| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jul 2007 20:49:03 +0530 From: "Satyam Sharma" <satyam.sharma@...il.com> To: "Gabriel C" <nix.or.die@...glemail.com> Cc: "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>, "Christoph Lameter" <clameter@....com>, htejun@...il.com, gregkh@...e.de Subject: Re: Oops while modprobing phy fixed module Hi Gabriel, On 7/16/07, Gabriel C <nix.or.die@...glemail.com> wrote: > ( http://194.231.229.228/Oops.txt ) > I cannot reproduce this on plain 2.6.22 so I've started to bisect the > problem. Could you reproduce this oops at will at the "bad" points? [ Note that git-bisect isn't quite applicable to bugs that are not 100% reproducible. The ones that passed as "good" may have passed only because the bug didn't get triggered on that particular test. Also, a perfectly good commit could get unnecessarily marked "bad" because the bug happened to get triggered for it ... so it's not quite trust-worthy for your case. ] > Here the bisect result: > > 3007e997de91ec59af39a3f9c91595b31ae6e08b is first bad commit > commit 3007e997de91ec59af39a3f9c91595b31ae6e08b > Author: Tejun Heo <htejun@...il.com> > Date: Thu Jun 14 04:27:23 2007 +0900 > > sysfs: use sysfs_mutex to protect the sysfs_dirent tree > > As kobj sysfs dentries and inodes are gonna be made reclaimable, > i_mutex can't be used to protect sysfs_dirent tree. Use sysfs_mutex > globally instead. As the whole tree is protected with sysfs_mutex, > there is no reason to keep sysfs_rename_sem. Drop it. > > While at it, add docbook comments to functions which require > sysfs_mutex locking. > > Signed-off-by: Tejun Heo <htejun@...il.com> > Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de> > > :040000 040000 9deba7887752bc343cc4f5dea2dac70e895ea8b6 > 75340b6e18c1ada500bb1a2b99ee88fd93ebae8c M fs Hmm, I don't see why this one could introduce an oops in SLUB, but it's doing some locking-related stuff, and if it didn't get it right, the resulting races /could/ lead to some oops. But ... a recently posted patch (http://lkml.org/lkml/2007/7/16/204) from Akinobu Mita does point to an oops that was introduced by commit 0c096b507f15397da890051ee73de4266d3941fb that belongs to the same patchset -- kmem_cache_free(NULL) is illegal and so will oops. A curious coincidence is that you do see sysfs_new_dirent() in the stack trace there, but the oops there is in kmem_cache_free(), not kmem_cache_zalloc() as your dmesg output indicated. Try that patch anyway, but I don't think that'll solve your problem -- if it was, you would've been seeing "unable to handle kernel NULL pointer dereference" but what you've been posting is "unable to handle kernel paging request at virtual address <non_null_ptr>" ... Gaah. And the worst thing about it all is that we're not able to trigger the oops with debugging options -- that backtrace is horrible, so I'd suggest CONFIG_FRAME_POINTER, at the very least. And also perhaps DEBUG_INFO while we're at it -- that'll make later analysis easier, if nothing else. [ BTW I couldn't even get my compiler to generate the same "Code:" as we saw in your dmesg (I suspect all the oopsen have occurred with DEBUG=n, yes?) so my earlier analysis that suspected SLUB's page->lockless_freelist in slab_alloc() as the source of that invalid kernel address was actually based on some human-work rather than simple tools doing their thing. Gaah, again! ] I'm thoroughly mystified ... Christoph? Tejun? Someone? Satyam - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists