lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 29 Nov 2007 12:50:55 -0500
From:	Mark Lord <lkml@....ca>
To:	Greg KH <gregkh@...e.de>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-usb-devel@...ts.sourceforge.net
Subject: Re: [PATCH] base/class.c: prevent ooops due to insert/remove race

Mark Lord wrote:
> Mark Lord wrote:
>...
> And here is a "prevented" oops, courtesy of the patch (2.6.23.8).
> These are easy to reproduce (just jiggle the connection on an
> attached USB multi-card reader with a CF card inserted):
...
> [  347.099562] usb 5-6: USB disconnect, address 10
> [  347.101077] BUG: unable to handle kernel NULL pointer dereference at 
> virtual address 00000000

...


Mmmm.. that's odd.  It *did* Oops there.  I wonder how/why ?

Perhaps a *MAINTAINER* could take an interest in decoding the exact C-stmt
that crashed ?

> [  347.101086]  printing eip:
> [  347.101088] c01bfe2d
> [  347.101091] *pde = 00000000
> [  347.101095] Oops: 0000 [#1]
> [  347.101098] PREEMPT SMP [  347.101102] Modules linked in: 
> nls_iso8859_1 nls_cp437 vfat fat usb_storage libusual microcode 
> binfmt_misc rfcomm l2cap bluetooth nfs nfsd exportfs lockd nfs_acl 
> auth_rpcgss sunrpc acpi_cpufreq cpufreq_stats cpufreq_userspace 
> cpufreq_ondemand freq_table cpufreq_powersave container fan 
> firmware_class pciehp pci_hotplug usbhid hid visor af_packet usbserial 
> fuse firewire_sbp2 mousedev snd_hda_intel snd_pcm_oss snd_pcm 
> snd_mixer_oss snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi 
> serio_raw snd_seq_midi_event snd_seq snd_timer snd_seq_device 
> firewire_ohci firewire_core b44 mii thermal ehci_hcd uhci_hcd usbcore 
> sdhci pcspkr sr_mod cdrom mmc_core crc_itu_t sg ac psmouse processor snd 
> soundcore intel_agp agpgart battery button snd_page_alloc unix
> [  347.101196] CPU:    1
> [  347.101197] EIP:    0060:[strlen+8/17]    Not tainted VLI
> [  347.101199] EFLAGS: 00010246   (2.6.23.8 #6)
> [  347.101209] EIP is at strlen+0x8/0x11
> [  347.101212] eax: 00000000   ebx: 0000000b   ecx: ffffffff   edx: 
> f6cad204
> [  347.101217] esi: c02f6887   edi: 00000000   ebp: f6cad204   esp: 
> f7152e58
> [  347.101221] ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
> [  347.101226] Process khubd (pid: 2087, ti=f7152000 task=c29beaa0 
> task.ti=f7152000)
> [  347.101229] Stack: f6cad204 c020ed4c f6cad1fc c03297f4 c0329780 
> c020ee65 00000000 f6cad1fc [  347.101240]        f6cad098 00000202 
> f5a70000 c020eef9 f6cad000 c021ab43 f6cad000 f77e0000 [  
> 347.101250]        c021868c f77e0038 f77e0000 c02139bc f77e02ec f77e0000 
> f8be27c0 f8bd6691 [  347.101261] Call Trace:
> [  347.101268]  [make_class_name+29/87] make_class_name+0x1d/0x57
> [  347.101280]  [class_device_del+131/271] class_device_del+0x83/0x10f
> [  347.101291]  [class_device_unregister+8/16] 
> class_device_unregister+0x8/0x10
> [  347.101300]  [__scsi_remove_device+43/104] 
> __scsi_remove_device+0x2b/0x68
> [  347.101309]  [scsi_forget_host+45/74] scsi_forget_host+0x2d/0x4a
> [  347.101319]  [scsi_remove_host+101/213] scsi_remove_host+0x65/0xd5
> [  347.101329]  [<f8bd6691>] quiesce_and_remove_host+0x99/0xa7 
> [usb_storage]
> Nov 29 12:39:07 corey kernel: [  347.101346]  [<f8bd6763>] 
> storage_disconnect+0xe/0x16 [usb_storage]
> Nov 29 12:39:07 corey kernel: [  347.101361]  [<f88d7a50>] 
> usb_unbind_interface+0x44/0x94 [usbcore]
> Nov 29 12:39:07 corey kernel: [  347.101409]  
> [__device_release_driver+113/142] __device_release_driver+0x71/0x8e
> Nov 29 12:39:07 corey kernel: [  347.101418]  
> [device_release_driver+30/52] device_release_driver+0x1e/0x34
> Nov 29 12:39:07 corey kernel: [  347.101426]  
> [bus_remove_device+109/125] bus_remove_device+0x6d/0x7d
> Nov 29 12:39:07 corey kernel: [  347.101434]  [device_del+460/576] 
> device_del+0x1cc/0x240
> Nov 29 12:39:07 corey kernel: [  347.101444]  [<f88d53f9>] 
> usb_disable_device+0x5c/0xbb [usbcore]
> Nov 29 12:39:07 corey kernel: [  347.101489]  [<f88d1aff>] 
> usb_disconnect+0x83/0x11b [usbcore]
> Nov 29 12:39:07 corey kernel: [  347.101537]  [<f88d220d>] 
> hub_thread+0x388/0xa8d [usbcore]
> Nov 29 12:39:07 corey kernel: [  347.101586]  [schedule+1417/1463] 
> __sched_text_start+0x589/0x5b7
> Nov 29 12:39:07 corey kernel: [  347.101602]  
> [autoremove_wake_function+0/53] autoremove_wake_function+0x0/0x35
> Nov 29 12:39:07 corey kernel: [  347.101615]  [<f88d1e85>] 
> hub_thread+0x0/0xa8d [usbcore]
> Nov 29 12:39:07 corey kernel: [  347.101656]  [kthread+56/95] 
> kthread+0x38/0x5f
> Nov 29 12:39:07 corey kernel: [  347.101663]  [kthread+0/95] 
> kthread+0x0/0x5f
> Nov 29 12:39:07 corey kernel: [  347.101669]  
> [kernel_thread_helper+7/16] kernel_thread_helper+0x7/0x10
> Nov 29 12:39:07 corey kernel: [  347.101681]  =======================
> Nov 29 12:39:07 corey kernel: [  347.101683] Code: f0 48 5e c3 56 89 d1 
> 89 c6 83 ec 04 31 d2 89 c8 88 c4 ac 38 e0 75 03 8d 56 ff 84 c0 75 f4 5e 
> 89 d0 5e c3 57 83 c9 ff 89 c7 31 c0 <f2> ae f7 d1 49 5f 89 c8 c3 57 89 
> c7 89 d0 31 d2 85 c9 74 0c f2 Nov 29 12:39:07 corey kernel: [  
> 347.101738] EIP: [strlen+8/17] strlen+0x8/0x11 SS:ESP 0068:f7152e58
> Nov 29 12:39:07 corey kernel: [  345.226354] sd 7:0:0:0: [sdc] READ 
> CAPACITY failed
> Nov 29 12:39:07 corey kernel: [  345.226360] sd 7:0:0:0: [sdc] Result: 
> hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
> Nov 29 12:39:07 corey kernel: [  345.226367] sd 7:0:0:0: [sdc] Sense not 
> available.
> Nov 29 12:39:07 corey kernel: [  345.226382] sd 7:0:0:0: [sdc] Write 
> Protect is off
> Nov 29 12:39:07 corey kernel: [  345.226386] sd 7:0:0:0: [sdc] Mode 
> Sense: 00 00 00 00
> Nov 29 12:39:07 corey kernel: [  345.226390] sd 7:0:0:0: [sdc] Assuming 
> drive cache: write through
> Nov 29 12:39:07 corey kernel: [  345.226471] sd 7:0:0:0: [sdc] Attached 
> SCSI removable disk
> Nov 29 12:39:07 corey kernel: [  345.226539] sd 7:0:0:0: Attached scsi 
> generic sg2 type 0
> Nov 29 12:39:07 corey kernel: [  347.151887] sd 7:0:0:0: [sdc] READ 
> CAPACITY failed
> Nov 29 12:39:07 corey kernel: [  347.151895] sd 7:0:0:0: [sdc] Result: 
> hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
> Nov 29 12:39:07 corey kernel: [  347.151902] sd 7:0:0:0: [sdc] Sense not 
> available.
> Nov 29 12:39:07 corey kernel: [  347.151918] sd 7:0:0:0: [sdc] Write 
> Protect is off
> Nov 29 12:39:07 corey kernel: [  347.151922] sd 7:0:0:0: [sdc] Mode 
> Sense: 00 00 00 00
> Nov 29 12:39:07 corey kernel: [  347.151927] sd 7:0:0:0: [sdc] Assuming 
> drive cache: write through
> Nov 29 12:39:07 corey kernel: [  347.151981] sd 7:0:0:0: [sdc] READ 
> CAPACITY failed
> Nov 29 12:39:07 corey kernel: [  347.151985] sd 7:0:0:0: [sdc] Result: 
> hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
> Nov 29 12:39:07 corey kernel: [  347.151993] sd 7:0:0:0: [sdc] Sense not 
> available.
> Nov 29 12:39:07 corey kernel: [  347.152008] sd 7:0:0:0: [sdc] Write 
> Protect is off
> Nov 29 12:39:07 corey kernel: [  347.152013] sd 7:0:0:0: [sdc] Mode 
> Sense: 00 00 00 00
> Nov 29 12:39:07 corey kernel: [  347.152017] sd 7:0:0:0: [sdc] Assuming 
> drive cache: write through
> Nov 29 12:39:07 corey kernel: [  345.279916] sd 7:0:0:0: [sdc] READ 
> CAPACITY failed
> Nov 29 12:39:07 corey kernel: [  345.279951] sd 7:0:0:0: [sdc] Result: 
> hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
> Nov 29 12:39:07 corey kernel: [  345.279965] sd 7:0:0:0: [sdc] Sense not 
> available.
> Nov 29 12:39:07 corey kernel: [  345.279982] sd 7:0:0:0: [sdc] Write 
> Protect is off
> Nov 29 12:39:07 corey kernel: [  345.279987] sd 7:0:0:0: [sdc] Mode 
> Sense: 00 00 00 00
> Nov 29 12:39:07 corey kernel: [  345.279991] sd 7:0:0:0: [sdc] Assuming 
> drive cache: write through
> Nov 29 12:39:07 corey kernel: [  345.280047] sd 7:0:0:0: [sdc] READ 
> CAPACITY failed
> Nov 29 12:39:07 corey kernel: [  345.280051] sd 7:0:0:0: [sdc] Result: 
> hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
> Nov 29 12:39:07 corey kernel: [  345.280059] sd 7:0:0:0: [sdc] Sense not 
> available.
> Nov 29 12:39:07 corey kernel: [  345.280075] sd 7:0:0:0: [sdc] Write 
> Protect is off
> Nov 29 12:39:07 corey kernel: [  345.280079] sd 7:0:0:0: [sdc] Mode 
> Sense: 00 00 00 00
> Nov 29 12:39:07 corey kernel: [  345.280083] sd 7:0:0:0: [sdc] Assuming 
> drive cache: write through
> Nov 29 12:39:07 corey kernel: [  345.289528] sd 7:0:0:0: [sdc] READ 
> CAPACITY failed
> Nov 29 12:39:07 corey kernel: [  345.289536] sd 7:0:0:0: [sdc] Result: 
> hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
> Nov 29 12:39:07 corey kernel: [  345.289542] sd 7:0:0:0: [sdc] Sense not 
> available.
> Nov 29 12:39:07 corey kernel: [  345.289560] sd 7:0:0:0: [sdc] Write 
> Protect is off
> Nov 29 12:39:07 corey kernel: [  345.289564] sd 7:0:0:0: [sdc] Mode 
> Sense: 00 00 00 00
> Nov 29 12:39:07 corey kernel: [  345.289569] sd 7:0:0:0: [sdc] Assuming 
> drive cache: write through
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ