From: Al Viro <viro@ZenIV.linux.org.uk>
To: Scott Wood <scottwood@freescale.com>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
LinuxPPC-dev <linuxppc-dev@lists.ozlabs.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
BOUET Serge <serge.bouet@c-s.fr>,
BARABAN Luc <luc.baraban@c-s.fr>
Subject: Re: Recurring Oops in link_path_walk()
Date: Fri, 20 Nov 2015 21:17:46 +0000 [thread overview]
Message-ID: <20151120211745.GN22011@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1448045920.27264.207.camel@freescale.com>
On Fri, Nov 20, 2015 at 12:58:40PM -0600, Scott Wood wrote:
> > Looks like garbage in dentry->d_inode, assuming that reconstruction of
> > the mapping of line numbers to addresses is correct... Not sure it is,
> > though; what's more, just how does LR manage to point to the insn right
> > after the call of dput(), of all things?
>
> When "bl dput" is executed, LR gets set to the instruction after the bl.
> After dput returns, LR still has that value. Presumably the call to mntput
> was skipped via the beq. Nothing else modifies LR between the dput return and
> the faulting address.
OK, AFAICS it's this:
604) do {
605) struct path link = *path;
606) void *cookie;
607)
608) res = follow_link(&link, nd, &cookie);
609) if (res)
610) break;
611) res = walk_component(nd, path, LOOKUP_FOLLOW);
612) put_link(nd, &link, cookie);
and we are seeing assorted garbage as link.dentry->d_inode at put_link()
call. What's really interesting, follow_link() has return 0, which means
that it must have passed through
849) *p = dentry->d_inode->i_op->follow_link(dentry, nd);
with
825) struct dentry *dentry = link->dentry;
upstream of that and link as seen by follow_link() is &link as seen by
caller (nested_symlink()); IOW, at that point link.dentry->d_inode used to
be a valid pointer.
Do you have something resembling a reproducer or a chance to get a crash
dump at that point?
next prev parent reply other threads:[~2015-11-20 21:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 17:07 Recurring Oops in link_path_walk() Christophe Leroy
2015-11-20 17:56 ` Al Viro
2015-11-20 18:58 ` Scott Wood
2015-11-20 21:17 ` Al Viro [this message]
2015-11-21 10:37 ` christophe leroy
2015-11-21 10:37 ` christophe leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151120211745.GN22011@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=christophe.leroy@c-s.fr \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luc.baraban@c-s.fr \
--cc=scottwood@freescale.com \
--cc=serge.bouet@c-s.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.