| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Jul 2007 10:11:19 +0200 From: "Michal Piotrowski" <michal.k.k.piotrowski@...il.com> To: "Satyam Sharma" <satyam.sharma@...il.com> Cc: "Greg KH" <gregkh@...e.de>, "Andrew Morton" <akpm@...ux-foundation.org>, rdunlap@...otime.net, LKML <linux-kernel@...r.kernel.org> Subject: Re: [broken-out-2007-07-20-00-22] kernel bug at kernel/params:570 On 21/07/07, Satyam Sharma <satyam.sharma@...il.com> wrote: > Ok, this worked: > > > His .config has CONFIG_PROFILE_LIKELY=y > > which replaces unlikely() / likely() with do_check_likely() and forces > > gcc to clobber %eax with the condition itself, which in our case was > > (ret < 0) == TRUE, and thus, the "1" value we saw in %eax in the > > register dumps. > > The usage of unlikely() in BUG_ON and CONFIG_PROFILE_LIKELY=y > meant %eax that held `ret' from kobject_add() was being lost. > > With that turned off: > > 0xc136071b call 0xc1103744 <kobject_add> > [ ret i.e. %eax = kobject_add() ] > 0xc1360720 test %eax,%eax > [ %eax = %eax && %eax = %eax ] > [ probably gcc thinks this is an efficient < 0 check on i386 :-) ] > 0xc1360722 jns 0xc1360728 > [ if false jump down below, else: ] > 0xc1360724 ud2a > [ invalid opcode exception. /* from BUG */ ] > 0xc1360726 jmp 0xc1360726 > [ for (;;) ; /* from BUG */ ] > > > We should probably document somewhere that CONFIG_PROFILE_LIKELY > > is not good for debugging. > > > > Hmmm ... thinking out aloud here, but probably I don't need to fix that > > libata breakage at all. I'll just put the BUG_ON(ret < 0) back in the > > code, deselect PROFILE_LIKELY, and this time we _will_ have the > > return of kobject_add() in %eax ... > > So %eax retained its value. I reproduced Michal's oops (without having > to select CONFIG_ATA, because param_sysfs_init() is called way > earlier than searching for root block device during boot -- which is what > my system didn't like without ATA), and yes, I saw: > > %eax == ffffffea == -22 == -EINVAL. > > But: > > When I replace the BUG_ON() with Greg's (or my modified) patch, > the kernel ignores that error as we wanted, but _still_ crashes before > finding the root block device (because ATA is not in kernel and my > system seems to require it). Unfortunately, lots of dmesg output > has scrolled up by then, and our "printk" is lost. Because of no > CONFIG_ATA, nothing gets written to disk either. I don't have a > serial cable around, netconsole not up yet at that point. Neither serial nor net console doesn't work, system hangs very early. > > Ugh, I'm running out of ideas. > > Satyam > Regards, Michal -- LOG http://www.stardust.webpages.pl/log/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists