[Nouveau] [Bug 87554] [NV1A] 3.19-rc1 NULL dereference on modprobe in pramin_fini
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Dec 21 07:21:20 PST 2014
https://bugs.freedesktop.org/show_bug.cgi?id=87554
--- Comment #1 from Bruno <bonbons67 at internet.lu> ---
Matching objdump -d -S nouveau.ko:
000136c0 <pramin_fini>:
static void
pramin_fini(void *data)
{
136c0: 55 push %ebp
136c1: 89 e5 mov %esp,%ebp
136c3: 53 push %ebx
136c4: 89 c3 mov %eax,%ebx
static inline void
nv_wr32(void *obj, u32 addr, u32 data)
{
struct nouveau_subdev *subdev = nv_subdev(obj);
nv_spam(subdev, "nv_wr32 0x%06x 0x%08x\n", addr, data);
iowrite32_native(data, subdev->mmio + addr);
136c6: 8b 00 mov (%eax),%eax
136c8: 8b 50 24 mov 0x24(%eax),%edx
136cb: 8b 43 04 mov 0x4(%ebx),%eax
136ce: 81 c2 00 17 00 00 add $0x1700,%edx
136d4: e8 fc ff ff ff call 136d5 <pramin_fini+0x15>
struct priv *priv = data;
nv_wr32(priv->bios, 0x001700, priv->bar0);
kfree(priv);
136d9: 89 d8 mov %ebx,%eax
136db: e8 fc ff ff ff call 136dc <pramin_fini+0x1c>
}
136e0: 5b pop %ebx
136e1: 5d pop %ebp
136e2: c3 ret
136e3: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
136e9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
Source code:
static void
pramin_fini(void *data)
{
struct priv *priv = data;
nv_wr32(priv->bios, 0x001700, priv->bar0);
kfree(priv);
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/nouveau/attachments/20141221/0e9601de/attachment.html>
More information about the Nouveau
mailing list