[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.0.999.0710030804310.3579@woody.linux-foundation.org>
Date: Wed, 3 Oct 2007 08:11:05 -0700 (PDT)
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Ingo Molnar <mingo@...e.hu>
cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Greg KH <gregkh@...e.de>,
Alexander Viro <viro@....linux.org.uk>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: Re: [bug] crash when reading /proc/mounts (was: Re: Linux 2.6.23-rc9
and a heads-up for the 2.6.24 series..)
On Wed, 3 Oct 2007, Ingo Molnar wrote:
>
> hm, i just triggered the procfs crash below with -rc9 on a testbox.
You have a terminally buggy piece of shit compiler.
Lookie here:
- the bug happens on this:
char c = *p++;
- which has been compiled into
8b 3a mov (%edx),%edi
which is a *word* access.
- the pointer is at the end of a page (very much on purpose):
edx: f2a3fffe
- and as a result you get an exception on the *next* page:
BUG: unable to handle kernel paging request at virtual address f2a40000
and btw, there is no question what-so-ever about whether your compiler
might be doing a legal optimization - the compiler really is wrong, and is
total shit. You need to make a gcc bug-report. Because this is not a
question of "the standard is ambiguous", this is a question of "the
compiler turned good code into code that could SIGSEGV in user space too,
if 'malloc()' happened to return a pointer at the end of an allocation".
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists