From: Dave Jones <davej@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: 3.5-rc6 dentry related GPF
Date: Wed, 11 Jul 2012 15:18:52 -0400 [thread overview]
Message-ID: <20120711191852.GA1016@redhat.com> (raw)
In-Reply-To: <CA+55aFz5E4NMDF+OXDoGkHz2Mr2sBXf6nYcOXomDZHmnUSdWHA@mail.gmail.com>
On Wed, Jul 11, 2012 at 12:10:12PM -0700, Linus Torvalds wrote:
> On Wed, Jul 11, 2012 at 11:32 AM, Dave Jones <davej@redhat.com> wrote:
> >
> > What's puzzling me though is how we got from do_dentry_open to try_module_get ?
>
> It's the
>
> f->f_op = fops_get(inode->i_fop);
>
> that does it.
>
> I have no idea what the actual bug is, though, but the code decodes to
>
> 0: 89 75 f0 mov %esi,-0x10(%rbp)
> 3: 4c 89 7d f8 mov %r15,-0x8(%rbp)
> 7: 66 66 66 66 90 data32 data32 data32 xchg %ax,%ax
> c: b8 01 00 00 00 mov $0x1,%eax
> 11: 48 85 ff test %rdi,%rdi
> 14: 48 89 fb mov %rdi,%rbx
> 17: 74 42 je 0x5b
> 19: 65 48 8b 04 25 b0 c8 mov %gs:0xc8b0,%rax
> 20: 00 00
> 22: 83 80 44 e0 ff ff 01 addl $0x1,-0x1fbc(%rax)
> 29:* 83 3f 02 cmpl $0x2,(%rdi) <-- trapping instruction
> 2c: 0f 84 54 01 00 00 je 0x186
> 32: 48 8b 87 50 02 00 00 mov 0x250(%rdi),%rax
> 39: 65 48 ff 00 incq %gs:(%rax)
>
> where that "cmpl $2" is the "module_is_live(module)" test, as far as I
> can tell. And %rdi should be the module pointer, but it is obviously
> garbage:
>
> rdi = 54415541e5894855
>
> which looks like some odd corrupted ASCII to me ("UH\211\345AUAT") but
> that makes no sense either.
I fixed some really stupid braino in my fuzzer last night, so oopses are
falling out left and right since then. It's probably only a matter of
time before I walk into this again. Perhaps with more data it'll start
to make sense.
Dave
next prev parent reply other threads:[~2012-07-11 19:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-11 18:32 3.5-rc6 dentry related GPF Dave Jones
2012-07-11 19:10 ` Linus Torvalds
2012-07-11 19:18 ` Dave Jones [this message]
2012-07-16 21:32 ` Al Viro
2012-07-16 21:53 ` Dave Jones
2012-07-16 22:27 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120711191852.GA1016@redhat.com \
--to=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.