Commit Graph

8 Commits

Author SHA1 Message Date
Florian Tobias Schandinat 521594442c viafb: fix rmmod bug
This fixes a bug caused by changing pointers (viafb_mode, viafb_mode1)
assigned by module_param.  It reduces driver complexity by not needlessly
changing these vars as they are only read once and removing now
superfluous code.

On unpatched kernels loading viafb with viafb_mode or viafb_mode1 option
used and afterwards unloading it results in:

kernel BUG at mm/slub.c:2926!
invalid opcode: 0000 [#1] PREEMPT
last sysfs file: /sys/devices/virtual/block/loop0/removable
Modules linked in: snd_hda_codec_realtek snd_hda_intel snd_hda_codec
snd_hwdep snd_pcm rtl8187 snd_timer eeprom_93cx6 mmc_block snd soundcore
via_sdmmc fb snd_page_alloc i2c_algo_bit i2c_viapro ehci_hcd uhci_hcd
cfbcopyarea mmc_core cfbimgblt cfbfillrect video output [last unloaded:
viafb]

  Pid: 3355, comm: rmmod Not tainted (2.6.31-rc1 #0)
  EIP: 0060:[<c106a759>] EFLAGS: 00010246 CPU: 0
  EIP is at kfree+0x80/0xda
  EAX: c17c2da0 EBX: dc7edbdc ECX: 0000010f EDX: 00000000
  ESI: c102c700 EDI: dc7ed8fa EBP: d703ff2c ESP: d703ff20
   DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
  Process rmmod (pid: 3355, ti=d703e000 task=db1412c0 task.ti=d703e000)
  Stack:
   dc7edbdc 00000014 00000016 d703ff40 c102c700 dc7f45d4 dc7f45d4 00000880
   d703ff4c c103e571 00000000 d703ffac c103e751 66616976 da140062 db89ba80
   00000328 d702edf8 db89ba80 d703ff9c c105d0f0 00000200 da14f898 00000014
  Call Trace:
   [<c102c700>] ? destroy_params+0x1e/0x2b
   [<c103e571>] ? free_module+0xa2/0xd7
   [<c103e751>] ? sys_delete_module+0x1ab/0x1da
   [<c105d0f0>] ? do_munmap+0x20a/0x225
   [<c10029b4>] ? sysenter_do_call+0x12/0x26
  Code: 10 76 7a 8d 87 00 00 00 40 c1 e8 0c c1 e0 05 03 05 1c 87 41 c1 66 83 38 00 79 03 8b 40 0c 8b 10 84 d2 78 12 66 f7 c2 00 c0 75 04 <0f> 0b eb fe e8 6f 5a fe ff eb 47 8b 55 04 8b 58 0c 9c 5e fa 3b
  EIP: [<c106a759>] kfree+0x80/0xda SS:ESP 0068:d703ff20

This is caused by the current code changing the pointers assigned by
module_param.  During unload it tries to free the memory the pointers
point at which is now part of an internal structure.

The patch simply avoids changing the pointers.  This is okay as they are
read only once during the initialization process.

Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Cc: Scott Fang <ScottFang@viatech.com.cn>
Cc: Joseph Chan <JosephChan@via.com.tw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-08-07 10:39:56 -07:00
Harald Welte ee1ef82c7e viafb: make it work on x86_64
Fix a bug in viafb on x86_64 builds (e.g. for VIA Nano CPU).

You cannot make the assumption that sizeof(unsigned int) ==
sizeof(unsigned long), so the parsing of the default mode (640x480) fails,
leading to a division by zero during insmod of the driver.

Signed-off-by: Harald Welte <HaraldWelte@viatech.com>
Cc: <JosephChan@via.com.tw>
Cc: <ScottFang@viatech.com.cn>
Cc: Acked-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-05-12 14:11:35 -07:00
Alexey Dobriyan 99b7623380 proc 2/2: remove struct proc_dir_entry::owner
Setting ->owner as done currently (pde->owner = THIS_MODULE) is racy
as correctly noted at bug #12454. Someone can lookup entry with NULL
->owner, thus not pinning enything, and release it later resulting
in module refcount underflow.

We can keep ->owner and supply it at registration time like ->proc_fops
and ->data.

But this leaves ->owner as easy-manipulative field (just one C assignment)
and somebody will forget to unpin previous/pin current module when
switching ->owner. ->proc_fops is declared as "const" which should give
some thoughts.

->read_proc/->write_proc were just fixed to not require ->owner for
protection.

rmmod'ed directories will be empty and return "." and ".." -- no harm.
And directories with tricky enough readdir and lookup shouldn't be modular.
We definitely don't want such modular code.

Removing ->owner will also make PDE smaller.

So, let's nuke it.

Kudos to Jeff Layton for reminding about this, let's say, oversight.

http://bugzilla.kernel.org/show_bug.cgi?id=12454

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-03-31 01:14:44 +04:00
Hannes Eder 2899bb0941 viafb: fix sparse warnings
Fix this sparse warnings:

  drivers/video/via/viafbdev.c:871:3: warning: returning void-valued expression
  drivers/video/via/viafbdev.c:938:3: warning: returning void-valued expression
  drivers/video/via/viafbdev.c:995:3: warning: returning void-valued expression

Signed-off-by: Hannes Eder <hannes@hanneseder.net>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-06 15:59:26 -08:00
Bruno Prémont e687d691cb viafb: fix crashes due to 4k stack overflow
The function viafb_cursor() uses 2 stack-variables of CURSOR_SIZE bits;
CURSOR_SIZE is defined as (8 * 1024).  Using up twice 1k on stack is too
much for 4k-stack (though it works with 8k-stacks).  Make those two
variables kzalloc'ed to preserve stack space.

Also merge the whole lot of local struct's in viafb_ioctl into a union so
the stack usage gets minimized here as well.  (struct's are only accessed
in their indicidual IOCTL case) This second part is only compile-tested as
I know of no userspace app using the IOCTLs.

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: <JosephChan@via.com.tw>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-04 13:33:20 -08:00
Bruno Prémont c267fd777a viafb: fix releasing of /proc/viafb/ subtree
When unloading viafb module it does not remove it's /proc/viafb/ subtree
which causes multiple viafb directories to appear below proc when
mobprobing viafb and also lets kernel WARN() on duplicate proc entries:

[  145.458387] WARNING: at /usr/src/linux-2.6.28-rc3-git6/fs/proc/generic.c:551 proc_register+0xe6/0x160()
[  145.458945] proc_dir_entry '/proc/viafb' already registered
[  145.459278] Modules linked in: viafb(+) i2c_algo_bit cfbcopyarea cfbimgblt cfbfillrect snd_hda_intel snd_pcm snd_timer snd soundcore snd_page_alloc sg via_agp agpgart [last unloaded: drm]
[  145.460647] Pid: 1904, comm: modprobe Tainted: G        W  2.6.28-rc3-git6 #4
[  145.461064] Call Trace:
[  145.461248]  [<c01066f1>] ? dump_stack+0x1/0x80
[  145.461533]  [<c01228a3>] warn_slowpath+0x63/0x80
[  145.461851]  [<c0253ec9>] ? idr_get_empty_slot+0xe9/0x250
[  145.462186]  [<c0254120>] ? ida_get_new_above+0xf0/0x150
[  145.462528]  [<c019fb86>] proc_register+0xe6/0x160
[  145.462827]  [<c019fdc6>] proc_mkdir_mode+0x36/0x50
[  145.463135]  [<c019fdef>] proc_mkdir+0xf/0x20
[  145.463457]  [<f807173c>] viafb_init+0x73c/0xc86 [viafb]
[  145.463823]  [<f8071000>] ? viafb_init+0x0/0xc86 [viafb]
[  145.464147]  [<c010111d>] do_one_initcall+0x2d/0x160
[  145.464460]  [<c01a6543>] ? sysfs_add_file+0x13/0x20
[  145.464786]  [<c015f031>] ? vfree+0x21/0x30
[  145.465049]  [<c01433b5>] ? load_module+0x1215/0x1500
[  145.465381]  [<c014e455>] ? __alloc_pages_internal+0x95/0x400
[  145.465755]  [<c0143723>] sys_init_module+0x83/0x1a0
[  145.466065]  [<c016ceed>] ? sys_read+0x3d/0x70
[  145.466354]  [<c0103bc1>] sysenter_do_call+0x12/0x25
[  145.466653] ---[ end trace c84b37826e16748c ]---

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: <JosephChan@via.com.tw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-11-19 18:49:58 -08:00
Joseph Chan b3a45d8e5d viafb: viafbdev.c (update)
Remove the macro MMIO_OUT32, and replace it with writel() function.
And replace "u32" with "unsigned long" in writel() function (original
MMIO_OUT32 marco) for avoiding warning message in 64bit OS.

Signed-off-by: Joseph Chan <josephchan@via.com.tw>
Acked-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-16 11:21:42 -07:00
Joseph Chan 29b619fae6 viafb: viafbdev.c, viafbdev.h
Correct by following Jiri Slaby's suggestions.

Initialization, remove and some other important functions of viafb.

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Joseph Chan <josephchan@via.com.tw>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-16 11:21:41 -07:00