[linux-dvb] [PATCH] Fix tuner_warn() induced kernel Ooops in simple_tuner_attach()
Andy Walls
awalls at radix.net
Mon May 26 03:40:48 CEST 2008
On Sat, 2008-05-24 at 22:33 -0400, Andy Walls wrote:
> On Sat, 2008-05-24 at 18:17 +0200, Jose Alberto Reguero wrote:
> > Work well with kernel 2.6.25
> >
> > Jose Alberto
> It looks like something about the "tuner_warn()" macro is causing
> references to be made to very low memory addresses. That is probably
> not right.
>
> So let's look further: here is the same section of
> tuner-simple.c:simple_tuner_attach() after preprocessing, but before
> conversion to assembly:
>
> if (fe->ops.i2c_gate_ctrl)
> fe->ops.i2c_gate_ctrl(fe, 1);
>
> if (1 != i2c_transfer(i2c_adap, &msg, 1))
> do { do { printk("<4>" "%s %d-%04x: " "unable to probe %s,
> proceeding anyway.", priv->i2c_props.name, priv->i2c_props.adap ?
> i2c_adapter_id(priv->i2c_props.adap) : -1, priv->i2c_props.addr,
> tuners[type].name); } while (0); } while (0);
>
>
> if (fe->ops.i2c_gate_ctrl)
> fe->ops.i2c_gate_ctrl(fe, 0);
>
> Hmmm. Lots of dereferences of something called "priv". Looking at the
> top of tuner-simple.c:simple_tuner_attach() we find:
>
> 1032 struct tuner_simple_priv *priv = NULL;
> 1033 int instance;
>
> With no other operations on "priv" before the "tuner_warn()"
> invocation.
>
> So tuner-simple.c:simple_tuner_attach() has a hard coded NULL pointer
> dereference buried in a macro that only sometimes gets executed.
Patch attached. It compiles. I assume it works.
I did a search through the rest of tuner-simple.c and did not see any
other instances of tuner_warn() being called without "priv" being
defined.
Regards,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tuner-simple-warn-oops.patch
Type: text/x-patch
Size: 1357 bytes
Desc: not available
Url : http://www.linuxtv.org/pipermail/linux-dvb/attachments/20080525/4fb3f518/attachment.bin
More information about the linux-dvb
mailing list