* [uml-devel] 2.6.15-rc2
@ 2005-11-30 4:20 Michael Richardson
2005-11-30 13:39 ` Rob Landley
2005-12-03 3:47 ` [uml-devel] 2.6.15-rc2 Blaisorblade
0 siblings, 2 replies; 7+ messages in thread
From: Michael Richardson @ 2005-11-30 4:20 UTC (permalink / raw)
To: user-mode-linux-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Running a kernel which is not 2.6.15-rc2 (but a couple of merges back,
looking for a place where it works), I get:
Initializing software serial port version 1
Failed to open 'root_fs', errno = 2
RAMDISK: cramfs filesystem found at block 0
RAMDISK: Loading 1228KiB [1 disk] into ram disk... done.
VFS: Mounted root (cramfs filesystem) readonly.
Stub registers -
0 - bffff000
1 - 1000
2 - 3
3 - 11
4 - 3
5 - 0
6 - bffff000
7 - 7b
8 - 7b
9 - 0
10 - 0
11 - ffffffff
12 - bfffe092
13 - 73
14 - 10246
15 - bffff7fc
16 - 7b
Kernel panic - not syncing: copy_context_skas0 : failed to wait for SIGUSR1/SIGTRAP, pid = 5136, n = 5136, errno = 0, status = 0xb7f
If I try with "mode=tt", (vs skas0) it boots, but on shutdown, I get:
EIP: 0073:[<40101e18>] CPU: 0 Not tainted ESP: 007b:bf8cec8c EFLAGS: 00000246
Not tainted
EAX: ffffffda EBX: 40189880 ECX: ffffffff EDX: 00000000
ESI: bf8ced38 EDI: 00000000 EBP: bf8cec98 DS: 007b ES: 007b
a09ff800: [<a00395bf>] show_regs+0x1cf/0x1e0
a09ff828: [<a001d25c>] panic_exit+0x2c/0x50
a09ff838: [<a00506cd>] notifier_call_chain+0x2d/0x50
a09ff858: [<a003d922>] panic+0x72/0x110
a09ff874: [<a0022d1e>] wait_stub_done+0xfe/0x180
a09ff8f4: [<a0023792>] copy_context_skas0+0x1c2/0x270
a09ff9d4: [<a0022aac>] init_new_context_skas+0x11c/0x1b0
a09ffa08: [<a003bf97>] copy_mm+0x367/0x3a0
a09ffa50: [<a003c969>] copy_process+0x499/0xe60
a09ffb40: [<a003d39e>] do_fork+0x6e/0x1ca
a09ffbac: [<a001a33b>] sys_fork+0x8b/0xb0
a09ffbe0: [<a0024512>] handle_syscall+0x112/0x140
a09ffc5c: [<a0022ed1>] handle_trap+0x31/0x140
a09ffc84: [<a002357a>] userspace+0x1da/0x230
a09ffce0: [<a0023f35>] new_thread_handler+0xe5/0x120
a09ffd20: [<a01cb468>] __restore+0x0/0x8
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ40ooYCLcPvd0N1lAQKgQAgAm4Zqe5GwOORmKwklwJ1j6VyAxxdDikYg
d10leRKAy+wDi1/TMqhrGgyZ3DUy4O0kr1rbK7n6iMUeo8CrH1WCscNGXc5WbUnC
eLLv9SP/qDkn3ghe0/RXq8YHB+LqciDFSp+yMD27YNCND0Dn3N1yHYMN6u4CJXX6
zNgUKljzDQzeQIlxPN4z3uBsJLcwK+VUyOS51ti4KDcbhkGBKSozCFhxqwze2yTc
1I4CjH2oXXK5b8kJ5ohecz4ZAcGJ8SlbpujxoPNCvIMhFVeoRpHuNkf60y/R0iTL
jY65J3c47noU8gecD19Vs5eI+XDfO6o0vmgKDu3NaCXb2oacdLRXcQ==
=qQzM
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [uml-devel] 2.6.15-rc2 2005-11-30 4:20 [uml-devel] 2.6.15-rc2 Michael Richardson @ 2005-11-30 13:39 ` Rob Landley 2005-11-30 16:34 ` Michael Richardson 2005-12-03 3:47 ` [uml-devel] 2.6.15-rc2 Blaisorblade 1 sibling, 1 reply; 7+ messages in thread From: Rob Landley @ 2005-11-30 13:39 UTC (permalink / raw) To: user-mode-linux-devel; +Cc: Michael Richardson On Tuesday 29 November 2005 22:20, Michael Richardson wrote: > Running a kernel which is not 2.6.15-rc2 (but a couple of merges back, > looking for a place where it works), I get: This broke for me too. The fix went into -rc3. Rob -- Steve Ballmer: Innovation! Inigo Montoya: You keep using that word. I do not think it means what you think it means. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [uml-devel] 2.6.15-rc2 2005-11-30 13:39 ` Rob Landley @ 2005-11-30 16:34 ` Michael Richardson 2005-11-30 17:27 ` Rob Landley 0 siblings, 1 reply; 7+ messages in thread From: Michael Richardson @ 2005-11-30 16:34 UTC (permalink / raw) To: Rob Landley; +Cc: user-mode-linux-devel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What was the fix? Are you using a cramfs initrd? I built against the v2.6.15-rc3 tag in GIT, and I saw the same failure. I'm going to make clean again (the rm -rf way) and try again to be sure... - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Finger me for keys iQEVAwUBQ43UloCLcPvd0N1lAQI1kwf/ZaMKdkJQ1vXmYZlPZ4J9RLgql49fcs0N CG5BOL8hKRfE0iGwJdNJ1w1IYScshcqrKO9+OX6Xvvg0s0pOHQxTB57hdYqYPTvt FWcwxGfrHRHGKjHO3swvfrr2IOkuOBZca66ji4wVGpnwV4v/oPiZRU9UR5PY/sPf ECyypB0yaguYc7Y5phA5siMIq0yJQcYNnIaMhP3XEQjfEgYFu9/Gf6PJT6lLibUc fujxIVHHlrdzX7rv/gSCJUIXR8SxDGw3hvkupHXnODtmpDax/EuJtGEkybQALo6c lgb+XJFo7Y2JRWMX6uqEl9mooBhg/MkMLzNe7HohIqbv3yu8mIEElA== =jE4/ -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [uml-devel] 2.6.15-rc2 2005-11-30 16:34 ` Michael Richardson @ 2005-11-30 17:27 ` Rob Landley 2005-12-01 16:03 ` [uml-devel] 2.6.15-rc2 Michael Richardson 0 siblings, 1 reply; 7+ messages in thread From: Rob Landley @ 2005-11-30 17:27 UTC (permalink / raw) To: Michael Richardson; +Cc: user-mode-linux-devel On Wednesday 30 November 2005 10:34, Michael Richardson wrote: > What was the fix? A quick check through the past few pages of: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=shortlog Finds these four commits: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aa1a64ee12ae130706f3fc0007841ce9b0ddf9c2 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17d469715c6453e4994e6617e8f644bf10f38584 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e23181deec0d2a8be576faf9d71211abb84d5ccc http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=39d730ab87f07592e3a3794353f097d5184cae7a Click "commitdiff" and then right click on "plain" and save as. > Are you using a cramfs initrd? Nope. Squashfs. (Last time I tried cramfs it had some _serious_ size limitations.) And for testing, I just go: ./linux rootfstype=hostfs rw init=/bin/sh No special setup required at all, just borrow the host system's root directory. (You probably want to "mount -t proc /proc /proc" and "mount -t tmpfs /dev/shm", and "mount -t devpts /dev/pts" before doing anything _too_ fancy.) Getting ctrl-C to work took a bit of doing, but I posted a oneit.c file I made that does it, a while back... > I built against the v2.6.15-rc3 tag in GIT, and I saw the same failure. > I'm going to make clean again (the rm -rf way) and try again to be > sure... Yeah, neither make ARCH=um clean nor make ARCH=um distclean seem to actually delete all the files a UML build makes. I may do something about that one of these days... Rob -- Steve Ballmer: Innovation! Inigo Montoya: You keep using that word. I do not think it means what you think it means. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* [uml-devel] Re: 2.6.15-rc2 2005-11-30 17:27 ` Rob Landley @ 2005-12-01 16:03 ` Michael Richardson 2005-12-03 3:46 ` Blaisorblade 0 siblings, 1 reply; 7+ messages in thread From: Michael Richardson @ 2005-12-01 16:03 UTC (permalink / raw) To: user-mode-linux-devel, jdike [-- Attachment #1: Type: text/plain, Size: 9074 bytes --] okay, I don't quite understand, but it seemds that -rc2 is okay, but -rc3 is failing. (-rc2 was failing as far as I could tell on Monday. Maybe I wasn't running the kernel I thought I was). Using git bisect, I've reduced the problem to: 39d730ab87f07592e3a3794353f097d5184cae7a is first bad commit diff-tree 39d730ab87f07592e3a3794353f097d5184cae7a (from 18317ab0ca5ac0c654be3eac31ebb781b4a5e9b2) Author: Jeff Dike <jdike@addtoit.com> Date: Mon Nov 21 21:32:04 2005 -0800 [PATCH] uml: eliminate use of local in clone stub We have a bug in the i386 stub_syscall6 which pushes ebp before the system call and pops it afterwards. Because we use syscall6 to remap the stack, the old contents of the stack (and the former value of ebp) are no longer available. Some versions of gcc make from a real local, accessed through ebp, despite my efforts to make it obvious that references to from are really constants. This patch attempts to make it even more obvious by eliminating from and using a macro to access the stub's data explicitly with constants. My original thinking on this was to replace syscall6 with a remap_stack interface which saved ebp someplace and restored it afterwards. The problem is that there are no registers to put it in, except for esp. That could work, since we can store a constant in esp after the mmap because we just replaced the stack. However, this approach seems a tad cleaner. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> === Sigh. I know that this was an annoying fix. The fault that I get: RAMDISK: cramfs filesystem found at block 0 RAMDISK: Loading 1228KiB [1 disk] into ram disk... done. VFS: Mounted root (cramfs filesystem) readonly. Stub registers - 0 - bffff000 1 - 1000 2 - 3 3 - 11 4 - 3 5 - 0 6 - bffff000 7 - 7b 8 - 7b 9 - 0 10 - 0 11 - ffffffff 12 - bfffe092 13 - 73 14 - 10246 15 - bffff7fc 16 - 7b Kernel panic - not syncing: copy_context_skas0 : failed to wait for SIGUSR1/SIGTRAP, pid = 32345, n = 32345, errno = 0, status = 0xb7f (copy of initrd at: http://www.sandelman.ottawa.on.ca/tmp/initrd.uml . umlroot= is interpreted by it as a hostfs to mount after mounting tmpfs on /dev) marajade-[/mara6/openswan/openswan.git] mcr 1070 %gdb /mara1/git/uml-2.6.15/O/um-01/linux GNU gdb 6.3-debian ... (gdb) set args initrd=/mara6/sandboxes/openswan.git/UMLPOOL/initrd.uml umlroot=/mara6/sandboxes/openswan.git/UMLPOOL/east/root root=/dev/root rw ssl=pty umid=east (gdb) run (gdb) c Continuing. Program received signal SIGUSR1, User defined signal 1. 0xa018c031 in kill () at swab.h:134 (gdb) handle SIGUSR1 nostop noprint Signal Stop Print Pass to program Description SIGUSR1 No No Yes User defined signal 1 (gdb) c Continuing Program received signal SIGSEGV, Segmentation fault. zlib_inflateInit2_ (z=0xa0309360, w=15, version=0xa280005c <Address 0xa280005c out of bounds>, stream_size=48) at /mara1/git/uml-2.6.15/lib/zlib_inflate/inflate.c:57 57 z->state->blocks = NULL; (gdb) bt #0 zlib_inflateInit2_ (z=0xa0309360, w=15, version=0xa280005c <Address 0xa280005c out of bounds>, stream_size=48) at /mara1/git/uml-2.6.15/lib/zlib_inflate/inflate.c:57 #1 0xa00ec858 in zlib_inflateInit_ (z=0xa280005c, version=0xa280005c <Address 0xa280005c out of bounds>, stream_size=-1568669604) at /mara1/git/uml-2.6.15/lib/zlib_inflate/inflate.c:109 #2 0xa00cb122 in cramfs_uncompress_init () at /mara1/git/uml-2.6.15/fs/cramfs/uncompress.c:66 #3 0xa000e07b in init_cramfs_fs () at /mara1/git/uml-2.6.15/fs/cramfs/inode.c:548 #4 0xa000170b in do_initcalls () at /mara1/git/uml-2.6.15/init/main.c:578 #5 0xa00017d1 in do_basic_setup () at /mara1/git/uml-2.6.15/init/main.c:620 #6 0xa0014221 in init (unused=0x0) at /mara1/git/uml-2.6.15/init/main.c:693 #7 0xa0031c49 in run_kernel_thread (fn=0xa00141e0 <init>, arg=0x0, jmp_ptr=0xa280005c) at /mara1/git/uml-2.6.15/arch/um/os-Linux/process.c:216 #8 0xa0022ed3 in new_thread_handler (sig=10) at thread_info.h:47 #9 <signal handler called> #10 0xa018c031 in kill () at swab.h:134 #11 0x00000000 in ?? () #12 0x00000000 in ?? () #13 0x00000000 in ?? () #14 0x00000000 in ?? () #15 0xa021b574 in init_thread_union () #16 0xa021cf2c in init_task () #17 0xa09caaf8 in ?? () #18 0xa021b6c0 in init_thread_union () #19 0xa00229e0 in new_thread (stack=0xa021cf2c, switch_buf_ptr=0x0, fork_buf_ptr=0x0, handler=0xa00229e0 <new_thread+96>) at /mara1/git/uml-2.6.15/arch/um/kernel/skas/process.c:454 gcc version 3.3.5 (Debian 1:3.3.5-13) %objdump --disassemble -S O/um-01/arch/um/kernel/skas/clone.o >|clone.S O/um-01/arch/um/kernel/skas/clone.o: file format elf32-i386 Disassembly of section .__syscall_stub: 00000000 <stub_clone_handler>: #define STUB_DATA(field) (((struct stub_data *) UML_CONFIG_STUB_DATA)->field) void __attribute__ ((__section__ (".__syscall_stub"))) stub_clone_handler(void) { 0: 55 push %ebp 1: ba 78 00 00 00 mov $0x78,%edx 6: 89 e5 mov %esp,%ebp 8: b9 fc f7 ff bf mov $0xbffff7fc,%ecx d: 89 d0 mov %edx,%eax f: 83 ec 18 sub $0x18,%esp 12: 89 5d f4 mov %ebx,0xfffffff4(%ebp) 15: bb 11 84 00 00 mov $0x8411,%ebx 1a: 89 75 f8 mov %esi,0xfffffff8(%ebp) 1d: 89 7d fc mov %edi,0xfffffffc(%ebp) 20: cd 80 int $0x80 22: 89 45 f0 mov %eax,0xfffffff0(%ebp) long err; err = stub_syscall2(__NR_clone, CLONE_PARENT | CLONE_FILES | SIGCHLD, UML_CONFIG_STUB_DATA + PAGE_SIZE / 2 - sizeof(void *)); if(err != 0) 25: 85 c0 test %eax,%eax 27: 75 6c jne 95 <stub_clone_handler+0x95> 29: 8b 5d f0 mov 0xfffffff0(%ebp),%ebx 2c: bf 1a 00 00 00 mov $0x1a,%edi 31: 89 f8 mov %edi,%eax 33: 89 d9 mov %ebx,%ecx 35: 89 da mov %ebx,%edx 37: 89 de mov %ebx,%esi 39: cd 80 int $0x80 3b: 89 45 f0 mov %eax,0xfffffff0(%ebp) goto out; err = stub_syscall4(__NR_ptrace, PTRACE_TRACEME, 0, 0, 0); if(err) 3e: 85 c0 test %eax,%eax 40: 75 53 jne 95 <stub_clone_handler+0x95> 42: be 68 00 00 00 mov $0x68,%esi 47: bb 01 00 00 00 mov $0x1,%ebx 4c: 8b 55 f0 mov 0xfffffff0(%ebp),%edx 4f: b9 08 f0 ff bf mov $0xbffff008,%ecx 54: 89 f0 mov %esi,%eax 56: cd 80 int $0x80 58: 89 45 f0 mov %eax,0xfffffff0(%ebp) goto out; err = stub_syscall3(__NR_setitimer, ITIMER_VIRTUAL, (long) &STUB_DATA(timer), 0); if(err) 5b: 85 c0 test %eax,%eax 5d: 75 36 jne 95 <stub_clone_handler+0x95> 5f: 8b 35 04 f0 ff bf mov 0xbffff004,%esi 65: bb 00 f0 ff bf mov $0xbffff000,%ebx 6a: b9 00 10 00 00 mov $0x1000,%ecx 6f: ba 03 00 00 00 mov $0x3,%edx 74: 89 75 ec mov %esi,0xffffffec(%ebp) 77: 8b 3d 00 f0 ff bf mov 0xbffff000,%edi 7d: be 11 00 00 00 mov $0x11,%esi 82: 89 f8 mov %edi,%eax 84: 8b 7d ec mov 0xffffffec(%ebp),%edi 87: 55 push %ebp 88: 89 c5 mov %eax,%ebp 8a: b8 c0 00 00 00 mov $0xc0,%eax 8f: cd 80 int $0x80 91: 5d pop %ebp 92: 89 45 f0 mov %eax,0xfffffff0(%ebp) goto out; err = stub_syscall6(STUB_MMAP_NR, UML_CONFIG_STUB_DATA, PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_SHARED, STUB_DATA(fd), STUB_DATA(offset)); out: /* save current result. Parent: pid; child: retcode of mmap */ STUB_DATA(err) = err; 95: 8b 45 f0 mov 0xfffffff0(%ebp),%eax 98: a3 18 f0 ff bf mov %eax,0xbffff018 9d: cc int3 trap_myself(); } 9e: 8b 5d f4 mov 0xfffffff4(%ebp),%ebx a1: 8b 75 f8 mov 0xfffffff8(%ebp),%esi a4: 8b 7d fc mov 0xfffffffc(%ebp),%edi a7: 89 ec mov %ebp,%esp a9: 5d pop %ebp aa: c3 ret -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ [-- Attachment #2: Type: application/pgp-signature, Size: 480 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [uml-devel] Re: 2.6.15-rc2 2005-12-01 16:03 ` [uml-devel] 2.6.15-rc2 Michael Richardson @ 2005-12-03 3:46 ` Blaisorblade 0 siblings, 0 replies; 7+ messages in thread From: Blaisorblade @ 2005-12-03 3:46 UTC (permalink / raw) To: user-mode-linux-devel; +Cc: Michael Richardson, jdike On Thursday 01 December 2005 17:03, Michael Richardson wrote: > okay, I don't quite understand, but it seemds that -rc2 is okay, but -rc3 > is failing. (-rc2 was failing as far as I could tell on Monday. Maybe I > wasn't running the kernel I thought I was). > Using git bisect, must learn that, yep... > I've reduced the problem to: Yes, this happens due to GCC doing quite the opposite of what the patch should do, in the immediately following line. I've experienced this one too. > 39d730ab87f07592e3a3794353f097d5184cae7a is first bad commit > diff-tree 39d730ab87f07592e3a3794353f097d5184cae7a (from > Stub registers - > 12 - bfffe092 This is the content of EIP. > Kernel panic - not syncing: copy_context_skas0 : failed to wait for > SIGUSR1/SIGTRAP, pid = 32345, n = 32345, errno = 0, status = 0xb7f Ok - status = stopped for SIGSEGV. > Program received signal SIGSEGV, Segmentation fault. This backtrace is quite different from the other one - and checking for independent problems with cramfs may be worth... However, let's go back on main problem (below). > zlib_inflateInit2_ (z=0xa0309360, w=15, > version=0xa280005c <Address 0xa280005c out of bounds>, stream_size=48) > at /mara1/git/uml-2.6.15/lib/zlib_inflate/inflate.c:57 > 57 z->state->blocks = NULL; > (gdb) bt > #0 zlib_inflateInit2_ (z=0xa0309360, w=15, > version=0xa280005c <Address 0xa280005c out of bounds>, stream_size=48) > at /mara1/git/uml-2.6.15/lib/zlib_inflate/inflate.c:57 Ok, here we replace the stack, in the below int 0x80. The old stack contents are not copied, and we have random crap on the new stack. > 8a: b8 c0 00 00 00 mov $0xc0,%eax > 8f: cd 80 int $0x80 > 91: 5d pop %ebp Here we pop an invalid value into ebp - so we need to keep GCC from using %ebp afterwards. This will fail. Notice the "92" - it matches last digits of EIP (the rest can change due to relocation, but the last digits are a good ID of the instruction). > 92: 89 45 f0 mov %eax,0xfffffff0(%ebp) %eax is the return value of the syscall. Gcc saves it on the stack and puts it back on %eax, but only with the patch. > 95: 8b 45 f0 mov 0xfffffff0(%ebp),%eax > 98: a3 18 f0 ff bf mov %eax,0xbffff018 The patch is intended to make sure the _above_ instruction is assembled correctly. > 9d: cc int3 > trap_myself(); > } The below is ignored thanks to the int3. -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Messenger: chiamate gratuite in tutto il mondo http://it.messenger.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [uml-devel] 2.6.15-rc2 2005-11-30 4:20 [uml-devel] 2.6.15-rc2 Michael Richardson 2005-11-30 13:39 ` Rob Landley @ 2005-12-03 3:47 ` Blaisorblade 1 sibling, 0 replies; 7+ messages in thread From: Blaisorblade @ 2005-12-03 3:47 UTC (permalink / raw) To: user-mode-linux-devel; +Cc: Michael Richardson On Wednesday 30 November 2005 05:20, Michael Richardson wrote: > Running a kernel which is not 2.6.15-rc2 (but a couple of merges back, > looking for a place where it works), I get: > If I try with "mode=tt", (vs skas0) it boots, but on shutdown, I get: I got it too, and actually I think it's triggerable by playing with proc (something like ps with the "l" flag should do, but never tested). I've even diagnosed and sent a report to Jeff, we just need to fix it up. It was introduced in the sysrq-t patch - some macros return 0xdeadbeef when SKAS mode is compile-time disabled, and have only a SKAS implementation (which is broken for TT mode but is used there too). Btw, it was not in the first Allan's version that bug, it was introduced later. > EIP: 0073:[<40101e18>] CPU: 0 Not tainted ESP: 007b:bf8cec8c EFLAGS: > 00000246 Not tainted > EAX: ffffffda EBX: 40189880 ECX: ffffffff EDX: 00000000 > ESI: bf8ced38 EDI: 00000000 EBP: bf8cec98 DS: 007b ES: 007b > a09ff800: [<a00395bf>] show_regs+0x1cf/0x1e0 > a09ff828: [<a001d25c>] panic_exit+0x2c/0x50 > a09ff838: [<a00506cd>] notifier_call_chain+0x2d/0x50 > a09ff858: [<a003d922>] panic+0x72/0x110 > a09ff874: [<a0022d1e>] wait_stub_done+0xfe/0x180 > a09ff8f4: [<a0023792>] copy_context_skas0+0x1c2/0x270 > a09ff9d4: [<a0022aac>] init_new_context_skas+0x11c/0x1b0 > a09ffa08: [<a003bf97>] copy_mm+0x367/0x3a0 > a09ffa50: [<a003c969>] copy_process+0x499/0xe60 > a09ffb40: [<a003d39e>] do_fork+0x6e/0x1ca > a09ffbac: [<a001a33b>] sys_fork+0x8b/0xb0 > a09ffbe0: [<a0024512>] handle_syscall+0x112/0x140 > a09ffc5c: [<a0022ed1>] handle_trap+0x31/0x140 > a09ffc84: [<a002357a>] userspace+0x1da/0x230 > a09ffce0: [<a0023f35>] new_thread_handler+0xe5/0x120 > a09ffd20: [<a01cb468>] __restore+0x0/0x8 -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-12-03 3:47 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-11-30 4:20 [uml-devel] 2.6.15-rc2 Michael Richardson 2005-11-30 13:39 ` Rob Landley 2005-11-30 16:34 ` Michael Richardson 2005-11-30 17:27 ` Rob Landley 2005-12-01 16:03 ` [uml-devel] 2.6.15-rc2 Michael Richardson 2005-12-03 3:46 ` Blaisorblade 2005-12-03 3:47 ` [uml-devel] 2.6.15-rc2 Blaisorblade
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.