Commit fabe874a authored by Arjan van de Ven's avatar Arjan van de Ven Committed by Linus Torvalds
Browse files

lockdep: fix kernel crash on module unload

Michael Wu noticed in his lkml post at

that certain wireless drivers ended up having their name in module
memory, which would then crash the kernel on module unload.

The patch he proposed was a bit clumsy in that it increased the size of
a lockdep entry significantly; the patch below tries another approach,
it checks, on module teardown, if the name of a class is in module space
and then zaps the class.  This is very similar to what we already do
with keys that are in module space.

Signed-off-by: default avatarArjan van de Ven <>
Signed-off-by: default avatarIngo Molnar <>
Acked-by: default avatarPeter Zijlstra <>
Signed-off-by: default avatarLinus Torvalds <>
parent 4784b11c
......@@ -2932,7 +2932,7 @@ static void zap_class(struct lock_class *class)
static inline int within(void *addr, void *start, unsigned long size)
static inline int within(const void *addr, void *start, unsigned long size)
return addr >= start && addr < start + size;
......@@ -2955,9 +2955,12 @@ void lockdep_free_key_range(void *start, unsigned long size)
head = classhash_table + i;
if (list_empty(head))
list_for_each_entry_safe(class, next, head, hash_entry)
list_for_each_entry_safe(class, next, head, hash_entry) {
if (within(class->key, start, size))
else if (within(class->name, start, size))
if (locked)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment