| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jun 2008 00:08:02 -0500 From: Larry Finger <Larry.Finger@...inger.net> To: Miles Lane <miles.lane@...il.com> CC: Michael Buesch <mb@...sch.de>, Vegard Nossum <vegard.nossum@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, linux-wireless <linux-wireless@...r.kernel.org>, FUJITA Tomonori <fujita.tomonori@....ntt.co.jp> Subject: Re: BUG: NULL pointer dereference at 00000000 -- IP: [<f8e783d5>] :b43:b43_dma_mapping_error+0x16/0x155 Miles Lane wrote: > On Tue, Jun 10, 2008 at 7:15 PM, Larry Finger <Larry.Finger@...inger.net> wrote: >> Miles Lane wrote: >>> I got a slightly different BUG with this patch applied: >>> >>> BUG: unable to handle kernel NULL pointer dereference at 00000000 >>> IP: [<f89e3d41>] :b43:b43_dma_mapping_error+0x16/0x97 >>> *pde = 00000000 >>> Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC >>> last sysfs file: >>> >>> /sys/devices/pci0000:00/0000:00:08.0/0000:01:06.0/ssb0:0/firmware/ssb0:0/loading >>> Modules linked in: sbs sbshc wmi battery iptable_filter ip_tables >>> x_tables ac sbp2 rtc arc4 ecb crypto_blkcipher cryptomgr crypto_algapi >>> b43 mac80211 cfg80211 led_class snd_intel8x0 snd_ac97_codec ac97_bus >>> snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss >>> snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore >>> snd_page_alloc i2c_nforce2 i2c_core button ohci1394 3c59x ieee1394 >>> forcedeth ehci_hcd ohci_hcd usbcore thermal processor fan thermal_sys >> Miles, >> >> If you have time, please cd to the kernel root directory and run the command >> 'objdump -d -l drivers/net/wireless/b43/dma.o > dmadump'. You may have to >> install the objdump package. In the file dmadump, find the line that >> contains b43_dma_mapping_error. On my system it is 0000000000000085 >> <b43_dma_mapping_error>: Note, I use x86_64 and yours will likely be >> different. >> >> Note the address (0x85 in my case), add the offset (0x16) and find the line >> with the error. You can use KCalc in hexadecimal mode if you are not >> comfortable with doing addition in base 16. Please report the source line >> and instruction that failed. > > For me, the line is: > "000000ab <b43_dma_mapping_error>:" > so, 0xab + 0x16 = 0xc1 > and here's the dump giving some context around that line: > b43_dma_mapping_error(): > ab: 55 push %ebp > ac: 89 e5 mov %esp,%ebp > ae: 57 push %edi > af: 89 d7 mov %edx,%edi > b1: 56 push %esi > b2: 89 ce mov %ecx,%esi > b4: 53 push %ebx > b5: 83 ec 08 sub $0x8,%esp > b8: 8a 55 08 mov 0x8(%ebp),%dl > bb: 88 55 ef mov %dl,-0x11(%ebp) > be: 8b 50 58 mov 0x58(%eax),%edx > c1: 8b 12 mov (%edx),%edx > c3: 8b 52 08 mov 0x8(%edx),%edx > c6: 89 55 f0 mov %edx,-0x10(%ebp) > c9: 8b 40 34 mov 0x34(%eax),%eax > cc: 83 f8 1e cmp $0x1e,%eax > cf: 74 07 je d8 <b43_dma_mapping_error+0x2d> > d1: 83 f8 20 cmp $0x20,%eax > d4: 75 5b jne 131 <b43_dma_mapping_error+0x86> > d6: eb 15 jmp ed <b43_dma_mapping_error+0x42> The line that fails is if (unlikely(dma_mapping_error(ring->dev->dev->dma_dev, addr))) The value at 0x58(%eax) is zero, which corresponds to the "struct b43_wldev *dev" line in struct b43_dmaring. In other words, ring->dev is NULL, which causes the error. I'll leave it to FUJITA Tomonori to figure out why. Larry -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists