lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 23 Jan 2011 02:12:23 +0100
From:	Frederic Weisbecker <fweisbec@...il.com>
To:	Chris Wilson <chris@...is-wilson.co.uk>
Cc:	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org,
	Daniel Vetter <daniel.vetter@...ll.ch>
Subject: Re: [PATCH] drm/i915,agp/intel: Do not clear stolen entries

On Fri, Jan 21, 2011 at 10:58:57AM +0000, Chris Wilson wrote:
> We can only utilize the stolen portion of the GTT if we are in sole
> charge of the hardware. This is only true if using GEM and KMS,
> otherwise VESA continues to access stolen memory.
> 
> Reported-by: Arnd Bergmann <arnd@...db.de>
> Reported-by: Frederic Weisbecker <fweisbec@...il.com>
> Cc: Daniel Vetter <daniel.vetter@...ll.ch>
> Signed-off-by: Chris Wilson <chris@...is-wilson.co.uk>
> ---


Applied on top of -rc2, it crashes the kernel early on
boot with an unhandle page request.
I don't have a serial line and it's too early for netconsole,
so I wrote the stacktrace I saw with printk delayed.

i830_write_entry
intel_gtt_clar_range
intel_fake_agp_insert_entries
agp_bind_memory
?agp_generic_alloc_pages
?intelfb_pci_register
?raw_spin_unlock_irqrestore
?local_pci_probe
?pci_device_probe
?driver_probe_device
?__driver_attach
?bus_for_each_dev
?driver_attach
?__driver_attach
?bus_add_driver
?pci_device_remove
?driver_register
?raw_spin_lock_init
?pci_register_driver
?intelfb_init
?do_one_initcall
?radix_tree_lookup
?irq_to_desc
?intelfb_init
?kernel_init

Given the ip (c12ccf12) it must be:

c12ccef0 <i830_write_entry>:
c12ccef0:       55                      push   %ebp
c12ccef1:       81 f9 01 00 01 00       cmp    $0x10001,%ecx
c12ccef7:       89 e5                   mov    %esp,%ebp
c12ccef9:       b9 01 00 00 00          mov    $0x1,%ecx
c12ccefe:       53                      push   %ebx
c12cceff:       bb 07 00 00 00          mov    $0x7,%ebx
c12ccf04:       0f 45 d9                cmovne %ecx,%ebx
c12ccf07:       09 c3                   or     %eax,%ebx
c12ccf09:       c1 e2 02                shl    $0x2,%edx
c12ccf0c:       03 15 8c 5e d5 c1       add    0xc1d55e8c,%edx
c12ccf12:       89 1a                   mov    %ebx,(%edx)  <--- here
c12ccf14:       5b                      pop    %ebx
c12ccf15:       5d                      pop    %ebp
c12ccf16:       c3                      ret    
c12ccf17:       89 f6                   mov    %esi,%esi
c12ccf19:       8d bc 27 00 00 00 00    lea    0x0(%edi,%eiz,1),%edi

So, it seems to be the actual writel() that faults.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ