lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <471F076E.4080609@panasas.com>
Date:	Wed, 24 Oct 2007 10:50:54 +0200
From:	Benny Halevy <bhalevy@...asas.com>
To:	Jens Axboe <jens.axboe@...cle.com>,
	FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>
CC:	kamalesh@...ux.vnet.ibm.com, linux-kernel@...r.kernel.org,
	apw@...dowen.org, tomof@....org
Subject: Re: [BUG] 2.6.23-git18 Kernel oops in sg helpers

On Oct. 24, 2007, 10:32 +0200, Jens Axboe <jens.axboe@...cle.com> wrote:
> On Wed, Oct 24 2007, FUJITA Tomonori wrote:
>> On Tue, 23 Oct 2007 20:49:40 +0530
>> Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com> wrote:
>>
>>> Hi,
>>>
>>> Kernel oops is triggered while running fsx-linux test, followed by cpu softlock
>>> over the AMD box
>>>
>>> Unable to handle kernel NULL pointer dereference at 0000000000000018 RIP: 
>>>  [<ffffffff8021f2f6>] gart_map_sg+0x26c/0x406
>>> PGD 10185b067 PUD 10075b067 PMD 0 
>> Does this work?
>>
>>
>> diff --git a/arch/x86/kernel/pci-gart_64.c b/arch/x86/kernel/pci-gart_64.c
>> index c56e9ee..ae7e016 100644
>> --- a/arch/x86/kernel/pci-gart_64.c
>> +++ b/arch/x86/kernel/pci-gart_64.c
>> @@ -338,7 +338,6 @@ static int __dma_map_cont(struct scatterlist *start, int nelems,
>>  		
>>  		BUG_ON(s != start && s->offset);
>>  		if (s == start) {
>> -			*sout = *s; 
>>  			sout->dma_address = iommu_bus_base;
>>  			sout->dma_address += iommu_page*PAGE_SIZE + s->offset;
>>  			sout->dma_length = s->length;
>> @@ -365,7 +364,7 @@ static inline int dma_map_cont(struct scatterlist *start, int nelems,
>>  {
>>  	if (!need) {
>>  		BUG_ON(nelems != 1);
>> -		*sout = *start;
>> +		sout->dma_address = start->dma_address;

I don't see this could fix anything since "s" above and "start" here are still
dereferenced.  Also, this makes sout->dma_address inconsistent with sout->page_link
and with the end marker.

Benny

>>  		sout->dma_length = start->length;
>>  		return 0;
>>  	}
>> -- 
>> 1.5.2.4
> 
> Care to write up a proper changelog?
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ