From: Ralf Baechle <ralf@linux-mips.org>
To: Bharat Bhushan <bharat.76@gmail.com>
Cc: linux-mips@linux-mips.org
Subject: Re: Stack frame for netlink_broadcast
Date: Mon, 16 May 2011 14:37:19 +0100 [thread overview]
Message-ID: <20110516133719.GA13589@linux-mips.org> (raw)
In-Reply-To: <BANLkTikzAjpOL1GwTw9JQFV3z9G3kRJ=1g@mail.gmail.com>
On Mon, May 16, 2011 at 02:34:46PM +0530, Bharat Bhushan wrote:
> I am using linux kernel version 2.6.16.51 MIPS port.
>
> I see the crash while using netlink_broadcast from kernel module.
>
> CPU 0 Unable to handle kernel paging request at virtual address
> 00000000, epc == 8011c1c8, ra == 80120950
> Oops[#1]:
> Cpu 0
> $ 0 : 00000000 50104c00 00000000 804008c0
> $ 4 : 803841a0 00000000 00000001 00000000
> $ 8 : 40000000 00000000 00000000 00000000
> $12 : 00000000 00000001 8093bfff 00000002
> $16 : 81201480 8120193c 8a69e018 881e1b80
> $20 : 8ba5a520 00000001 80412d34 00000000
> $24 : 00000000 80343f04
> $28 : 80382000 80383d08 80383d10 80120950
> Hi : 00000090
> Lo : 0000007e
> epc : 8011c1c8 dequeue_task+0xc/0x94 Tainted: PF
> ra : 80120950 sys_sched_yield+0x7c/0xf8
> Status: 50104c02 KERNEL EXL
> Cause : 00808008
> BadVA : 00000000
> PrId : 000c0904
> Modules linked in: cf ipi_hsl dataplane evb sjtag xlr_fmn hw_random
> ipt_connlimit xt_tcpudp xt_mark ipt_REDIRECT iptable_nat ip_nat
> ip_conntrack iptable_filter ip_tables x_tables hwreset panic_dump
> Process swapper (pid: 0, threadinfo=80382000, task=803841a0)
> Stack : 80383d10 802c0180 ffffffff 00000001 8a69e018 881e1b80 ffffffff 00000001
> 00000001 802d6390 8e143390 00000000 8e11f848 8e002d8c 00000000 00000001
> 00000001 00000000 881e1c08 80410000 8e9c7f30 881e1b80 8fc7de00 8fc7def8
> 00000002 8e409400 8e143390 00000000 00000000 8e0d7840 817a3e00 0001164d
> 00000000 00000000 000000d0 8e40c0e4 8e0d9ea0 8e0d9cb4 8e706738 00000002
>
>
>
> Please note netlink_broadcast reserves Stack frame of 80bytes but
> tries to write to access 88(sp).
>
> 802d60c8 <netlink_broadcast>:
> 802d60c8: 27bdffb0 addiu sp,sp,-80
> 802d60cc: afb40038 sw s4,56(sp)
> 802d60d0: afb30034 sw s3,52(sp)
> 802d60d4: afbf004c sw ra,76(sp)
> 802d60d8: afbe0048 sw s8,72(sp)
> 802d60dc: afb70044 sw s7,68(sp)
> 802d60e0: afb60040 sw s6,64(sp)
> 802d60e4: afb5003c sw s5,60(sp)
> 802d60e8: afb20030 sw s2,48(sp)
> 802d60ec: afb1002c sw s1,44(sp)
> 802d60f0: afb00028 sw s0,40(sp)
> 802d60f4: afa40050 sw a0,80(sp) <-------Can this corrupt the
> previous stack frame?
> 802d60f8: 8ca20078 lw v0,120(a1)
> 802d60fc: 00a09821 move s3,a1
> 802d6100: afa60058 sw a2,88(sp) <------- Can this corrupt the
> previous stack frame?
No; this is entirely normal. In the O32 ABI which is used to compile 32-bit
kernels the caller allocates the stackframe for the callee to save the
argument registers $a0 .. $a3 so you expect to see accesses to the 16 bytes
above the current stack frame just like here.
Ralf
PS: 2.6.16.51 is now over 4 years old. Please ship to the following address:
British Museum
Great Russell Street
WC1B 3DG
London
Great Britain
;-)
prev parent reply other threads:[~2011-05-16 13:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-16 9:04 Stack frame for netlink_broadcast Bharat Bhushan
2011-05-16 13:37 ` Ralf Baechle [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110516133719.GA13589@linux-mips.org \
--to=ralf@linux-mips.org \
--cc=bharat.76@gmail.com \
--cc=linux-mips@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox