On Mon, Jul 10, 2017 at 03:59:37PM -0700, Evgeny Baskakov wrote: > On 6/30/17 5:57 PM, Jerome Glisse wrote: > ... > > Hi Jerome, > > I am seeing a strange crash in our code that uses the hmm_device_new() > helper. After the driver is repeatedly loaded/unloaded, hmm_device_new() > suddenly returns NULL. > > I have reproduced this with the dummy driver from the hmm-next branch: > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000208
Horrible stupid bug in the code, most likely from cut and paste. Attached patch should fix it. I don't know how long it took for you to trigger it. Jérôme
>From 0abb8ba8e680406d8e860b2645f7f0e98f628916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= <[email protected]> Date: Mon, 10 Jul 2017 19:39:24 -0400 Subject: [PATCH] mm/hmm: fix major device driver exhaustion (dumb cut and paste mistake) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is likely the result of some cut and paste gone wrong. Signed-off-by: Jérôme Glisse <[email protected]> --- mm/hmm.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/mm/hmm.c b/mm/hmm.c index 28e54e3..6d1705a 100644 --- a/mm/hmm.c +++ b/mm/hmm.c @@ -1206,18 +1206,11 @@ static void hmm_device_release(struct device *device) struct hmm_device *hmm_device_new(void *drvdata) { struct hmm_device *hmm_device; - int ret; hmm_device = kzalloc(sizeof(*hmm_device), GFP_KERNEL); if (!hmm_device) return ERR_PTR(-ENOMEM); - ret = alloc_chrdev_region(&hmm_device->device.devt, 0, 1, "hmm_device"); - if (ret < 0) { - kfree(hmm_device); - return NULL; - } - spin_lock(&hmm_device_lock); hmm_device->minor = find_first_zero_bit(hmm_device_mask, HMM_DEVICE_MAX); if (hmm_device->minor >= HMM_DEVICE_MAX) { -- 2.9.4
