From: Helge Deller <deller@gmx.de>
To: linux-parisc <linux-parisc@vger.kernel.org>
Subject: [PATCH] [RFC] fix kernel crash (protection id trap) when compiling ruby1.9
Date: Wed, 17 Dec 2008 23:46:05 +0100 [thread overview]
Message-ID: <4949812D.7080608@gmx.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 2371 bytes --]
The Debian bugzilla has a long thread about kernel crashes when
compiling ruby1.9 on hppa. This kernel bug led even to discussions if
hppa should be dropped for lenny.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717 for details.
It's really easy to reproduce the bug, and it generates this backtrace
(interestingly two backtraces):
< Your System ate a SPARC! Gah! >
-------------------------------
\ ^__^
\ (xx)\_______
(__)\ )\/\
U ||----w |
|| ||
miniruby (pid 15221): Protection id trap (code 27)
YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
PSW: 00000000000001000000000000001111 Not tainted
r00-03 0004000f 102a9800 101a141c 8210c388
r04-07 00000000 0020fd08 0020fd10 00000001
r08-11 00000000 8210c388 fffffff2 8210c0c8
r12-15 fb0d04c8 402cc3d8 00001000 40007000
r16-19 002120a0 00000010 0020fd90 00000001
r20-23 8210c000 00000000 0020fd0e 8210c39e
r24-27 00000000 00000001 8e7c5660 105e7a90
r28-31 0000000f 00190834 8210c500 101a12b8
sr00-03 00000000 00000000 00000000 00000847
sr04-07 00000000 00000000 00000000 00000000
IASQ: 00000000 00000000 IAOQ: 101a147c 101a1480
IIR: 0ed5d240 ISR: 00000847 IOR: 0020fd0e
CPU: 0 CR30: 8210c000 CR31: d22344f0
ORIG_R28: 00001000
IAOQ[0]: do_sys_poll+0x1ac/0x1b8
IAOQ[1]: do_sys_poll+0x1b0/0x1b8
RP(r2): do_sys_poll+0x14c/0x1b8
Backtrace:
[<101a1574>] sys_poll+0x84/0xec
[<10114078>] syscall_exit+0x0/0x28
Backtrace:
[<1010fdb8>] die_if_kernel+0xe8/0x1ac
[<10110584>] handle_interruption+0x2fc/0x598
[<10113078>] intr_check_sig+0x0/0x34
The bug (sometimes but not always!) happens in fs/select.c:do_sys_poll()
when calling __put_user() and writing back fds[0].revents to userspace.
What I quite don't understand yet is, why does copy_from_user() [called
a few lines above the __put_user()] succeeds, and __put_user() sometimes
suddenly fails with a protection id fault.
The attached patch simply adds the lookup for a fixup handler when trap
#27 (protection id trap) happens in kernel space. This was missing in
the code path for trap #27 which is why the kernel then called
die_if_kernel() and crashed.
Even with this patch ruby1.9 may fail to compile, but at least the
kernel crashes are gone.
Any feedback welcome.
Helge
Signed-off-by: Helge Deller <deller@gmx.de>
[-- Attachment #2: data_protection_id_failure.diff --]
[-- Type: text/x-patch, Size: 1693 bytes --]
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
index 4c771cd..70eabfe 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -43,6 +43,8 @@
#include "../math-emu/math-emu.h" /* for handle_fpe() */
+DECLARE_PER_CPU(struct exception_data, exception_data);
+
#define PRINT_USER_FAULTS /* (turn this on if you want user faults to be */
/* dumped to the console via printk) */
@@ -745,6 +747,41 @@ void handle_interruption(int code, struct pt_regs *regs)
/* Fall Through */
case 27:
/* Data memory protection ID trap */
+ if (code == 27 && !user_mode(regs)) {
+ const struct exception_table_entry *fix;
+
+ /* mostly copied from:
+ arch/parisc/mm/fault.c:do_page_fault()
+ */
+ fix = search_exception_tables(regs->iaoq[0]);
+ printk(KERN_CRIT "BUG: Kernel Data memory protection ID"
+ " trap at %p (%pS), fix=%p\n",
+ (void*)regs->iaoq[0], (void*)regs->iaoq[0], fix);
+ if (fix) {
+ struct exception_data *d;
+
+ d = &__get_cpu_var(exception_data);
+ d->fault_ip = regs->iaoq[0];
+ d->fault_space = regs->isr;
+ d->fault_addr = regs->ior;
+
+ regs->iaoq[0] = ((fix->fixup) & ~3);
+
+ /*
+ * NOTE: In some cases the faulting instruction
+ * may be in the delay slot of a branch. We
+ * don't want to take the branch, so we don't
+ * increment iaoq[1], instead we set it to be
+ * iaoq[0]+4, and clear the B bit in the PSW
+ */
+
+ regs->iaoq[1] = regs->iaoq[0] + 4;
+ regs->gr[0] &= ~PSW_B; /* IPSW in gr[0] */
+
+ return;
+ }
+ }
+
die_if_kernel("Protection id trap", regs, code);
si.si_code = SEGV_MAPERR;
si.si_signo = SIGSEGV;
next reply other threads:[~2008-12-17 22:46 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-17 22:46 Helge Deller [this message]
2008-12-18 0:05 ` [PATCH] [RFC] fix kernel crash (protection id trap) when compiling John David Anglin
2008-12-18 0:43 ` Kyle McMartin
2008-12-18 3:02 ` [PATCH] [RFC] fix kernel crash (protection id trap) when John David Anglin
2008-12-18 3:05 ` Kyle McMartin
2008-12-18 4:04 ` Kyle McMartin
2008-12-18 16:16 ` Carlos O'Donell
2008-12-18 18:28 ` Kyle McMartin
2008-12-19 15:25 ` Carlos O'Donell
2008-12-19 16:13 ` John David Anglin
2008-12-19 16:23 ` Carlos O'Donell
2008-12-19 16:28 ` Kyle McMartin
2008-12-19 16:35 ` Carlos O'Donell
2008-12-19 16:36 ` Carlos O'Donell
2008-12-19 16:44 ` Kyle McMartin
2008-12-19 17:28 ` Carlos O'Donell
2008-12-19 17:33 ` Kyle McMartin
2008-12-19 17:36 ` Carlos O'Donell
2008-12-19 17:39 ` Kyle McMartin
2008-12-19 17:42 ` Kyle McMartin
2008-12-19 18:43 ` Carlos O'Donell
2008-12-18 1:46 ` [PATCH] [RFC] fix kernel crash (protection id trap) when compiling ruby1.9 Carlos O'Donell
2008-12-18 2:02 ` Carlos O'Donell
2008-12-18 13:13 ` Helge Deller
2008-12-18 15:28 ` [PATCH] [RFC] fix kernel crash (protection id trap) when compiling John David Anglin
2008-12-18 16:09 ` Carlos O'Donell
2008-12-18 2:36 ` [PATCH] [RFC] fix kernel crash (protection id trap) when compiling ruby1.9 Kyle McMartin
2008-12-18 12:21 ` Carlos O'Donell
2008-12-18 7:03 ` Kyle McMartin
2008-12-18 13:09 ` Helge Deller
2008-12-18 15:05 ` Kyle McMartin
2008-12-19 21:29 ` Kyle McMartin
2008-12-19 22:59 ` Helge Deller
2008-12-19 23:34 ` Kyle McMartin
2008-12-20 17:07 ` [PATCH] [RFC] fix kernel crash (protection id trap) when John David Anglin
2008-12-21 15:20 ` John David Anglin
2008-12-21 17:27 ` John David Anglin
2008-12-21 21:33 ` Kyle McMartin
2008-12-21 22:02 ` Kyle McMartin
2008-12-21 22:52 ` John David Anglin
2008-12-21 22:11 ` John David Anglin
2008-12-21 22:52 ` Helge Deller
2008-12-21 22:58 ` John David Anglin
2008-12-21 23:08 ` Helge Deller
2008-12-22 0:07 ` John David Anglin
2008-12-22 22:43 ` James Bottomley
2008-12-22 22:46 ` Kyle McMartin
2008-12-23 2:31 ` John David Anglin
2008-12-23 2:54 ` Kyle McMartin
2008-12-23 3:15 ` John David Anglin
2008-12-23 13:13 ` John David Anglin
2008-12-21 22:20 ` Kyle McMartin
2008-12-21 22:48 ` John David Anglin
2008-12-22 22:46 ` James Bottomley
2008-12-22 22:47 ` Kyle McMartin
2008-12-21 22:59 ` Helge Deller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4949812D.7080608@gmx.de \
--to=deller@gmx.de \
--cc=linux-parisc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox