From: Dave Chinner <david@fromorbit.com>
To: Andrea Gelmini <andrea.gelmini@gelma.net>
Cc: linux-kernel@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0
Date: Tue, 15 Dec 2015 08:22:20 +1100 [thread overview]
Message-ID: <20151214212220.GO26718@dastard> (raw)
In-Reply-To: <20151214201526.GA25152@glen>
On Mon, Dec 14, 2015 at 09:15:26PM +0100, Andrea Gelmini wrote:
> On Tue, Dec 15, 2015 at 06:54:22AM +1100, Dave Chinner wrote:
> > What line of code does this address correspond to in your kernel?
> >
> > xfs_iflush_cluster+0x9d7
>
> gelma@glen:~/dev/kernel/v4.4.x$ git grep -Iin xfs_iflush_cluster
> fs/xfs/xfs_inode.c:3179:xfs_iflush_cluster(
> fs/xfs/xfs_inode.c:3414: error = xfs_iflush_cluster(ip, bp);
If that was what I needed, I wouldn't have needed to ask. :/
I need the translation of the memory address to line number, not the
line number of function call. This requires translation from your
built kernel object file. e.g. on a kernel I just built:
$ gdb vmlinux
....
(gdb) l *(xfs_iflush_cluster+0x9d7)
0xffffffff814df647 is in xfs_bulkstat_one_int (fs/xfs/xfs_itable.c:110).
105 buf->bs_dmevmask = dic->di_dmevmask;
106 buf->bs_dmstate = dic->di_dmstate;
107 buf->bs_aextents = dic->di_anextents;
108 buf->bs_forkoff = XFS_IFORK_BOFF(ip);
109
110 switch (dic->di_format) {
111 case XFS_DINODE_FMT_DEV:
112 buf->bs_rdev = ip->i_df.if_u2.if_rdev;
113 buf->bs_blksize = BLKDEV_IOSIZE;
114 buf->bs_blocks = 0;
That's clearly not code in xfs_iflush_cluster() or any function that
xfs_iflush_cluster() calls. Indeed, xfs_iflush_cluster() is only
0x411 bytes long on that kernel, so there's more than 2x the amount
of code in that function in your instrumented kernel than mine.
Hence I need the address-to-line number translation from your kernel
to tell me what line of code is being tripped over.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
WARNING: multiple messages have this Message-ID (diff)
From: Dave Chinner <david@fromorbit.com>
To: Andrea Gelmini <andrea.gelmini@gelma.net>
Cc: linux-kernel@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0
Date: Tue, 15 Dec 2015 08:22:20 +1100 [thread overview]
Message-ID: <20151214212220.GO26718@dastard> (raw)
In-Reply-To: <20151214201526.GA25152@glen>
On Mon, Dec 14, 2015 at 09:15:26PM +0100, Andrea Gelmini wrote:
> On Tue, Dec 15, 2015 at 06:54:22AM +1100, Dave Chinner wrote:
> > What line of code does this address correspond to in your kernel?
> >
> > xfs_iflush_cluster+0x9d7
>
> gelma@glen:~/dev/kernel/v4.4.x$ git grep -Iin xfs_iflush_cluster
> fs/xfs/xfs_inode.c:3179:xfs_iflush_cluster(
> fs/xfs/xfs_inode.c:3414: error = xfs_iflush_cluster(ip, bp);
If that was what I needed, I wouldn't have needed to ask. :/
I need the translation of the memory address to line number, not the
line number of function call. This requires translation from your
built kernel object file. e.g. on a kernel I just built:
$ gdb vmlinux
....
(gdb) l *(xfs_iflush_cluster+0x9d7)
0xffffffff814df647 is in xfs_bulkstat_one_int (fs/xfs/xfs_itable.c:110).
105 buf->bs_dmevmask = dic->di_dmevmask;
106 buf->bs_dmstate = dic->di_dmstate;
107 buf->bs_aextents = dic->di_anextents;
108 buf->bs_forkoff = XFS_IFORK_BOFF(ip);
109
110 switch (dic->di_format) {
111 case XFS_DINODE_FMT_DEV:
112 buf->bs_rdev = ip->i_df.if_u2.if_rdev;
113 buf->bs_blksize = BLKDEV_IOSIZE;
114 buf->bs_blocks = 0;
That's clearly not code in xfs_iflush_cluster() or any function that
xfs_iflush_cluster() calls. Indeed, xfs_iflush_cluster() is only
0x411 bytes long on that kernel, so there's more than 2x the amount
of code in that function in your instrumented kernel than mine.
Hence I need the address-to-line number translation from your kernel
to tell me what line of code is being tripped over.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2015-12-14 21:22 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-14 18:00 BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0 Andrea Gelmini
2015-12-14 18:00 ` Andrea Gelmini
2015-12-14 19:54 ` Dave Chinner
2015-12-14 19:54 ` Dave Chinner
2015-12-14 20:15 ` Andrea Gelmini
2015-12-14 20:15 ` Andrea Gelmini
2015-12-14 21:22 ` Dave Chinner [this message]
2015-12-14 21:22 ` Dave Chinner
2015-12-15 9:11 ` Andrea Gelmini
2015-12-15 9:11 ` Andrea Gelmini
2016-01-03 20:47 ` Dave Chinner
2016-01-03 20:47 ` Dave Chinner
2016-01-04 14:12 ` Andrea Gelmini
2016-01-04 14:12 ` Andrea Gelmini
2016-01-05 16:30 ` Andrea Gelmini
2016-01-05 16:30 ` Andrea Gelmini
2016-01-05 20:58 ` Dave Chinner
2016-01-05 20:58 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151214212220.GO26718@dastard \
--to=david@fromorbit.com \
--cc=andrea.gelmini@gelma.net \
--cc=linux-kernel@vger.kernel.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.