From: Peter Hurley <peter@hurleysoftware.com>
To: Dave Jones <davej@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel <linux-kernel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: ipc/testmsg GPF.
Date: Fri, 08 Mar 2013 19:27:01 -0500 [thread overview]
Message-ID: <1362788821.7755.12.camel@thor.lan> (raw)
In-Reply-To: <20130307213819.GB19543@redhat.com>
[ +Andrew Morton ]
On Thu, 2013-03-07 at 16:38 -0500, Dave Jones wrote:
> Trying to reproduce that nd_jump_link trace, but I keep hitting other bugs
> instead. It's like whackamole. Except these are even more annoying
> than moles.
Dave,
I thought I copied you on the 'ipc MSG_COPY fixes' patchset that fixes
this. Or is this gp fault happening with that patchset?
Linus,
The fixes should be in your inbox (from Andrew) titled:
[patch 01/11] ipc: fix potential oops when src msg > 4k w/ MSG_COPY
[patch 02/11] ipc: don't allocate a copy larger than max
> general protection fault: 0000 [#1] PREEMPT SMP
> Modules linked in: rose ax25 phonet lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_filter ip6_tables snd_hda_codec_realtek snd_hda_intel btusb snd_hda_codec bluetooth snd_pcm snd_page_alloc snd_timer snd vhost_net rfkill tun macvtap usb_debug macvlan microcode serio_raw pcspkr kvm_amd soundcore edac_core r8169 mii kvm
> CPU 0
> Pid: 845, comm: trinity-child14 Not tainted 3.9.0-rc1+ #70 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H
> RIP: 0010:[<ffffffff812b7b00>] [<ffffffff812b7b00>] testmsg.isra.1+0x40/0x60
> RSP: 0018:ffff880122b0fe78 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000001
> RDX: 0000000000000002 RSI: 000000002c24a9b2 RDI: 697665642d737983
> RBP: ffff880122b0fe78 R08: fffffff3f14b03ae R09: 0000000000000000
> R10: ffff880127bd8000 R11: 0000000000000000 R12: 000000002c24a9b2
> R13: ffff880123360798 R14: ffff8801233606e8 R15: 697665642d737973
> FS: 00007f2672bd3740(0000) GS:ffff88012ae00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f2672b96068 CR3: 0000000127bc1000 CR4: 00000000000007f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process trinity-child14 (pid: 845, threadinfo ffff880122b0e000, task ffff880127bd8000)
> Stack:
> ffff880122b0ff68 ffffffff812b8e7e ffff8801276d5b90 ffff880127bd8000
> ffff880127bd8000 ffff880127bd8000 0000000000000000 ffffffff812b78c0
> 0000000000000000 ffffffff81c7a260 0000000000000000 0000000000001000
> Call Trace:
> [<ffffffff812b8e7e>] do_msgrcv+0x1de/0x670
> [<ffffffff812b78c0>] ? load_msg+0x180/0x180
> [<ffffffff810b8685>] ? trace_hardirqs_on_caller+0x115/0x1a0
> [<ffffffff81341aae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
> [<ffffffff812b9325>] sys_msgrcv+0x15/0x20
> [<ffffffff816cd982>] system_call_fastpath+0x16/0x1b
> Code: 83 fa 04 74 16 31 c0 5d c3 66 90 ff ca b8 01 00 00 00 74 f3 31 c0 eb ef 0f 1f 00 48 39 37 b8 01 00 00 00 7e e2 31 c0 eb de 66 90 <48> 3b 37 75 d5 b8 01 00 00 00 5d c3 0f 1f 40 00 48 3b 37 74 c5
>
> 0000000000000000 <.text>:
> 0: 48 3b 37 cmp (%rdi),%rsi
> 3: 75 d5 jne 0xffffffffffffffda
> 5: b8 01 00 00 00 mov $0x1,%eax
> a: 5d pop %rbp
> b: c3 retq
> c: 0f 1f 40 00 nopl 0x0(%rax)
> 10: 48 3b 37 cmp (%rdi),%rsi
> 13: 74 c5 je 0xffffffffffffffda
>
> rdi is ascii. "ived-sy�" Curious.
>
> EIP is here in testmsg.
>
> case SEARCH_EQUAL:
> if (msg->m_type == type)
> 240: 48 3b 37 cmp (%rdi),%rsi
> 243: 75 d5 jne 21a <testmsg.isra.1+0x1a>
> {
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2013-03-09 0:27 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-07 2:16 BUG_ON(nd->inode != parent->d_inode); Dave Jones
2013-03-07 15:30 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 17:30 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-07 19:35 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 20:33 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-07 21:38 ` ipc/testmsg GPF Dave Jones
2013-03-07 21:45 ` Linus Torvalds
2013-03-07 21:49 ` David Miller
2013-03-07 21:51 ` Linus Torvalds
2013-03-07 22:03 ` Dave Jones
2013-03-07 22:36 ` pipe_release oops Dave Jones
2013-03-07 23:14 ` fasync_remove_entry oops Dave Jones
2013-03-07 23:46 ` Linus Torvalds
2013-03-07 23:54 ` Dave Jones
2013-03-08 0:20 ` Dave Jones
2013-03-08 0:21 ` pipe_release oops Linus Torvalds
2013-03-08 14:53 ` Dave Jones
2013-03-08 18:30 ` Linus Torvalds
2013-03-08 18:26 ` Jörn Engel
2013-03-10 23:33 ` Al Viro
2013-03-12 19:09 ` Jörn Engel
2013-03-10 22:10 ` Al Viro
2013-03-11 0:35 ` Al Viro
2013-03-11 15:10 ` Linus Torvalds
2013-03-11 18:05 ` Al Viro
2013-03-12 13:06 ` Al Viro
2013-03-12 15:31 ` Linus Torvalds
2013-03-12 19:43 ` Al Viro
2013-03-12 19:56 ` Dave Jones
2013-03-12 20:09 ` Linus Torvalds
2013-03-12 20:51 ` Al Viro
2013-03-27 13:51 ` Yet another pipe related oops Dave Jones
2013-03-27 15:20 ` Al Viro
2013-03-27 16:33 ` Linus Torvalds
2013-03-27 16:53 ` Raymond Jennings
2013-03-27 17:45 ` Al Viro
2013-04-01 20:34 ` Al Viro
2013-04-01 21:00 ` Greg Kroah-Hartman
2013-04-01 21:21 ` Al Viro
2013-04-01 21:44 ` Greg Kroah-Hartman
2013-04-01 23:27 ` Al Viro
2013-04-02 0:22 ` Al Viro
2013-04-02 1:55 ` Greg Kroah-Hartman
2013-03-12 1:27 ` pipe_release oops Dave Jones
2013-03-09 0:27 ` Peter Hurley [this message]
2013-03-09 0:32 ` ipc/testmsg GPF Dave Jones
2013-03-11 18:26 ` Dave Jones
2013-03-11 19:03 ` Peter Hurley
2013-03-12 22:02 ` Andrew Morton
2013-03-12 22:33 ` Dave Jones
2013-03-15 21:21 ` Dave Jones
2013-03-25 16:37 ` Dave Jones
2013-03-25 18:28 ` Peter Hurley
2013-03-25 18:39 ` Dave Jones
2013-03-07 22:18 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 22:50 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-07 23:03 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 23:55 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-11 0:02 ` BUG_ON(nd->inode->i_op->follow_link); Al Viro
2013-03-10 23:04 ` BUG_ON(nd->inode->i_op->follow_link); Al Viro
2013-03-12 18:31 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-08 15:04 ` BUG_ON(nd->inode != parent->d_inode); Dave Jones
2013-03-08 18:51 ` Linus Torvalds
2013-03-08 19:18 ` Dave Jones
2013-03-08 19:20 ` Dave Jones
2013-03-08 19:36 ` Dave Jones
2013-03-08 19:47 ` Linus Torvalds
2013-03-08 21:04 ` Dave Jones
2013-03-08 22:41 ` Linus Torvalds
2013-03-08 23:07 ` Dave Jones
2013-03-08 23:14 ` Dave Jones
2013-03-08 23:20 ` Linus Torvalds
2013-03-08 23:28 ` Linus Torvalds
2013-03-08 23:34 ` Dave Jones
2013-03-08 23:47 ` Dave Jones
2013-03-08 23:51 ` Linus Torvalds
2013-03-08 23:30 ` Dave Jones
2013-03-08 23:45 ` Linus Torvalds
2013-03-08 23:55 ` Dave Jones
2013-03-09 0:02 ` Linus Torvalds
2013-03-09 0:19 ` Dave Jones
2013-03-09 0:29 ` Raymond Jennings
2013-03-09 0:36 ` Dave Jones
2013-03-09 1:18 ` Linus Torvalds
2013-03-09 2:03 ` Dave Jones
2013-03-09 2:08 ` Linus Torvalds
2013-03-09 2:26 ` Dave Jones
2013-03-09 2:56 ` Dave Jones
2013-03-09 2:57 ` Dave Jones
[not found] ` <CA+55aFxyOYXnzDoWr7Utr1QLjjMUCON5EGH3FMvGBHxnxMJmQQ@mail.gmail.com>
2013-03-09 3:25 ` Dave Jones
2013-03-09 3:38 ` Eric W. Biederman
2013-03-09 4:26 ` Dave Jones
2013-03-09 8:28 ` Eric W. Biederman
[not found] ` <CA+55aFweyfew3VU79ZQV4otJcWiF0=xKXxDtADXcccNxGaqMwA@mail.gmail.com>
2013-03-09 3:50 ` Dave Jones
2013-03-09 4:31 ` Linus Torvalds
2013-03-09 4:39 ` Dave Jones
2013-03-09 5:13 ` Sasha Levin
2013-03-09 5:16 ` Dave Jones
2013-03-09 3:27 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1362788821.7755.12.camel@thor.lan \
--to=peter@hurleysoftware.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.