Hi,
This oops was reported earlier today, along with
a patch to uhci.c from Jan N.
It worked for Jan and for me and JE blessed it too.
I'm fairly sure that this patch made it into 2.3.99-pre8
but I haven't downloaded it yet to verify this.
usb-uhci also has a problem with invalid memory references
and Georg Acher is working on it.
I have just discovered that the input module has problems
also, in input_unlink_handle. Looks like it is also
caused by SLAB_POISON being enabled in slab.c.
I'm using kdb. Here's what I see in the input module:
input_unlink_handle() parameters: (0x5a5a5a5a, 0xc3f76c00)
backtrace: input_unregister_device+0x2a (ptr, ptr)
usb_mouse_disconnect+0x1c (ptr, ptr)
usb_disconnect+0x67 (ptr, 2, 1)
usb_hub_port_connect_change+0xf7 (ptr, 1, ptr, 2)
usb_hub_events+0x12e ()
usb_hub_thread+0x56 (0, ptr, ptr, 0x242d5352, 0x4e4f4328)
~Randy
-----Original Message-----
From: Jan Niehusmann [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 12, 2000 7:00 AM
To: [EMAIL PROTECTED]
Subject: Re: oops on booting 2.3.99pre7-9
On Fri, May 12, 2000 at 05:01:50AM +0200, Jan Niehusmann wrote:
> The oops goes away if I remove the "flags |= SLAB_POISON;"-Line introduced
> in slap.c in pre7-9. So the bug is probably not new, but didn't get caught
> up to now.
The oops seems to be caused by to follwing code in uhci.c:
static void uhci_free_td(struct uhci_td *td)
{
if (!list_empty(&td->list))
dbg("td is still in URB list!");
kmem_cache_free(uhci_td_cachep, td);
if (td->dev)
usb_dec_dev_use(td->dev);
}
If I don't missunderstand this, kmem_cache_free frees td. With slab
poisoning, td->dev then points to 5a5a5a5a, leading to the oops.
Without slab poisoning, td->dev probably pointed to zero, so
usb_dec_dev_use didn't get executed, preventing the oops.
I just moved kmem_cache_free below usb_dec_dev_use, and will try if
it works now.
The same sequence is in uhci_free_qh.
--- linux-2.3.99-pre7/drivers/usb/uhci.c.orig Fri May 12 03:30:14 2000
+++ linux-2.3.99-pre7/drivers/usb/uhci.c Fri May 12 15:46:29 2000
@@ -289,10 +289,10 @@
if (!list_empty(&td->list))
dbg("td is still in URB list!");
- kmem_cache_free(uhci_td_cachep, td);
-
if (td->dev)
usb_dec_dev_use(td->dev);
+
+ kmem_cache_free(uhci_td_cachep, td);
}
static struct uhci_qh *uhci_alloc_qh(struct usb_device *dev)
@@ -318,10 +318,10 @@
static void uhci_free_qh(struct uhci_qh *qh)
{
- kmem_cache_free(uhci_qh_cachep, qh);
-
if (qh->dev)
usb_dec_dev_use(qh->dev);
+
+ kmem_cache_free(uhci_qh_cachep, qh);
}
static void uhci_insert_qh(struct uhci *uhci, struct uhci_qh *skelqh,
struct uhci_qh *qh)
-
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
