From: Rik van Riel <riel@redhat.com>
To: Li Zefan <lizefan@huawei.com>
Cc: Dave Jones <davej@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel <linux-kernel@vger.kernel.org>,
davidlohr.bueso@hp.com, viro@zeniv.linux.org.uk,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: SHM oops in newseg()
Date: Thu, 09 May 2013 10:43:06 -0400 [thread overview]
Message-ID: <518BB5FA.5080301@redhat.com> (raw)
In-Reply-To: <518B4B5F.9040900@huawei.com>
On 05/09/2013 03:08 AM, Li Zefan wrote:
> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
>
> On 2013/5/9 12:35, Dave Jones wrote:
>> Just saw this on v3.9-11789-ge0fd9af while fuzz-testing.
>>
>> [ 163.917836] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
>> [ 163.918984] IP: [<ffffffff812c48ed>] newseg+0x10d/0x390
>
> The patch below should fix it.
>
> ===========================
>
> [PATCH] shm: fix null pointer deref when userspace specifies invalid hugepage size
>
> Dave reported an oops triggered by trinity:
>
> [ 163.917836] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> [ 163.918984] IP: [<ffffffff812c48ed>] newseg+0x10d/0x390
> [ 163.919705] PGD cf8c1067 PUD cf8c2067 PMD 0
> [ 163.920326] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
> [ 163.929949] CPU: 2 PID: 7636 Comm: trinity-child2 Not tainted 3.9.0+#67
> ...
> [ 163.953629] Call Trace:
> [ 163.957706] [<ffffffff812be322>] ipcget+0x182/0x380
> [ 163.962123] [<ffffffff810b99a5>] ?trace_hardirqs_on_caller+0x115/0x1e0
> [ 163.966752] [<ffffffff812c559a>] SyS_shmget+0x5a/0x60
> [ 163.971163] [<ffffffff812c47e0>] ? shm_close+0x140/0x140
> [ 163.975590] [<ffffffff812c3e60>] ? shm_release+0x50/0x50
> [ 163.979991] [<ffffffff812c3df0>] ? shm_get_unmapped_area+0x20/0x20
> [ 163.984499] [<ffffffff816caa14>] tracesys+0xdd/0xe2
>
> This bug was introduced by commit af73e4d9506d3b797509f3c030e7dcd554f7d9c4
> ("hugetlbfs: fix mmap failure in unaligned size request").
>
> Reported-by: Dave Jones <davej@redhat.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Li Zefan <lizfan@huawei.com>
Acked-by: Rik van Riel <riel@redhat.com>
next prev parent reply other threads:[~2013-05-09 14:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-09 4:35 SHM oops in newseg() Dave Jones
2013-05-09 7:08 ` Li Zefan
2013-05-09 14:42 ` Naoya Horiguchi
2013-05-09 14:43 ` Rik van Riel [this message]
2013-05-09 17:11 ` Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=518BB5FA.5080301@redhat.com \
--to=riel@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=davidlohr.bueso@hp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.