Re: aic7(censored) use after free in 2.5.66

Zwane Mwaikambo (zwane@linuxpower.ca)
Tue, 1 Apr 2003 02:00:29 -0500 (EST)


On Tue, 1 Apr 2003, Zwane Mwaikambo wrote:

> I got this on boot on an 8way/16G box, perhaps Justin should try
> and push his latest? CONFIG_PREEMPT=y if that makes any difference at
> all.. If anyone is interested i can provide more info.
>
> scsi0 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.28
>
> Slab corruption: start=f7d66248, expend=f7d662c7, problemat=f7d662ac
> Last user: [<c024f0b7>](ahc_linux_free_device+0x27/0x60)
> Data:

This probably wants; Or if we can sleep in all the paths, a
synchronize_kernel after del_timer should suffice.

Justin?

Index: linux-2.5.66/drivers/scsi/aic7xxx/aic7xxx_osm.c
===================================================================
RCS file: /build/cvsroot/linux-2.5.66/drivers/scsi/aic7xxx/aic7xxx_osm.c,v
retrieving revision 1.1.1.1
diff -u -p -B -r1.1.1.1 aic7xxx_osm.c
--- linux-2.5.66/drivers/scsi/aic7xxx/aic7xxx_osm.c 24 Mar 2003 23:39:44 -0000 1.1.1.1
+++ linux-2.5.66/drivers/scsi/aic7xxx/aic7xxx_osm.c 1 Apr 2003 06:54:01 -0000
@@ -4097,7 +4097,7 @@ ahc_linux_free_device(struct ahc_softc *
{
struct ahc_linux_target *targ;

- del_timer(&dev->timer);
+ del_timer_sync(&dev->timer);
targ = dev->target;
targ->devices[dev->lun] = NULL;
free(dev, M_DEVBUF);

-- 
function.linuxpower.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/