From: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
To: Arjan van de Ven <arjan@linux.intel.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
linux-next@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
linuxppc-dev@ozlabs.org, mingo@elte.hu,
Andy Whitcroft <apw@shadowen.org>
Subject: Re: [BUG] linux-next: Tree for August 26 - Badness at kernel/notifier.c:25
Date: Wed, 27 Aug 2008 16:42:21 +0530 [thread overview]
Message-ID: <48B53695.3020703@linux.vnet.ibm.com> (raw)
In-Reply-To: <48B46610.1010809@linux.intel.com>
Arjan van de Ven wrote:
> Kamalesh Babulal wrote:
>> Hi Stephen,
>>
>> Badness warning is seen, while booting up the next-20080825/26 kernels on
>> the powerpc boxes
>>
>
> this is fixed in the patch I sent to Ingo earlier today
> (attached again for reference)
>
>
> ------------------------------------------------------------------------
>
> From eafa461d187448998b1f66c9134e66b125db9531 Mon Sep 17 00:00:00 2001
> From: Arjan van de Ven <arjan@linux.intel.com>
> Date: Tue, 26 Aug 2008 09:01:06 -0700
> Subject: [PATCH] debug: add notifier chain debugging
>
> during some development we suspected a case where we left something
> in a notifier chain that was from a module that was unloaded already...
> and that sort of thing is rather hard to track down.
>
> This patch adds a very simple sanity check (which isn't all that
> expensive) to make sure the notifier we're about to call is
> actually from either the kernel itself of from a still-loaded
> module, avoiding a hard-to-chase-down crash.
>
> Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
> Acked-by: Tony Luck <tony.luck@intel.com>
> ---
> include/linux/kernel.h | 3 +++
> kernel/extable.c | 16 ++++++++++++++++
> kernel/notifier.c | 6 ++++++
> lib/vsprintf.c | 2 +-
> 4 files changed, 26 insertions(+), 1 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 2651f80..4e1366b 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -187,6 +187,9 @@ extern unsigned long long memparse(char *ptr, char **retptr);
> extern int core_kernel_text(unsigned long addr);
> extern int __kernel_text_address(unsigned long addr);
> extern int kernel_text_address(unsigned long addr);
> +extern int func_ptr_is_kernel_text(void *ptr);
> +extern void *dereference_function_descriptor(void *ptr);
> +
> struct pid;
> extern struct pid *session_of_pgrp(struct pid *pgrp);
>
> diff --git a/kernel/extable.c b/kernel/extable.c
> index a26cb2e..adf0cc9 100644
> --- a/kernel/extable.c
> +++ b/kernel/extable.c
> @@ -66,3 +66,19 @@ int kernel_text_address(unsigned long addr)
> return 1;
> return module_text_address(addr) != NULL;
> }
> +
> +/*
> + * On some architectures (PPC64, IA64) function pointers
> + * are actually only tokens to some data that then holds the
> + * real function address. As a result, to find if a function
> + * pointer is part of the kernel text, we need to do some
> + * special dereferencing first.
> + */
> +int func_ptr_is_kernel_text(void *ptr)
> +{
> + unsigned long addr;
> + addr = (unsigned long) dereference_function_descriptor(ptr);
> + if (core_kernel_text(addr))
> + return 1;
> + return module_text_address(addr) != NULL;
> +}
> diff --git a/kernel/notifier.c b/kernel/notifier.c
> index 823be11..522277c 100644
> --- a/kernel/notifier.c
> +++ b/kernel/notifier.c
> @@ -82,6 +82,12 @@ static int __kprobes notifier_call_chain(struct notifier_block **nl,
>
> while (nb && nr_to_call) {
> next_nb = rcu_dereference(nb->next);
> + if (!func_ptr_is_kernel_text(nb->notifier_call)) {
> + WARN(1, "Invalid notifier called!");
> + nb = next_nb;
> + continue;
> + }
> +
> ret = nb->notifier_call(nb, val, v);
>
> if (nr_calls)
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index d8d1d11..f5e5ffb 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -513,7 +513,7 @@ static char *string(char *buf, char *end, char *s, int field_width, int precisio
> return buf;
> }
>
> -static inline void *dereference_function_descriptor(void *ptr)
> +void *dereference_function_descriptor(void *ptr)
> {
> #if defined(CONFIG_IA64) || defined(CONFIG_PPC64)
> void *p;
Thanks for reference of the patch, After replacing the patch with the latest
one above on the powerpc, the warning still remains
Badness at kernel/notifier.c:86
NIP: c000000000081470 LR: c000000000081494 CTR: c00000000005a2d0
REGS: c0000021ce0bfaf0 TRAP: 0700 Not tainted (2.6.27-rc4-next-20080826-autotest)
MSR: 8000000000029032 <EE,ME,IR,DR> CR: 24008042 XER: 00000005
TASK = c0000015de080000[1] 'swapper' THREAD: c0000021ce0bc000 CPU: 0
GPR00: c000000000081494 c0000021ce0bfd70 c00000000081e940 c000000000749c38
GPR04: 0000000000000003 0000000000000001 ffffffffffffffff c0000021ce0bfe90
GPR08: ffffffffffffffff ffffffffffffffff c0000000004fd9f0 c0000000004fd9f0
GPR12: 0000000024000042 c00000000089c300 0000000002307ef0 c0000000006332a0
GPR16: c000000000631f28 c000000000633388 00000000018bf8b0 0000000002700000
GPR20: c00000000070b07c c000000000707ef0 c000000000708160 c000000000631c58
GPR24: 0000000000000003 0000000000000001 c0000021ce0bfe90 0000000000000000
GPR28: ffffffffffffffff c000000000749c20 c0000000007bf338 c000000000749c38
NIP [c000000000081470] .notifier_call_chain+0x70/0x140
LR [c000000000081494] .notifier_call_chain+0x94/0x140
Call Trace:
[c0000021ce0bfd70] [c000000000081494] .notifier_call_chain+0x94/0x140 (unreliable)
[c0000021ce0bfe20] [c0000000004fe3fc] .cpu_up+0x10c/0x200
[c0000021ce0bfee0] [c0000000006cdcc0] .kernel_init+0x1b0/0x440
[c0000021ce0bff90] [c0000000000299cc] .kernel_thread+0x4c/0x68
Instruction dump:
e8630000 2fa30000 419e00f0 2fa60000 419e00e8 2e270000 7c7f1b78 3b600000
48000028 60000000 60000000 60000000 <0fe00000> 2fbd0000 2f3c0000 7fbfeb78
--
Thanks & Regards,
Kamalesh Babulal,
Linux Technology Center,
IBM, ISTL.
WARNING: multiple messages have this Message-ID (diff)
From: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
To: Arjan van de Ven <arjan@linux.intel.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
LKML <linux-kernel@vger.kernel.org>,
linuxppc-dev@ozlabs.org, linux-next@vger.kernel.org,
mingo@elte.hu
Subject: Re: [BUG] linux-next: Tree for August 26 - Badness at kernel/notifier.c:25
Date: Wed, 27 Aug 2008 16:42:21 +0530 [thread overview]
Message-ID: <48B53695.3020703@linux.vnet.ibm.com> (raw)
In-Reply-To: <48B46610.1010809@linux.intel.com>
Arjan van de Ven wrote:
> Kamalesh Babulal wrote:
>> Hi Stephen,
>>
>> Badness warning is seen, while booting up the next-20080825/26 kernels on
>> the powerpc boxes
>>
>
> this is fixed in the patch I sent to Ingo earlier today
> (attached again for reference)
>
>
> ------------------------------------------------------------------------
>
> From eafa461d187448998b1f66c9134e66b125db9531 Mon Sep 17 00:00:00 2001
> From: Arjan van de Ven <arjan@linux.intel.com>
> Date: Tue, 26 Aug 2008 09:01:06 -0700
> Subject: [PATCH] debug: add notifier chain debugging
>
> during some development we suspected a case where we left something
> in a notifier chain that was from a module that was unloaded already...
> and that sort of thing is rather hard to track down.
>
> This patch adds a very simple sanity check (which isn't all that
> expensive) to make sure the notifier we're about to call is
> actually from either the kernel itself of from a still-loaded
> module, avoiding a hard-to-chase-down crash.
>
> Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
> Acked-by: Tony Luck <tony.luck@intel.com>
> ---
> include/linux/kernel.h | 3 +++
> kernel/extable.c | 16 ++++++++++++++++
> kernel/notifier.c | 6 ++++++
> lib/vsprintf.c | 2 +-
> 4 files changed, 26 insertions(+), 1 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 2651f80..4e1366b 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -187,6 +187,9 @@ extern unsigned long long memparse(char *ptr, char **retptr);
> extern int core_kernel_text(unsigned long addr);
> extern int __kernel_text_address(unsigned long addr);
> extern int kernel_text_address(unsigned long addr);
> +extern int func_ptr_is_kernel_text(void *ptr);
> +extern void *dereference_function_descriptor(void *ptr);
> +
> struct pid;
> extern struct pid *session_of_pgrp(struct pid *pgrp);
>
> diff --git a/kernel/extable.c b/kernel/extable.c
> index a26cb2e..adf0cc9 100644
> --- a/kernel/extable.c
> +++ b/kernel/extable.c
> @@ -66,3 +66,19 @@ int kernel_text_address(unsigned long addr)
> return 1;
> return module_text_address(addr) != NULL;
> }
> +
> +/*
> + * On some architectures (PPC64, IA64) function pointers
> + * are actually only tokens to some data that then holds the
> + * real function address. As a result, to find if a function
> + * pointer is part of the kernel text, we need to do some
> + * special dereferencing first.
> + */
> +int func_ptr_is_kernel_text(void *ptr)
> +{
> + unsigned long addr;
> + addr = (unsigned long) dereference_function_descriptor(ptr);
> + if (core_kernel_text(addr))
> + return 1;
> + return module_text_address(addr) != NULL;
> +}
> diff --git a/kernel/notifier.c b/kernel/notifier.c
> index 823be11..522277c 100644
> --- a/kernel/notifier.c
> +++ b/kernel/notifier.c
> @@ -82,6 +82,12 @@ static int __kprobes notifier_call_chain(struct notifier_block **nl,
>
> while (nb && nr_to_call) {
> next_nb = rcu_dereference(nb->next);
> + if (!func_ptr_is_kernel_text(nb->notifier_call)) {
> + WARN(1, "Invalid notifier called!");
> + nb = next_nb;
> + continue;
> + }
> +
> ret = nb->notifier_call(nb, val, v);
>
> if (nr_calls)
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index d8d1d11..f5e5ffb 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -513,7 +513,7 @@ static char *string(char *buf, char *end, char *s, int field_width, int precisio
> return buf;
> }
>
> -static inline void *dereference_function_descriptor(void *ptr)
> +void *dereference_function_descriptor(void *ptr)
> {
> #if defined(CONFIG_IA64) || defined(CONFIG_PPC64)
> void *p;
Thanks for reference of the patch, After replacing the patch with the latest
one above on the powerpc, the warning still remains
Badness at kernel/notifier.c:86
NIP: c000000000081470 LR: c000000000081494 CTR: c00000000005a2d0
REGS: c0000021ce0bfaf0 TRAP: 0700 Not tainted (2.6.27-rc4-next-20080826-autotest)
MSR: 8000000000029032 <EE,ME,IR,DR> CR: 24008042 XER: 00000005
TASK = c0000015de080000[1] 'swapper' THREAD: c0000021ce0bc000 CPU: 0
GPR00: c000000000081494 c0000021ce0bfd70 c00000000081e940 c000000000749c38
GPR04: 0000000000000003 0000000000000001 ffffffffffffffff c0000021ce0bfe90
GPR08: ffffffffffffffff ffffffffffffffff c0000000004fd9f0 c0000000004fd9f0
GPR12: 0000000024000042 c00000000089c300 0000000002307ef0 c0000000006332a0
GPR16: c000000000631f28 c000000000633388 00000000018bf8b0 0000000002700000
GPR20: c00000000070b07c c000000000707ef0 c000000000708160 c000000000631c58
GPR24: 0000000000000003 0000000000000001 c0000021ce0bfe90 0000000000000000
GPR28: ffffffffffffffff c000000000749c20 c0000000007bf338 c000000000749c38
NIP [c000000000081470] .notifier_call_chain+0x70/0x140
LR [c000000000081494] .notifier_call_chain+0x94/0x140
Call Trace:
[c0000021ce0bfd70] [c000000000081494] .notifier_call_chain+0x94/0x140 (unreliable)
[c0000021ce0bfe20] [c0000000004fe3fc] .cpu_up+0x10c/0x200
[c0000021ce0bfee0] [c0000000006cdcc0] .kernel_init+0x1b0/0x440
[c0000021ce0bff90] [c0000000000299cc] .kernel_thread+0x4c/0x68
Instruction dump:
e8630000 2fa30000 419e00f0 2fa60000 419e00e8 2e270000 7c7f1b78 3b600000
48000028 60000000 60000000 60000000 <0fe00000> 2fbd0000 2f3c0000 7fbfeb78
--
Thanks & Regards,
Kamalesh Babulal,
Linux Technology Center,
IBM, ISTL.
next prev parent reply other threads:[~2008-08-27 11:12 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-26 8:40 linux-next: Tree for August 26 Stephen Rothwell
2008-08-26 18:27 ` [BUG] linux-next: Tree for August 26 - Badness at kernel/notifier.c:25 Kamalesh Babulal
2008-08-26 18:27 ` Kamalesh Babulal
2008-08-26 20:22 ` Arjan van de Ven
2008-08-26 20:22 ` Arjan van de Ven
2008-08-27 11:12 ` Kamalesh Babulal [this message]
2008-08-27 11:12 ` Kamalesh Babulal
2008-08-27 13:48 ` Arjan van de Ven
2008-08-27 13:48 ` Arjan van de Ven
2008-08-27 14:33 ` Stephen Rothwell
2008-08-27 14:33 ` Stephen Rothwell
2008-08-27 14:38 ` Stephen Rothwell
2008-08-27 14:38 ` Stephen Rothwell
2008-08-28 14:23 ` David Woodhouse
2008-08-28 14:23 ` David Woodhouse
2008-08-28 14:55 ` David Woodhouse
2008-08-28 14:55 ` David Woodhouse
2008-08-28 17:14 ` Milton Miller
2008-08-28 17:14 ` Milton Miller
2008-08-27 17:52 ` Kamalesh Babulal
2008-08-27 17:52 ` Kamalesh Babulal
2008-08-26 23:49 ` [PATCH -next] net: fix compilation NG when !CONFIG_MODULE Hiroshi Shimamoto
2008-08-26 23:56 ` [PATCH -next] initramfs: fix compilation warning Hiroshi Shimamoto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48B53695.3020703@linux.vnet.ibm.com \
--to=kamalesh@linux.vnet.ibm.com \
--cc=apw@shadowen.org \
--cc=arjan@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mingo@elte.hu \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.