lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 17 Oct 2007 01:50:58 +0200
From:	Gabriel C <nix.or.die@...glemail.com>
To:	Dmitry Adamushko <dmitry.adamushko@...il.com>
CC:	Srivatsa Vaddagiri <vatsa@...ibm.com>, Ingo Molnar <mingo@...e.hu>,
	Andrew Morton <akpm@...ux-foundation.org>,
	torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [git pull] scheduler updates for v2.6.24

Dmitry Adamushko wrote:
> [ cc'ed Srivatsa ]
> 
> On 17/10/2007, Gabriel C <nix.or.die@...glemail.com> wrote:
>> Ingo Molnar wrote:
>> [15692.917111] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000044
>> ...
>> [15692.917629] EFLAGS: 00010046   (2.6.23-g65a6ec0d #330)
>> [15692.917661] EIP is at pick_next_task_fair+0x1f/0x2d
> 
> Gabriel, could you please post a disassembled code for pick_next_task_fair()?
> (objdump -d kernel/sched.o and then search for pick_next_task_fair --
> copy_and_past)

Sure here it is :

00000e49 <pick_next_task_fair>:
     e49:       53                      push   %ebx
     e4a:       31 d2                   xor    %edx,%edx
     e4c:       83 78 40 00             cmpl   $0x0,0x40(%eax)
     e50:       74 20                   je     e72 <pick_next_task_fair+0x29>
     e52:       83 c0 38                add    $0x38,%eax
     e55:       8b 50 20                mov    0x20(%eax),%edx
     e58:       31 db                   xor    %ebx,%ebx
     e5a:       85 d2                   test   %edx,%edx
     e5c:       74 0a                   je     e68 <pick_next_task_fair+0x1f>
     e5e:       8d 5a f8                lea    -0x8(%edx),%ebx
     e61:       89 da                   mov    %ebx,%edx
     e63:       e8 a9 ff ff ff          call   e11 <set_next_entity>
     e68:       8b 43 44                mov    0x44(%ebx),%eax
     e6b:       85 c0                   test   %eax,%eax
     e6d:       75 e6                   jne    e55 <pick_next_task_fair+0xc>
     e6f:       8d 53 d0                lea    -0x30(%ebx),%edx
     e72:       89 d0                   mov    %edx,%eax
     e74:       5b                      pop    %ebx
     e75:       c3                      ret


> 
> anyway, my guess is that it's :
> 
>                 se = pick_next_entity(cfs_rq);
>                 cfs_rq = group_cfs_rq(se);
> 
> 'se' _happens_ to be NULL and group_cf_rq(se) does se->my_q and
> (according to my calculations) offset(my_q) == 68 (0x44) for x86 32bit
> system with CONFIG_SCHEDSTATS=n and CONFIG_FAIR_GROUP_SCHED=y
> (according to the config).
> 
> that might take place provided put_prev_task_fair() failed for some
> reason to insert 'current' (or its corresponding group element) back
> into the tree in schedule()... say, due to some inconsistency in
> cfs_rq's data.
> 
> Srivatsa, that's somewhat similar to another issue that has been
> posted earlier today (crash in put_prev_task_fair() -->
> __enqueue_task() --> rb_insert_color()) that you are already aware of
> ...  (/me will continue tomorrow).
> 
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ