Re: [2.6.39-rc2, framebuffer] use after free oops

[2.6.39-rc2, framebuffer] use after free oops · Daniel J Blueman <hidden> · 2011-04-10
[2.6.39-rc2, framebuffer] use after free oops · Daniel J Blueman <hidden> · 2011-04-20
Re: [2.6.39-rc2, framebuffer] use after free oops · Bruno Prémont <bonbons@linux-vserver.org> · 2011-04-20
Re: [2.6.39-rc2, framebuffer] use after free oops · Alan Cox <hidden> · 2011-04-20
Re: [2.6.39-rc2, framebuffer] use after free oops · Daniel J Blueman <hidden> · 2011-05-06
Re: [2.6.39-rc2, framebuffer] use after free oops · Anca Emanuel <hidden> · 2011-05-07
Re: [2.6.39-rc2, framebuffer] use after free oops · Daniel J Blueman <hidden> · 2011-05-08

From: Alan Cox <hidden>
Date: 2011-04-20 09:55:45
Also in: lkml

On Wed, 20 Apr 2011 08:05:35 +0200
Bruno Prémont [off-list ref] wrote:

On Wed, 20 Apr 2011 13:50:10 Daniel J Blueman [off-list ref] wrote:

quoted

Any ideas on how best to address this issue [0], since it causes
silent corruption, or at best crashes?

There is probably no easy short-term fix to this...

The short term fix would be to deliberately leak the buffer. That should
go into 2.6.39-rc right now with a comment explaining the situation.
Otherwise who knows what corruption may occur to user data if unlucky.

The other 'cheat' might be to tweak the API so the removal API isn't a
'destroy' interface but a 'shut down' and has a matching 'restart' one
for when the intelfb unloads at which point vga16fb can carry on with the
original fb_info 8)

Alan

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help