Re: [Xenomai-core] Kernel crash in xnheap_test_and_free (native/heap.c)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Philippe Gerum <rpm@xenomai.org>
To: rpm@xenomai.org
Cc: xenomai@xenomai.org
Subject: Re: [Xenomai-core] Kernel crash in xnheap_test_and_free	(native/heap.c)
Date: Wed, 18 Mar 2009 23:01:59 +0100	[thread overview]
Message-ID: <49C16F57.8090808@domain.hid> (raw)
In-Reply-To: <49C16D55.1080003@domain.hid>

Philippe Gerum wrote:
> Andreas Glatz wrote:
>> Hi,
>>
>> I got a kernel crash because inside xnheap_test_and_free a 
>> invalid pointer contained in variable 'nextpage' is dereferenced:
>>
> 
> <snip>
> 
> This turned out to be caused by an out-of-bound write triggered by the streaming 
> output service.
> 
> The patch below fixes the issue; it has been committed to both the maintenance 
> (v2.4.x) and development branches.
> 
> Sidenote: your test scenario involves echoing some data to /dev/rtp0 for 
> triggering the issue; this will now work, but you won't get that input available 
> to rt_pipe_read(). In case you wonder why, the reason is that 'echo' will exit 
> immediately after sending the bytes, which will cause the user-space side of the 
> channel to be closed, and the input queue (the one that goes user -> kernel) to 
> be flushed from any pending data.
> 

...unless your polling RT read loop wakes up at the right time and manages to 
preempt the Linux kernel shortly after the echo sent the bytes, in which case 
you will receive the data, but that is obviously not the most frequent situation.

-- 
Philippe.

next prev parent reply	other threads:[~2009-03-18 22:01 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-18 16:31 [Xenomai-core] Kernel crash in xnheap_test_and_free (native/heap.c) Andreas Glatz
2009-03-18 17:04 ` Andreas Glatz
2009-03-18 17:38   ` Philippe Gerum
2009-03-18 21:53 ` Philippe Gerum
2009-03-18 22:01   ` Philippe Gerum [this message]
2009-03-19 13:24     ` Andreas Glatz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49C16F57.8090808@domain.hid \
    --to=rpm@xenomai.org \
    --cc=xenomai@xenomai.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.