lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200801280217.38273.rob@landley.net>
Date:	Mon, 28 Jan 2008 02:17:37 -0600
From:	Rob Landley <rob@...dley.net>
To:	linux-kernel@...r.kernel.org
Cc:	linux-mips@...r.kernel.org, Ralf Baechle <ralf@...ux-mips.org>
Subject: 2.6.24 panics initializing ne2k in mips.

The 2.6.23 kernel built for mips with the attached .config works fine for me 
under qemu (both big endian and little endian), but a 2.6.24 mips kernel 
segfaults initializing the ne2k driver (again when run under qemu).

I've traced it to this commit:

  http://kernel.org/hg/linux-2.6/rev/74258

Version 74257 works, 74258 does not.

The qemu invocation is:

  qemu-system-mips -M mips -no-reboot -nographic -hda /dev/zero -kernel \
    vmlinux -append "panic=1 console=ttyS0"

The panic is:

Linux version 2.6.24-rc2 (landley@...ftwood) (libc/sysdeps/linux/mips/crt1.S:
(.text+0x1c): undefined reference to `main') #2 Mon Jan 28 02:08:00 CST 2008
console [early0] enabled
CPU revision is: 00019300 (MIPS 24K)
FPU revision is: 00739300
Determined physical RAM map:
 memory: 08000000 @ 00000000 (usable)
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 32512
Kernel command line: panic=1 console=ttyS0
Primary instruction cache 2kB, VIPT, 2-way, linesize 16 bytes.
Primary data cache 2kB, 2-way, VIPT, no aliases, linesize 16 bytes
Synthesized clear page handler (13 instructions).
Synthesized copy page handler (22 instructions).
Synthesized TLB refill handler (20 instructions).
Synthesized TLB load handler fastpath (32 instructions).
Synthesized TLB store handler fastpath (32 instructions).
Synthesized TLB modify handler fastpath (31 instructions).
Cache parity protection enabled
PID hash table entries: 512 (order: 9, 2048 bytes)
Using 100.000 MHz high precision timer.
Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
CPU 0 Unable to handle kernel paging request at virtual address 00000004, epc 
== 80053414, ra == 80054960
Oops[#1]:
Cpu 0
$ 0   : 00000000 10008400 ffff7fff 10000400
$ 4   : 00000017 00000000 801db96c 00000011
$ 8   : 10008400 1000001f 00000005 81100000
$12   : 801e0000 801e0000 3b9aca00 801b1868
$16   : 801b64d8 00000017 00000200 00000000
$20   : ffffffff 00007e20 0000001f 00015c00
$24   : 00091a6f 801b1a50
$28   : 801ae000 801afe08 00008000 80054960
Hi    : 03b9aca0
Lo    : 00000000
epc   : 80053414     Not tainted
ra    : 80054960 Status: 10000402    KERNEL EXL
Cause : 40008408
BadVA : 00000004
PrId  : 00019300 (MIPS 24K)
Process swapper (pid: 0, threadinfo=801ae000, task=801b0160)
Stack : 801dc407 801dc7d4 801aff3c 801c0000 801b64d8 00000017 00000200 
00000000
        ffffffff 80054960 10000000 801b0000 000004b2 000004b2 00000000 
0000001f
        80010b6c 000005b8 80031348 8003129c 801aff2c 801d0000 00000000 
800111e4
        801dc414 8019f9c4 801dc413 801d0000 00000040 801b0000 00000000 
10008400
        00000000 fffffbff 00000001 81015e20 00000001 00000011 81015e40 
81015c00
        ...
Call Trace:[<801c0000>][<80054960>][<80010b6c>][<80031348>][<8003129c>]
[<801d0000>][<800111e4>][<801d0000>][<8005d5b8>][<801ca414>][<801cb820>]
[<801cb744>][<801cb5a0>][<801d0000>][<801c3314>][<801c9b10>][<801cd79c>]
[<801d0000>][<801bfb30>][<801bf118>]

Code: afb3001c  afb20018  afb10014 <8ca20004> 00a08021  30420020  14400009  
0080a021  40016000
Kernel panic - not syncing: Fatal exception in interrupt
Rebooting in 1 seconds..

The final 2.6.24 release panics slightly differently, it waits until the ne2k 
init and then loses it.  I'm not quite sure this is the same problem (since 
the error is now occuring in a different place), but I haven't found any 
kernel _after_ that which won't panic during init.  Only the placement of the 
panic changes.

I fiddled around a bit in the debug menu, but didn't figure out how to get 
actual function names of out a mips trace...

The way I reproduce this is with my http://landley.net/hg/firmware/ build 
script, download the most recent version (links to tarballs at the top), 
run "./build.sh mips" and let it grind a lot, then extract the 
build/qemu-image-mips.tar.bz2 tarball, cd qemu-image-mips and 
run "./run-mips.sh" in that directory.  (I have qemu 0.9.1 installed.)

More details in my blog at http://landley.net/notes-2008.html#27-01-2008

Rob
-- 
"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.

View attachment ".config" of type "text/plain" (14968 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ