From: Mark Nelson <markn@au1.ibm.com>
To: "Sachin P. Sant" <sachinp@in.ibm.com>,
Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: linuxppc-dev@ozlabs.org, Jan Kara <jack@suse.cz>,
Jan Kara <jack@ucw.cz>, Mel Gorman <mel@csn.ul.ie>,
linux-kernel <linux-kernel@vger.kernel.org>,
Paul Mackerras <paulus@samba.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-ext4@vger.kernel.org, benh@kernel.crashing.org
Subject: Re: Crash (ext3 ) during 2.6.29-rc6 boot
Date: Wed, 25 Feb 2009 17:52:56 +1100 [thread overview]
Message-ID: <200902251752.56514.markn@au1.ibm.com> (raw)
In-Reply-To: <49A395ED.5030607@in.ibm.com>
On Tue, 24 Feb 2009 05:38:37 pm Sachin P. Sant wrote:
> Jan Kara wrote:
> > Hmm, OK. But then I'm not sure how that can happen. Obviously, memcpy
> > somehow got beyond end of the page referenced by bh->b_data. So it means
> > that le16_to_cpu(entry->e_value_offs) + size > page_size. But
> > ext3_xattr_find_entry() calls ext3_xattr_check_entry() which in
> > particular checks whether e_value_offs + e_value_size isn't greater than
> > bh->b_size. So I see no way how memcpy can get beyond end of the page.
> > Sachin, is the problem reproducible? If yes, can you send us contents
> >
> Yes, i am able to recreate this problem easily. As i had mentioned if the
> earlier kernel is booted with selinux enabled and then 2.6.29-rc6 is booted
> i get this crash. But if i specify selinux=0 at command line, 2.6.29-rc6 boots
> without any problem.
Hi Sanchin and Geert,
Does the patch below fix the problems you're seeing? If it does I'll send
a properly written up and formatted patch to linuxppc-dev (as well as
another one to fix the same problem in copy_tofrom_user()).
Thanks and sorry again!
Mark
---
arch/powerpc/lib/memcpy_64.S | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)
Index: upstream/arch/powerpc/lib/memcpy_64.S
===================================================================
--- upstream.orig/arch/powerpc/lib/memcpy_64.S
+++ upstream/arch/powerpc/lib/memcpy_64.S
@@ -53,18 +53,19 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
3: std r8,8(r3)
beq 3f
addi r3,r3,16
- ld r9,8(r4)
.Ldo_tail:
bf cr7*4+1,1f
- rotldi r9,r9,32
+ lwz r9,8(r4)
+ addi r4,r4,4
stw r9,0(r3)
addi r3,r3,4
1: bf cr7*4+2,2f
- rotldi r9,r9,16
+ lhz r9,8(r4)
+ addi r4,r4,2
sth r9,0(r3)
addi r3,r3,2
2: bf cr7*4+3,3f
- rotldi r9,r9,8
+ lbz r9,8(r4)
stb r9,0(r3)
3: ld r3,48(r1) /* return dest pointer */
blr
@@ -133,11 +134,24 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
cmpwi cr1,r5,8
addi r3,r3,32
sld r9,r9,r10
- ble cr1,.Ldo_tail
+ ble cr1,6f
ld r0,8(r4)
srd r7,r0,r11
or r9,r7,r9
- b .Ldo_tail
+6:
+ bf cr7*4+1,1f
+ rotldi r9,r9,32
+ stw r9,0(r3)
+ addi r3,r3,4
+1: bf cr7*4+2,2f
+ rotldi r9,r9,16
+ sth r9,0(r3)
+ addi r3,r3,2
+2: bf cr7*4+3,3f
+ rotldi r9,r9,8
+ stb r9,0(r3)
+3: ld r3,48(r1) /* return dest pointer */
+ blr
.Ldst_unaligned:
PPC_MTOCRF 0x01,r6 # put #bytes to 8B bdry into cr7
next prev parent reply other threads:[~2009-02-25 6:51 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-23 9:46 Crash (ext3 ) during 2.6.29-rc6 boot Sachin P. Sant
2009-02-23 10:13 ` Andrew Morton
2009-02-23 10:32 ` Paul Mackerras
2009-02-23 10:57 ` Sachin P. Sant
2009-02-23 15:51 ` Jan Kara
2009-02-24 6:38 ` Sachin P. Sant
2009-02-24 15:51 ` Jan Kara
2009-02-25 1:20 ` Mark Nelson
2009-02-25 6:52 ` Mark Nelson [this message]
2009-02-25 9:50 ` Geert Uytterhoeven
2009-02-25 12:10 ` Mark Nelson
2009-02-25 13:31 ` Geert Uytterhoeven
2009-02-25 22:45 ` Mark Nelson
2009-02-25 23:20 ` Mark Nelson
2009-02-26 17:40 ` Geert Uytterhoeven
2009-02-25 11:08 ` Sachin P. Sant
2009-02-25 12:13 ` Mark Nelson
2009-02-25 23:26 ` [PATCH] powerpc: Fix 64bit memcpy() regression Mark Nelson
2009-02-25 23:46 ` [PATCH] powerpc: Fix 64bit __copy_tofrom_user() regression Mark Nelson
2009-02-24 18:01 ` Crash (ext3 ) during 2.6.29-rc6 boot Geert Uytterhoeven
2009-02-25 1:27 ` Mark Nelson
2009-02-25 10:50 ` Geert Uytterhoeven
2009-02-23 10:48 ` Sachin P. Sant
2009-02-24 16:14 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200902251752.56514.markn@au1.ibm.com \
--to=markn@au1.ibm.com \
--cc=Geert.Uytterhoeven@sonycom.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=jack@suse.cz \
--cc=jack@ucw.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mel@csn.ul.ie \
--cc=paulus@samba.org \
--cc=sachinp@in.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).