 @@ struct lock_class { */ unsigned long ops; - const char *name; + char name[128]; int name_version; #ifdef CONFIG_LOCK_STAT diff --git a/kernel/lockdep.c b/kernel/lockdep.c index 55fe0c7..63c4d8f 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c @@ -768,7 +768,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) class = lock_classes + nr_lock_classes++; debug_atomic_inc(&nr_unused_locks); class->key = key; - class->name = lock->name; + strcpy(class->name, lock->name); class->subclass = subclass; INIT_LIST_HEAD(&class->lock_entry); INIT_LIST_HEAD(&class->locks_before);
Attachment:
signature.asc
Description: This is a digitally signed message part.