From: Andi Kleen <ak@muc.de>
To: Antoine Martin <antoine@nagafix.co.uk>
Cc: linux-kernel@vger.kernel.org, jdike@addtoit.com
Subject: Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops
Date: Sun, 08 May 2005 16:12:35 +0200 [thread overview]
Message-ID: <m1ekchvmb0.fsf@muc.de> (raw)
In-Reply-To: <1115483506.12131.33.camel@cobra> (Antoine Martin's message of "Sat, 07 May 2005 17:31:46 +0100")
Antoine Martin <antoine@nagafix.co.uk> writes:
>
> general protection fault: 0000 [1]
> CPU 0
> Pid: 26926, comm: kernel-4 Not tainted 2.6.11.8
> RIP: 0010:[<ffffffff8010ca47>] <ffffffff8010ca47>{__switch_to+311}
> RSP: 0018:ffff8100a7635d48 EFLAGS: 00010016
> RAX: 0000c8e816000002 RBX: ffff8100b895f320 RCX: 00000000c0000102
> RDX: 000000000000c8e8 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: 0000000000000000 R08: ffff810090db3a00 R09: 0000000000006933
> R10: 0000000000000000 R11: 0000000000000202 R12: ffff8100a827b890
> R13: ffff8100b895f010 R14: ffff8100a827b580 R15: ffff8100a827b7f8
> FS: 000000006025212c(0000) GS:ffffffff80785a00(0000)
> knlGS:0000000000000d7e
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 000000006880d010 CR3: 00000000a2321000 CR4: 00000000000006e0
> Process kernel-4 (pid: 26926, threadinfo ffff810060884000, task
> ffff8100a827b580)
> Stack: ffff8100dc37e180 ffff8100b895f010 ffffffff806b6d50
> ffff8100b895f010
> 000003595b049ed6 ffffffff804f4de4 ffff8100a7635de8
> 0000000000000086
> 0000007500000020 ffff8100b895f010
> Call Trace:<ffffffff804f4de4>{thread_return+0}
> <ffffffff8013cb08>{ptrace_stop+280}
> <ffffffff8013cde6>{get_signal_to_deliver+358}
> <ffffffff8010d4e3>{do_signal+163}
> <ffffffff8010e905>{error_exit+0}
> <ffffffff8010de67>{sys_rt_sigreturn+535}
> <ffffffff8010dee9>{sys_rt_sigreturn+665}
> <ffffffff8010e2b6>{int_signal+18}
>
>
> Code: 0f 30 66 41 89 6c 24 2e 65 48 8b 04 25 20 00 00 00 49 89 44
That is a wrmsr to 0x00000000c0000102 (KERNEL_GS_BASE), the code
is trying to write 0x0000c8e816000002 into it. That is a non canonical
address, which causes the GPF.
The strange thing is that the kernel should have rejected it in
the first place. The code to allow user space to set kernel gs
checks for the address being > TASK_SIZE and TASK_SIZE is 0x800000000000.
It should have rejected it in the first place.
Are you sure you did not apply any strange UML related patches
to the host kernel? Maybe those are buggy.
-Andi
next prev parent reply other threads:[~2005-05-08 14:12 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20050504191828.620C812EE7@sc8-sf-spam2.sourceforge.net>
[not found] ` <1115248927.12088.52.camel@cobra>
[not found] ` <1115392141.12197.3.camel@cobra>
2005-05-07 16:31 ` 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops Antoine Martin
2005-05-07 15:57 ` Alexander Nyberg
2005-05-07 18:03 ` Jeff Dike
2005-05-08 0:18 ` Al Viro
2005-05-08 6:10 ` Al Viro
2005-05-09 21:07 ` Al Viro
2005-05-10 2:26 ` Al Viro
2005-05-10 3:50 ` Jeff Dike
2005-05-10 10:02 ` Al Viro
2005-05-08 16:28 ` Jeff Dike
2005-05-07 18:06 ` Antoine Martin
2005-05-08 14:12 ` Andi Kleen [this message]
2005-05-08 16:35 ` Antoine Martin
2005-05-08 15:15 ` Andi Kleen
2005-05-08 16:42 ` Jeff Dike
2005-05-08 17:38 ` Antoine Martin
2005-05-08 16:45 ` Jeff Dike
2005-05-08 19:51 ` Antoine Martin
2005-05-08 16:38 ` Jeff Dike
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1ekchvmb0.fsf@muc.de \
--to=ak@muc.de \
--cc=antoine@nagafix.co.uk \
--cc=jdike@addtoit.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox