kernel-fxtec-pro1x/drivers/media/video
Mauro Carvalho Chehab 5993a663a9 V4L/DVB (10305): videobuf-vmalloc: Fix: videobuf memory were never freed
videobuf_vmalloc_free() is never freeing the video buffer memory. Due to
that, after multiple open/closes, user can suffer a panic:

Kernel BUG at mm/slab.c:2650
invalid opcode: 0000 [1] SMP
last sysfs file: /class/video4linux/video0/dev
CPU 4
Modules linked in: vivi(U) videodev(U) v4l1_compat(U) v4l2_compat_ioctl32(U) videobuf_vmalloc(U) videobuf_core(U) ipv6 xfrm_nalgo autofs4 vmnet(U) vmblock(U) vmci(U) vmmon(U) ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables cpufreq_ondemand dm_mirror dm_log dm_multipath scsi_dh dm_mod video backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp testmgr_cipher testmgr aead crypto_blkcipher crypto_algapi crypto_api arc4 snd_hda_intel nvidia(PFU) snd_seq_dummy snd_seq_oss snd_seq_midi_event rt73usb crc_itu_t snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss tg3 sr_mod snd_pcm snd_timer snd_page_alloc snd_hwdep pcspkr rt2500usb cdrom rt2x00usb rt2x00lib libphy snd parport_pc soundcore shpchp serio_raw i2c_i801 i5400_edac parport ata_piix sg mac80211 edac_mc i2c_core cfg80211 ahci libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 6215, comm: v4l-stress-buff Tainted: PF     2.6.18-118.el5 #1
RIP: 0010:[<ffffffff80017506>]  [<ffffffff80017506>] cache_grow+0x1e/0x395
RSP: 0018:ffff810128a35d28  EFLAGS: 00010006
RAX: 0000000000000000 RBX: 00000000000080d0 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 00000000000080d0 RDI: ffff8101042d8340
RBP: ffff8101042ce5e0 R08: ffff81012fc1e8c0 R09: ffff8101042eac00
R10: 0000000000000000 R11: ffffffff882a5139 R12: ffff8101042d8340
R13: ffff8101042ce5c0 R14: 0000000000000000 R15: ffff8101042d8340
FS:  0000000000000000(0000) GS:ffff81012fc24d40(0063) knlGS:00000000f7f706c0
CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
CR2: 00000000f7f9a000 CR3: 0000000117ad0000 CR4: 00000000000006e0
Process v4l-stress-buff (pid: 6215, threadinfo ffff810128a34000, task ffff810128fcb820)
Stack:  ffffc20012a39000 0000004415173ff8 ffff810000011c10 000280d200000000
 0000000000000002 00000000ffffffff ffff8101042ce5e0 ffff81012fc1e8c0
 ffff8101042ce5c0 000000000000000c ffff8101042d8340 ffffffff8005bdde
Call Trace:
 [<ffffffff8005bdde>] cache_alloc_refill+0x136/0x186
 [<ffffffff800d7822>] kmem_cache_alloc_node+0x98/0xb2
 [<ffffffff800cda1f>] __vmalloc_area_node+0x62/0x153
 [<ffffffff800cdd65>] vmalloc_user+0x15/0x50
 [<ffffffff882a521f>] :videobuf_vmalloc:__videobuf_iolock+0xe6/0x155
 [<ffffffff8838f958>] :vivi:buffer_prepare+0xb9/0xe6
 [<ffffffff882981f3>] :videobuf_core:__videobuf_read_start+0xa2/0x10f
 [<ffffffff882983e6>] :videobuf_core:videobuf_read_stream+0x9c/0x1f3
 [<ffffffff8000b3f3>] vfs_read+0xcb/0x171
 [<ffffffff80011967>] sys_read+0x45/0x6e
 [<ffffffff8006149b>] sysenter_do_call+0x1b/0x67

Code: 0f 0b 68 af 1e 2a 80 c2 5a 0a f6 c7 20 0f 85 53 03 00 00 89
RIP  [<ffffffff80017506>] cache_grow+0x1e/0x395
 RSP <ffff810128a35d28>
 <0>Kernel panic - not syncing: Fatal exception

Thanks to Douglas Schilling Landgraf <dougsland@gmail.com> for writing a
stress tool for testing and to Robert Krakora <rob.krakora@messagenetsystems.com>
to trace the code and discover the point where the bug were happening.
Thanks also to Magnus Damm <damm@igel.co.jp> that provided us a fix for
a similar bug on videobuf-dma-contig.

Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-03-30 12:42:27 -03:00
..
au0828
bt8xx V4L/DVB (10299): bttv: Add support for IVCE-8784 support for V4L2 bttv driver 2009-03-30 12:42:26 -03:00
cpia2 V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
cx18 V4L/DVB (10284): cx18: Add initial entry for a Leadtek DVR3100 H hybrid card 2009-03-30 12:42:25 -03:00
cx88 Merge branch 'topic/snd_card_new-err' into for-linus 2009-03-24 00:35:35 +01:00
cx23885 V4L/DVB (10269): Add support for DVBWorld DVBS2 PCI-e 2005. 2009-03-30 12:42:24 -03:00
cx25840 V4L/DVB (10251): cx25840: add comments explaining what the init() does. 2009-03-30 12:42:23 -03:00
em28xx V4L/DVB (10291): em28xx: fix VIDIOC_G_CTRL when there is no msp34xx device. 2009-03-30 12:42:26 -03:00
et61x251 V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
gspca V4L/DVB (10789): m5602-s5k4aa: Split up the initial sensor probe in chunks. 2009-03-05 20:33:37 -03:00
ivtv V4L/DVB (10276): cx18, cx2341x, ivtv: Add AC-3 audio encoding control to cx18 2009-03-30 12:42:24 -03:00
ovcamchip i2c: Drop I2C_CLASS_CAM_DIGITAL 2009-01-07 14:29:17 +01:00
pvrusb2 V4L/DVB (10303): pvrusb2: Use usb_make_path() to determine device bus location 2009-03-30 12:42:26 -03:00
pwc V4L/DVB (10242): pwc: add support for webcam snapshot button 2009-03-30 12:42:22 -03:00
saa7134 V4L/DVB (10249): v4l2-common: added v4l2_i2c_tuner_addrs() 2009-03-30 12:42:22 -03:00
sn9c102 V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
usbvideo V4L/DVB (10185): Use negated usb_endpoint_xfer_control, etc 2009-01-07 22:18:56 -02:00
usbvision V4L/DVB (10298): remove err macro from few usb devices 2009-03-30 12:42:26 -03:00
uvc V4L/DVB (10296): uvcvideo: Fix memory leak in input device handling 2009-03-30 12:42:26 -03:00
zc0301 V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
zoran V4L/DVB (10834): zoran: auto-select bt866 for AverMedia 6 Eyes 2009-03-05 20:33:37 -03:00
adv7170.c
adv7175.c
arv.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
bt819.c
bt856.c
bt866.c
btcx-risc.c
btcx-risc.h
bw-qcam.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
bw-qcam.h
c-qcam.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
cafe_ccic-regs.h
cafe_ccic.c i2c: Drop I2C_CLASS_CAM_DIGITAL 2009-01-07 14:29:17 +01:00
cpia.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
cpia.h
cpia_pp.c
cpia_usb.c
cs53l32a.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
cs5345.c V4L/DVB (10193): removed unused #include <version.h>'s 2009-01-29 08:35:36 -02:00
cs8420.h
cx2341x.c V4L/DVB (10277): cx18, cx2341x: Fix bugs in cx18 AC3 control and comply with V4L2 spec 2009-03-30 12:42:25 -03:00
dabusb.c V4L/DVB (10298): remove err macro from few usb devices 2009-03-30 12:42:26 -03:00
dabusb.h
font.h
hexium_gemini.c V4L/DVB (10271): saa7146: convert to video_ioctl2. 2009-03-30 12:42:24 -03:00
hexium_orion.c V4L/DVB (10271): saa7146: convert to video_ioctl2. 2009-03-30 12:42:24 -03:00
ibmmpeg2.h
indycam.c
indycam.h
ir-kbd-i2c.c V4L/DVB (9521): V4L: struct device - replace bus_id with dev_name(), dev_set_name() 2008-12-29 17:53:26 -02:00
Kconfig V4L/DVB (10099): soc-camera: add support for MT9T031 CMOS camera sensor from Micron 2008-12-30 09:40:30 -02:00
ks0127.c
ks0127.h
m52790.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
Makefile V4L/DVB (10137): v4l2-compat32: only build if needed 2009-01-02 17:11:25 -02:00
meye.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
meye.h
msp3400-driver.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
msp3400-driver.h V4L/DVB (9825): msp3400: convert to v4l2_subdev. 2008-12-30 09:38:39 -02:00
msp3400-kthreads.c V4L/DVB (9825): msp3400: convert to v4l2_subdev. 2008-12-30 09:38:39 -02:00
mt9m001.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
mt9m111.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
mt9t031.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
mt9v022.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
mxb.c V4L/DVB (10271): saa7146: convert to video_ioctl2. 2009-03-30 12:42:24 -03:00
mxb.h
omap24xxcam-dma.c V4L/DVB (9815): omap2: add OMAP2 camera driver. 2008-12-30 09:38:35 -02:00
omap24xxcam.c [ARM] omap: omap24xxcam: use short connection IDs for omap2 clocks 2009-02-08 17:50:22 +00:00
omap24xxcam.h V4L/DVB (9815): omap2: add OMAP2 camera driver. 2008-12-30 09:38:35 -02:00
ov511.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
ov511.h
ov772x.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
ov7670.c i2c: Drop I2C_CLASS_CAM_DIGITAL 2009-01-07 14:29:17 +01:00
pms.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
pxa_camera.c Merge branch 'for-rmk' of git://git.pengutronix.de/git/imx/linux-2.6 into devel 2009-03-13 21:44:51 +00:00
s2255drv.c V4L/DVB (10298): remove err macro from few usb devices 2009-03-30 12:42:26 -03:00
saa711x_regs.h
saa717x.c V4L/DVB (10193): removed unused #include <version.h>'s 2009-01-29 08:35:36 -02:00
saa5246a.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
saa5249.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
saa6588.c
saa7110.c V4L/DVB (9372): Minor fixes to the saa7110 driver 2008-11-11 08:11:23 -02:00
saa7111.c
saa7114.c
saa7115.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
saa7121.h
saa7127.c V4L/DVB (10216): saa7127: fix broken S-Video with saa7129 2009-01-29 08:35:38 -02:00
saa7146.h
saa7146reg.h
saa7185.c
saa7191.c
saa7191.h
se401.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
se401.h
sh_mobile_ceu_camera.c V4L/DVB (10663): soc-camera: fix S_CROP breakage on PXA and SuperH 2009-02-26 22:29:18 -03:00
soc_camera.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
soc_camera_platform.c V4L/DVB (10080): soc-camera: readability improvements, more strict operations checks 2008-12-30 09:40:21 -02:00
stk-sensor.c
stk-webcam.c V4L/DVB (10135): v4l2: introduce v4l2_file_operations. 2009-01-02 17:11:12 -02:00
stk-webcam.h
stradis.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
stv680.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
stv680.h
tcm825x.c
tcm825x.h
tda7432.c V4L/DVB (9964): tda7432: convert to v4l2_subdev. 2008-12-30 09:39:31 -02:00
tda9840.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
tda9840.h
tda9875.c V4L/DVB (10248): v4l-dvb: fix a bunch of compile warnings. 2009-01-29 08:38:04 -02:00
tea6415c.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
tea6415c.h
tea6420.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
tea6420.h
tlv320aic23b.c V4L/DVB (9963): tlv320aic23b: convert to v4l2_subdev. 2008-12-30 09:39:31 -02:00
tuner-core.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
tvaudio.c V4L/DVB (10832): tvaudio: Avoid breakage with tda9874a 2009-03-05 20:33:37 -03:00
tveeprom.c V4L/DVB (10209): tveeprom: Properly initialize tuner type (BZ#11367) 2009-01-29 08:35:37 -02:00
tvp514x.c V4L/DVB (10202): [PATCH] v4l/tvp514x: Don't write after line end 2009-01-29 08:35:37 -02:00
tvp514x_regs.h V4L/DVB (9817): v4l: add new tvp514x I2C video decoder driver 2008-12-30 09:38:36 -02:00
tvp5150.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
tvp5150_reg.h
tw9910.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
upd64031a.c V4L/DVB (10193): removed unused #include <version.h>'s 2009-01-29 08:35:36 -02:00
upd64083.c V4L/DVB (10193): removed unused #include <version.h>'s 2009-01-29 08:35:36 -02:00
v4l1-compat.c poll: allow f_op->poll to sleep 2009-01-06 15:59:12 -08:00
v4l2-common.c V4L/DVB (10249): v4l2-common: added v4l2_i2c_tuner_addrs() 2009-03-30 12:42:22 -03:00
v4l2-compat-ioctl32.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
v4l2-dev.c V4L/DVB (10139): v4l: rename v4l_compat_ioctl32 to v4l2_compat_ioctl32 2009-01-02 17:11:39 -02:00
v4l2-device.c v4l: struct device - replace bus_id with dev_name(), dev_set_name() 2009-03-24 16:38:22 -07:00
v4l2-int-device.c V4L/DVB (9322): v4l2-int-if: Export more interfaces to modules 2008-10-21 14:31:20 -02:00
v4l2-ioctl.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
v4l2-subdev.c V4L/DVB (10231): v4l2-subdev: add v4l2_ext_controls support 2009-03-30 12:42:20 -03:00
videobuf-core.c
videobuf-dma-contig.c V4L/DVB (10304): buf-dma-contig: fix USERPTR free handling 2009-03-30 12:42:27 -03:00
videobuf-dma-sg.c V4L/DVB (10176a): Switch remaining clear_user_page users over to clear_user_highpage 2009-01-07 22:18:54 -02:00
videobuf-dvb.c V4L/DVB (9335): videobuf: split unregister bus creating self-contained frontend de-allocator 2008-10-21 14:32:08 -02:00
videobuf-vmalloc.c V4L/DVB (10305): videobuf-vmalloc: Fix: videobuf memory were never freed 2009-03-30 12:42:27 -03:00
vino.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
vino.h
vivi.c V4L/DVB (10211): vivi: Implements 4 inputs on vivi 2009-03-30 12:42:20 -03:00
vp27smpx.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
vpx3220.c
w9966.c V4L/DVB (10138): v4l2-ioctl: change to long return type to match unlocked_ioctl. 2009-01-02 17:11:34 -02:00
w9968cf.c i2c: Drop I2C_CLASS_CAM_DIGITAL 2009-01-07 14:29:17 +01:00
w9968cf.h
w9968cf_decoder.h
w9968cf_vpp.h
wm8739.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
wm8775.c V4L/DVB (10141): v4l2: debugging API changed to match against driver name instead of ID. 2009-01-02 17:11:52 -02:00
zr364xx.c V4L/DVB (10263): zr364xx: add support for Aiptek DV T300 2009-03-30 12:42:23 -03:00