[linux-dvb] [PATCH] Fix tuner_warn() induced kernel Ooops in simple_tuner_attach()

Andy Walls awalls at radix.net
Mon May 26 03:40:48 CEST 2008


On Sat, 2008-05-24 at 22:33 -0400, Andy Walls wrote:
> On Sat, 2008-05-24 at 18:17 +0200, Jose Alberto Reguero wrote:
> > Work well with kernel 2.6.25
> > 
> > Jose Alberto


> It looks like something about the "tuner_warn()" macro is causing
> references to be made to very low memory addresses.  That is probably
> not right.
> 
> So let's look further: here is the same section of
> tuner-simple.c:simple_tuner_attach() after preprocessing, but before
> conversion to assembly:
> 
>     if (fe->ops.i2c_gate_ctrl)
>      fe->ops.i2c_gate_ctrl(fe, 1);
> 
>     if (1 != i2c_transfer(i2c_adap, &msg, 1))
>      do { do { printk("<4>" "%s %d-%04x: " "unable to probe %s,
> proceeding anyway.", priv->i2c_props.name, priv->i2c_props.adap ?
> i2c_adapter_id(priv->i2c_props.adap) : -1, priv->i2c_props.addr,
> tuners[type].name); } while (0); } while (0);
> 
> 
>     if (fe->ops.i2c_gate_ctrl)
>      fe->ops.i2c_gate_ctrl(fe, 0);
>  

> Hmmm. Lots of dereferences of something called "priv".  Looking at the
> top of tuner-simple.c:simple_tuner_attach() we find:
> 
> 1032         struct tuner_simple_priv *priv = NULL;
> 1033         int instance;
> 
> With no other operations on "priv" before the "tuner_warn()"
> invocation.
> 
> So tuner-simple.c:simple_tuner_attach() has a hard coded NULL pointer
> dereference buried in a macro that only sometimes gets executed.


Patch attached.  It compiles.  I assume it works.

I did a search through the rest of tuner-simple.c and did not see any
other instances of tuner_warn() being called without "priv" being
defined.

Regards,
Andy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: tuner-simple-warn-oops.patch
Type: text/x-patch
Size: 1357 bytes
Desc: not available
Url : http://www.linuxtv.org/pipermail/linux-dvb/attachments/20080525/4fb3f518/attachment.bin 


More information about the linux-dvb mailing list