[openib-general] Kernel oops: NULL ptr dereference in ib_umem_get
Roland Dreier
roland at topspin.com
Fri Apr 15 15:25:10 PDT 2005
ardavis> With a little stress, I see the following oops (running
ardavis> latest from the trunk). Let me know if you need any more
ardavis> information.
Can you try this patch and let me know if it helps at all?
Thanks,
Roland
--- infiniband/core/uverbs_mem.c (revision 2156)
+++ infiniband/core/uverbs_mem.c (working copy)
@@ -60,16 +60,16 @@ static void __ib_umem_unmark(struct ib_u
unsigned long cur_base;
vma = find_vma(mm, umem->user_base);
+ cur_base = umem->user_base;
- for (cur_base = umem->user_base;
- cur_base < umem->user_base + umem->length;
- cur_base = vma->vm_end) {
- if (!vma || vma->vm_start > umem->user_base + umem->length)
+ while (cur_base < umem->user_base + umem->length && vma &&
+ vma->vm_start < umem->user_base + umem->length) {
break;
if (!(vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
vma->vm_flags &= ~VM_DONTCOPY;
+ cur_base = vma->vm_end;
vma = vma->vm_next;
}
}
@@ -102,10 +102,9 @@ int ib_umem_get(struct ib_device *dev, s
down_write(¤t->mm->mmap_sem);
vma = find_vma(current->mm, mem->user_base);
+ cur_base = mem->user_base;
- for (cur_base = mem->user_base;
- cur_base < mem->user_base + size;
- cur_base = vma->vm_end) {
+ while (cur_base < mem->user_base + size) {
if (!vma || vma->vm_start > cur_base) {
ret = -ENOMEM;
goto out;
@@ -114,6 +113,7 @@ int ib_umem_get(struct ib_device *dev, s
if (!(vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
vma->vm_flags |= VM_DONTCOPY;
+ cur_base = vma->vm_end;
vma = vma->vm_next;
}
More information about the general
mailing list