* Stack frame for netlink_broadcast
@ 2011-05-16 9:04 Bharat Bhushan
2011-05-16 13:37 ` Ralf Baechle
0 siblings, 1 reply; 2+ messages in thread
From: Bharat Bhushan @ 2011-05-16 9:04 UTC (permalink / raw)
To: linux-mips
I am using linux kernel version 2.6.16.51 MIPS port.
I see the crash while using netlink_broadcast from kernel module.
CPU 0 Unable to handle kernel paging request at virtual address
00000000, epc == 8011c1c8, ra == 80120950
Oops[#1]:
Cpu 0
$ 0 : 00000000 50104c00 00000000 804008c0
$ 4 : 803841a0 00000000 00000001 00000000
$ 8 : 40000000 00000000 00000000 00000000
$12 : 00000000 00000001 8093bfff 00000002
$16 : 81201480 8120193c 8a69e018 881e1b80
$20 : 8ba5a520 00000001 80412d34 00000000
$24 : 00000000 80343f04
$28 : 80382000 80383d08 80383d10 80120950
Hi : 00000090
Lo : 0000007e
epc : 8011c1c8 dequeue_task+0xc/0x94 Tainted: PF
ra : 80120950 sys_sched_yield+0x7c/0xf8
Status: 50104c02 KERNEL EXL
Cause : 00808008
BadVA : 00000000
PrId : 000c0904
Modules linked in: cf ipi_hsl dataplane evb sjtag xlr_fmn hw_random
ipt_connlimit xt_tcpudp xt_mark ipt_REDIRECT iptable_nat ip_nat
ip_conntrack iptable_filter ip_tables x_tables hwreset panic_dump
Process swapper (pid: 0, threadinfo=80382000, task=803841a0)
Stack : 80383d10 802c0180 ffffffff 00000001 8a69e018 881e1b80 ffffffff 00000001
00000001 802d6390 8e143390 00000000 8e11f848 8e002d8c 00000000 00000001
00000001 00000000 881e1c08 80410000 8e9c7f30 881e1b80 8fc7de00 8fc7def8
00000002 8e409400 8e143390 00000000 00000000 8e0d7840 817a3e00 0001164d
00000000 00000000 000000d0 8e40c0e4 8e0d9ea0 8e0d9cb4 8e706738 00000002
Please note netlink_broadcast reserves Stack frame of 80bytes but
tries to write to access 88(sp).
802d60c8 <netlink_broadcast>:
802d60c8: 27bdffb0 addiu sp,sp,-80
802d60cc: afb40038 sw s4,56(sp)
802d60d0: afb30034 sw s3,52(sp)
802d60d4: afbf004c sw ra,76(sp)
802d60d8: afbe0048 sw s8,72(sp)
802d60dc: afb70044 sw s7,68(sp)
802d60e0: afb60040 sw s6,64(sp)
802d60e4: afb5003c sw s5,60(sp)
802d60e8: afb20030 sw s2,48(sp)
802d60ec: afb1002c sw s1,44(sp)
802d60f0: afb00028 sw s0,40(sp)
802d60f4: afa40050 sw a0,80(sp) <-------Can this corrupt the
previous stack frame?
802d60f8: 8ca20078 lw v0,120(a1)
802d60fc: 00a09821 move s3,a1
802d6100: afa60058 sw a2,88(sp) <------- Can this corrupt the
previous stack frame?
In dequeue_task, it crashes @
array->nr_active--, since array is NULL.
Regards,
Bharat
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Stack frame for netlink_broadcast
2011-05-16 9:04 Stack frame for netlink_broadcast Bharat Bhushan
@ 2011-05-16 13:37 ` Ralf Baechle
0 siblings, 0 replies; 2+ messages in thread
From: Ralf Baechle @ 2011-05-16 13:37 UTC (permalink / raw)
To: Bharat Bhushan; +Cc: linux-mips
On Mon, May 16, 2011 at 02:34:46PM +0530, Bharat Bhushan wrote:
> I am using linux kernel version 2.6.16.51 MIPS port.
>
> I see the crash while using netlink_broadcast from kernel module.
>
> CPU 0 Unable to handle kernel paging request at virtual address
> 00000000, epc == 8011c1c8, ra == 80120950
> Oops[#1]:
> Cpu 0
> $ 0 : 00000000 50104c00 00000000 804008c0
> $ 4 : 803841a0 00000000 00000001 00000000
> $ 8 : 40000000 00000000 00000000 00000000
> $12 : 00000000 00000001 8093bfff 00000002
> $16 : 81201480 8120193c 8a69e018 881e1b80
> $20 : 8ba5a520 00000001 80412d34 00000000
> $24 : 00000000 80343f04
> $28 : 80382000 80383d08 80383d10 80120950
> Hi : 00000090
> Lo : 0000007e
> epc : 8011c1c8 dequeue_task+0xc/0x94 Tainted: PF
> ra : 80120950 sys_sched_yield+0x7c/0xf8
> Status: 50104c02 KERNEL EXL
> Cause : 00808008
> BadVA : 00000000
> PrId : 000c0904
> Modules linked in: cf ipi_hsl dataplane evb sjtag xlr_fmn hw_random
> ipt_connlimit xt_tcpudp xt_mark ipt_REDIRECT iptable_nat ip_nat
> ip_conntrack iptable_filter ip_tables x_tables hwreset panic_dump
> Process swapper (pid: 0, threadinfo=80382000, task=803841a0)
> Stack : 80383d10 802c0180 ffffffff 00000001 8a69e018 881e1b80 ffffffff 00000001
> 00000001 802d6390 8e143390 00000000 8e11f848 8e002d8c 00000000 00000001
> 00000001 00000000 881e1c08 80410000 8e9c7f30 881e1b80 8fc7de00 8fc7def8
> 00000002 8e409400 8e143390 00000000 00000000 8e0d7840 817a3e00 0001164d
> 00000000 00000000 000000d0 8e40c0e4 8e0d9ea0 8e0d9cb4 8e706738 00000002
>
>
>
> Please note netlink_broadcast reserves Stack frame of 80bytes but
> tries to write to access 88(sp).
>
> 802d60c8 <netlink_broadcast>:
> 802d60c8: 27bdffb0 addiu sp,sp,-80
> 802d60cc: afb40038 sw s4,56(sp)
> 802d60d0: afb30034 sw s3,52(sp)
> 802d60d4: afbf004c sw ra,76(sp)
> 802d60d8: afbe0048 sw s8,72(sp)
> 802d60dc: afb70044 sw s7,68(sp)
> 802d60e0: afb60040 sw s6,64(sp)
> 802d60e4: afb5003c sw s5,60(sp)
> 802d60e8: afb20030 sw s2,48(sp)
> 802d60ec: afb1002c sw s1,44(sp)
> 802d60f0: afb00028 sw s0,40(sp)
> 802d60f4: afa40050 sw a0,80(sp) <-------Can this corrupt the
> previous stack frame?
> 802d60f8: 8ca20078 lw v0,120(a1)
> 802d60fc: 00a09821 move s3,a1
> 802d6100: afa60058 sw a2,88(sp) <------- Can this corrupt the
> previous stack frame?
No; this is entirely normal. In the O32 ABI which is used to compile 32-bit
kernels the caller allocates the stackframe for the callee to save the
argument registers $a0 .. $a3 so you expect to see accesses to the 16 bytes
above the current stack frame just like here.
Ralf
PS: 2.6.16.51 is now over 4 years old. Please ship to the following address:
British Museum
Great Russell Street
WC1B 3DG
London
Great Britain
;-)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-05-16 13:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-05-16 9:04 Stack frame for netlink_broadcast Bharat Bhushan
2011-05-16 13:37 ` Ralf Baechle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox