Badness at include/linux/slub_def.h

Michel Dänzer michel at tungstengraphics.com
Fri May 25 19:05:34 EST 2007


On Sun, 2007-05-20 at 23:10 +0100, Christian Kujau wrote:
> 
> [41653.487050] Badness at include/linux/slub_def.h:77
> [41653.487060] Call Trace:
> [41653.487068] [ecafbcb0] [c0008d00] show_stack+0x3c/0x194 (unreliable)
> [41653.487097] [ecafbce0] [c01426d4] report_bug+0x84/0xf4
> [41653.487116] [ecafbcf0] [c0010280] program_check_exception+0xbc/0x530
> [41653.487137] [ecafbd20] [c0011f8c] ret_from_except_full+0x0/0x4c
> [41653.487154] --- Exception: 700 at get_slab+0x248/0x260
> [41653.487168]     LR = __kmalloc+0x1c/0x9c
> [41653.487176] [ecafbde0] [101dfbc8] 0x101dfbc8 (unreliable)
> [41653.487213] [ecafbe10] [c0080398] __kmalloc+0x1c/0x9c
> [41653.487227] [ecafbe30] [c01c2150] drm_rmdraw+0x26c/0x29c
> [41653.487243] [ecafbe80] [c01c2b74] drm_ioctl+0xe0/0x250
> [41653.487257] [ecafbeb0] [c00924a0] do_ioctl+0x9c/0xa8
> [41653.487273] [ecafbed0] [c0092530] vfs_ioctl+0x84/0x490
> [41653.487287] [ecafbf10] [c009297c] sys_ioctl+0x40/0x74
> [41653.487301] [ecafbf40] [c0011930] ret_from_syscall+0x0/0x38
> [41653.487315] --- Exception: c01 at 0xfd132a8
> [41653.487327]     LR = 0xfd13240

Does the patch below against the drm tree fix it? Only build tested.

---
>From f0e6bdc165cb484b8992b14172a7280f301bf513 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Michel_D=C3=A4nzer?= <michel at tungstengraphics.com>
Date: Fri, 25 May 2007 11:02:05 +0200
Subject: Make sure the drawable code doesn't call malloc(0).


Signed-off-by: Michel Dänzer <michel at tungstengraphics.com>
---
 linux-core/drm_drawable.c |   41 ++++++++++++++++++++++++++---------------
 1 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/linux-core/drm_drawable.c b/linux-core/drm_drawable.c
index 0817e32..b540a0e 100644
--- a/linux-core/drm_drawable.c
+++ b/linux-core/drm_drawable.c
@@ -172,38 +172,49 @@ int drm_rmdraw(DRM_IOCTL_ARGS)
 
 		bitfield_length = idx + 1;
 
-		if (idx != id / (8 * sizeof(*bitfield)))
-			bitfield = drm_alloc(bitfield_length *
-					     sizeof(*bitfield), DRM_MEM_BUFS);
+		bitfield = NULL;
 
-		if (!bitfield && bitfield_length) {
-			bitfield = dev->drw_bitfield;
-			bitfield_length = dev->drw_bitfield_length;
+		if (bitfield_length) {
+			if (bitfield_length != dev->drw_bitfield_length)
+				bitfield = drm_alloc(bitfield_length *
+						     sizeof(*bitfield),
+						     DRM_MEM_BUFS);
+
+			if (!bitfield) {
+				bitfield = dev->drw_bitfield;
+				bitfield_length = dev->drw_bitfield_length;
+			}
 		}
 	}
 
 	if (bitfield != dev->drw_bitfield) {
 		info_length = 8 * sizeof(*bitfield) * bitfield_length;
 
-		info = drm_alloc(info_length * sizeof(*info), DRM_MEM_BUFS);
+		if (info_length) {
+			info = drm_alloc(info_length * sizeof(*info),
+					 DRM_MEM_BUFS);
 
-		if (!info && info_length) {
-			info = dev->drw_info;
-			info_length = dev->drw_info_length;
-		}
+			if (!info) {
+				info = dev->drw_info;
+				info_length = dev->drw_info_length;
+			}
+		} else
+			info = NULL;
 
 		spin_lock_irqsave(&dev->drw_lock, irqflags);
 
-		memcpy(bitfield, dev->drw_bitfield, bitfield_length *
-		       sizeof(*bitfield));
+		if (bitfield)
+			memcpy(bitfield, dev->drw_bitfield, bitfield_length *
+			       sizeof(*bitfield));
 		drm_free(dev->drw_bitfield, sizeof(*bitfield) *
 			 dev->drw_bitfield_length, DRM_MEM_BUFS);
 		dev->drw_bitfield = bitfield;
 		dev->drw_bitfield_length = bitfield_length;
 
 		if (info != dev->drw_info) {
-			memcpy(info, dev->drw_info, info_length *
-			       sizeof(*info));
+			if (info)
+				memcpy(info, dev->drw_info, info_length *
+				       sizeof(*info));
 			drm_free(dev->drw_info, sizeof(*info) *
 				 dev->drw_info_length, DRM_MEM_BUFS);
 			dev->drw_info = info;
-- 
1.5.2-rc3.GIT





-- 
Earthling Michel Dänzer           |          http://tungstengraphics.com
Libre software enthusiast         |          Debian, X and DRI developer




More information about the Linuxppc-dev mailing list