[linux-dvb] [PATCH] Fix tuner_warn() induced kernel Ooops in simple_tuner_attach()

Jose Alberto Reguero jareguero at telefonica.net
Mon May 26 14:10:50 CEST 2008


El Lunes 26 Mayo 2008, Andy Walls escribió:
> On Sat, 2008-05-24 at 22:33 -0400, Andy Walls wrote:
> > On Sat, 2008-05-24 at 18:17 +0200, Jose Alberto Reguero wrote:
> > > Work well with kernel 2.6.25
> > >
> > > Jose Alberto
> >
> > It looks like something about the "tuner_warn()" macro is causing
> > references to be made to very low memory addresses.  That is probably
> > not right.
> >
> > So let's look further: here is the same section of
> > tuner-simple.c:simple_tuner_attach() after preprocessing, but before
> > conversion to assembly:
> >
> >     if (fe->ops.i2c_gate_ctrl)
> >      fe->ops.i2c_gate_ctrl(fe, 1);
> >
> >     if (1 != i2c_transfer(i2c_adap, &msg, 1))
> >      do { do { printk("<4>" "%s %d-%04x: " "unable to probe %s,
> > proceeding anyway.", priv->i2c_props.name, priv->i2c_props.adap ?
> > i2c_adapter_id(priv->i2c_props.adap) : -1, priv->i2c_props.addr,
> > tuners[type].name); } while (0); } while (0);
> >
> >
> >     if (fe->ops.i2c_gate_ctrl)
> >      fe->ops.i2c_gate_ctrl(fe, 0);
> >
> >
> > Hmmm. Lots of dereferences of something called "priv".  Looking at the
> > top of tuner-simple.c:simple_tuner_attach() we find:
> >
> > 1032         struct tuner_simple_priv *priv = NULL;
> > 1033         int instance;
> >
> > With no other operations on "priv" before the "tuner_warn()"
> > invocation.
> >
> > So tuner-simple.c:simple_tuner_attach() has a hard coded NULL pointer
> > dereference buried in a macro that only sometimes gets executed.
>
> Patch attached.  It compiles.  I assume it works.
>
> I did a search through the rest of tuner-simple.c and did not see any
> other instances of tuner_warn() being called without "priv" being
> defined.
>
> Regards,
> Andy

Thanks. It  works.

Jose Alberto







More information about the linux-dvb mailing list