From: arno@natisbad.org (Arnaud Ebalard)
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: commit c7314d74fcb0
Date: Mon, 20 Jan 2014 18:56:58 +0100 [thread overview]
Message-ID: <87zjmqbkph.fsf@natisbad.org> (raw)
In-Reply-To: 20140119214951.GP10323@ZenIV.linux.org.uk
Hi Al,
Al Viro <viro@ZenIV.linux.org.uk> writes:
> The whole image would be an overkill, but System.map and disassembly of
> __fput would be useful... The thing is, delayed_fput() does this:
> for (; node; node = next) {
> next = llist_next(node);
> __fput(llist_entry(node, struct file, f_u.fu_llist));
> }
> and llist_entry() here is just a cast - f_u.fu_list is at offset zero.
> So to get NULL passed to __fput() here you'd need node == NULL. Even
> unmapped address that has escaped the loop condition would've oopsed
> before reaching __fput() - we *do* fetch node->next (i.e.
> file->f_u.fu_list.next) before going into __fput(); that isn't going
> to be reordered away.
>
> Besides, f_mode is quite a bit into struct file and dereferencing has
> happened at address 0, unless I'm misreading that oops...
No, I guess you are right.
System.map file is available here: http://natisbad.org/System.map. A
disassembly of __fput() and delayed_fput() is inlined below. Note:
kernel is compiled with LOADADDR set to 0x8000.
__fput() (via arm-linux-gnueabi-objdump -S -EL -D -b binary -m arm
--start-address=0x000838a4 --stop-address=0x83a94 Image):
000838a4 <.data+0x838a4>:
838a4: e92d4ff0 push {r4, r5, r6, r7, r8, r9, sl, fp, lr}
838a8: e1a06000 mov r6, r0
838ac: e24dd00c sub sp, sp, #12
838b0: e590700c ldr r7, [r0, #12]
838b4: e5908008 ldr r8, [r0, #8]
838b8: e5904010 ldr r4, [r0, #16]
838bc: eb132240 bl 0x54c1c4
838c0: e5965010 ldr r5, [r6, #16]
838c4: e5963020 ldr r3, [r6, #32]
838c8: e1d520b0 ldrh r2, [r5]
838cc: e3130002 tst r3, #2
838d0: e2022a0f and r2, r2, #61440 ; 0xf000
838d4: 03a0a010 moveq sl, #16
838d8: 13a0a008 movne sl, #8
838dc: e3520901 cmp r2, #16384 ; 0x4000
838e0: 038aa101 orreq sl, sl, #1073741824 ; 0x40000000
838e4: e2139401 ands r9, r3, #16777216 ; 0x1000000
838e8: 0a000046 beq 0x83a08
838ec: e5962074 ldr r2, [r6, #116] ; 0x74
838f0: e2863074 add r3, r6, #116 ; 0x74
838f4: e1520003 cmp r2, r3
838f8: 1a000058 bne 0x83a60
838fc: e1a00006 mov r0, r6
83900: eb00f5b3 bl 0xc0fd4
83904: e596301c ldr r3, [r6, #28]
83908: e3130a02 tst r3, #8192 ; 0x2000
8390c: e5963014 ldr r3, [r6, #20]
83910: 1a000049 bne 0x83a3c
83914: e5933034 ldr r3, [r3, #52] ; 0x34
83918: e3530000 cmp r3, #0
8391c: 0a000002 beq 0x8392c
83920: e1a00004 mov r0, r4
83924: e1a01006 mov r1, r6
83928: e12fff33 blx r3
8392c: e1d430b0 ldrh r3, [r4]
83930: e2033a0f and r3, r3, #61440 ; 0xf000
83934: e3530a02 cmp r3, #8192 ; 0x2000
83938: 0a00004b beq 0x83a6c
8393c: e5963014 ldr r3, [r6, #20]
83940: e3530000 cmp r3, #0
83944: 0a000001 beq 0x83950
83948: e5930000 ldr r0, [r3]
8394c: ebff1733 bl 0x49620
83950: e5960030 ldr r0, [r6, #48] ; 0x30
83954: ebfe8f2a bl 0x27604
83958: e5963020 ldr r3, [r6, #32]
8395c: e3130002 tst r3, #2
83960: 1a000013 bne 0x839b4
83964: e3a03000 mov r3, #0
83968: e586300c str r3, [r6, #12]
8396c: e5863008 str r3, [r6, #8]
83970: e5863010 str r3, [r6, #16]
83974: e59f1110 ldr r1, [pc, #272] ; 0x83a8c
83978: e3e04000 mvn r4, #0
8397c: e3e05000 mvn r5, #0
83980: e1c120d0 ldrd r2, [r1]
83984: e0922004 adds r2, r2, r4
83988: e0a33005 adc r3, r3, r5
8398c: e1c120f0 strd r2, [r1]
83990: e59f10f8 ldr r1, [pc, #248] ; 0x83a90
83994: e1a00006 mov r0, r6
83998: ebfee9d7 bl 0x3e0fc
8399c: e1a00007 mov r0, r7
839a0: eb004756 bl 0x95700
839a4: e1a00008 mov r0, r8
839a8: e28dd00c add sp, sp, #12
839ac: e8bd4ff0 pop {r4, r5, r6, r7, r8, r9, sl, fp, lr}
839b0: ea005ea3 b 0x9b444
839b4: e596300c ldr r3, [r6, #12]
839b8: e5960008 ldr r0, [r6, #8]
839bc: e5933028 ldr r3, [r3, #40] ; 0x28
839c0: e28320b0 add r2, r3, #176 ; 0xb0
839c4: f5d2f000 pld [r2]
839c8: e1921f9f ldrex r1, [r2]
839cc: e2411001 sub r1, r1, #1
839d0: e182cf91 strex ip, r1, [r2]
839d4: e33c0000 teq ip, #0
839d8: 1afffffa bne 0x839c8
839dc: e1d330b0 ldrh r3, [r3]
839e0: e2032a0b and r2, r3, #45056 ; 0xb000
839e4: e3520a02 cmp r2, #8192 ; 0x2000
839e8: 0affffdd beq 0x83964
839ec: e2033a0f and r3, r3, #61440 ; 0xf000
839f0: e3530a01 cmp r3, #4096 ; 0x1000
839f4: 0affffda beq 0x83964
839f8: e3530903 cmp r3, #49152 ; 0xc000
839fc: 0affffd8 beq 0x83964
83a00: eb005fdc bl 0x9b978
83a04: eaffffd6 b 0x83964
83a08: e286b008 add fp, r6, #8
83a0c: e596100c ldr r1, [r6, #12]
83a10: e1a0200a mov r2, sl
83a14: e1a0000b mov r0, fp
83a18: eb00ca6e bl 0xb63d8
83a1c: e58d9000 str r9, [sp]
83a20: e58d9004 str r9, [sp, #4]
83a24: e1a00005 mov r0, r5
83a28: e1a0100a mov r1, sl
83a2c: e1a0200b mov r2, fp
83a30: e3a03001 mov r3, #1
83a34: eb00c98c bl 0xb606c
83a38: eaffffab b 0x838ec
83a3c: e593c040 ldr ip, [r3, #64] ; 0x40
83a40: e35c0000 cmp ip, #0
83a44: 0affffb2 beq 0x83914
83a48: e3e00000 mvn r0, #0
83a4c: e1a01006 mov r1, r6
83a50: e3a02000 mov r2, #0
83a54: e12fff3c blx ip
83a58: e5963014 ldr r3, [r6, #20]
83a5c: eaffffac b 0x83914
83a60: e1a00006 mov r0, r6
83a64: eb00d816 bl 0xb9ac4
83a68: eaffffa3 b 0x838fc
83a6c: e5940118 ldr r0, [r4, #280] ; 0x118
83a70: e3500000 cmp r0, #0
83a74: 0affffb0 beq 0x8393c
83a78: e5963020 ldr r3, [r6, #32]
83a7c: e3130901 tst r3, #16384 ; 0x4000
83a80: 1affffad bne 0x8393c
83a84: eb0008bd bl 0x85d80
83a88: eaffffab b 0x8393c
83a8c: c07eb4c0 rsbsgt fp, lr, r0, asr #9
83a90: c008b860 andgt fp, r8, r0, ror #16
delayed_fput() (via arm-linux-gnueabi-objdump -S -EL -D -b binary -m arm
--start-address=0x83a94 --stop-address=0x83ad0 Image):
00083a94 <.data+0x83a94>:
83a94: e92d4010 push {r4, lr}
83a98: e59f202c ldr r2, [pc, #44] ; 0x83acc
83a9c: e3a03000 mov r3, #0
83aa0: e1920f9f ldrex r0, [r2]
83aa4: e1821f93 strex r1, r3, [r2]
83aa8: e3310000 teq r1, #0
83aac: 1afffffb bne 0x83aa0
83ab0: e3500000 cmp r0, #0
83ab4: 08bd8010 popeq {r4, pc}
83ab8: e5904000 ldr r4, [r0]
83abc: ebffff78 bl 0x838a4
83ac0: e2540000 subs r0, r4, #0
83ac4: 1afffffb bne 0x83ab8
83ac8: e8bd8010 pop {r4, pc}
83acc: c07eb4c8 rsbsgt fp, lr, r8, asr #9
Cheers,
a+
prev parent reply other threads:[~2014-01-20 17:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-19 20:50 commit c7314d74fcb0 Arnaud Ebalard
2014-01-19 21:49 ` Al Viro
2014-01-20 17:56 ` Arnaud Ebalard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zjmqbkph.fsf@natisbad.org \
--to=arno@natisbad.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.