From: Andrew Morton <akpm@zip.com.au>
To: Daniel Jacobowitz <dan@debian.org>
Cc: linux-kernel@vger.kernel.org, Andrea Arcangeli <andrea@suse.de>
Subject: Re: [PATCH?] Crash in 2.4.17/ptrace
Date: Mon, 28 Jan 2002 13:03:05 -0800 [thread overview]
Message-ID: <3C55BC89.EDE3105C@zip.com.au> (raw)
In-Reply-To: <20020128153210.A3032@nevyn.them.org>
Daniel Jacobowitz wrote:
>
> I've been debugging frame buffer graphics lately, and encountering a
> very annoying problem. If the debugee has /dev/fb/0 mapped, and I try
> to print out the contents of a pointer into that buffer, GDB crashes in
> kernel/ptrace.c:access_process_vm. The problem seems to be that
> get_user_pages returns a NULL page. Something as simple as this
> prevents the crash:
>
> --- 2.4.18-pre7/2.4.18-pre7/kernel/ptrace.c Fri Dec 21 12:42:04 2001
> +++ 2.4.17/kernel-source-2.4.17/kernel/ptrace.c Mon Jan 28 15:30:39 2002
> @@ -160,6 +160,18 @@ int access_process_vm(struct task_struct
>
> flush_cache_page(vma, addr);
>
> +#if 1
> + if (!page)
> + {
> + /* FIXME: Writes? */
> + if (!write) memset (buf, 0, bytes);
> + len -= bytes;
> + buf += bytes;
> + continue;
> + }
> +#endif
> +
> +
> maddr = kmap(page);
> if (write) {
> memcpy(maddr + offset, buf, bytes);
Oh nice. And it seems that, say, an O_DIRECT write of, say,
a mmaped framebuffer will also oops the kernel.
Most callers of get_user_pages() aren't prepared for a
null page* in the returned array.
This patch *may* be sufficient, but perhaps get_user_pages()
should just bale out as soon as it finds an invalid page, rather
than sticking a null page * into the returned array and continuing.
--- linux-2.4.18-pre7/mm/memory.c Fri Dec 21 11:19:23 2001
+++ linux-akpm/mm/memory.c Mon Jan 28 12:54:40 2002
@@ -453,6 +453,7 @@ int get_user_pages(struct task_struct *t
vma = find_extend_vma(mm, start);
if ( !vma ||
+ (vma->vm_flags & VM_IO) ||
(!force &&
((write && (!(vma->vm_flags & VM_WRITE))) ||
(!write && (!(vma->vm_flags & VM_READ))) ) )) {
> Of course, I would much rather be able to see the contents of the
> framebuffer. Any suggestions?
Not with this patch, I'm afraid. For your testing purposes you
could just remove the VALID_PAGE() test in mm/memory.c:get_page_map(),
and then gdb should be able to get at the framebuffer.
-
next prev parent reply other threads:[~2002-01-28 21:10 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-28 20:32 [PATCH?] Crash in 2.4.17/ptrace Daniel Jacobowitz
2002-01-28 21:03 ` Andrew Morton [this message]
2002-01-28 21:19 ` Daniel Jacobowitz
2002-01-28 21:29 ` Andrew Morton
2002-01-28 21:55 ` Alan Cox
2002-01-28 22:12 ` Andrew Morton
2002-01-29 22:59 ` [Linux-fbdev-devel] " James Simmons
2002-01-29 23:02 ` Andrew Morton
2002-01-30 0:13 ` James Simmons
2002-01-28 22:15 ` Benjamin Herrenschmidt
2002-01-28 23:57 ` Andrea Arcangeli
2002-01-28 23:54 ` Andrea Arcangeli
2002-01-29 5:35 ` Andrew Morton
2002-01-28 23:47 ` Andrea Arcangeli
2002-01-28 21:42 ` Andrew Morton
-- strict thread matches above, loose matches on Subject: below --
2002-01-28 21:33 Manfred Spraul
2002-01-28 22:05 ` Alan Cox
2002-01-28 22:07 ` Manfred Spraul
2002-01-28 22:26 ` Daniel Jacobowitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C55BC89.EDE3105C@zip.com.au \
--to=akpm@zip.com.au \
--cc=andrea@suse.de \
--cc=dan@debian.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox