| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jul 2008 23:54:57 +0400
From: Alexey Dobriyan <adobriyan@...il.com>
To: torvalds@...l.org, akpm@...l.org, npiggin@...e.de
Cc: linux-kernel@...r.kernel.org
Subject: 2.6.27-rc1: IP: iov_iter_advance+0x2e/0x90
Steps to reproduce:
# while true; do ./ftest03; done
ftest03 from LTP 20080603
BUG: unable to handle kernel paging request at ffff88017c72a008
IP: [<ffffffff8026190e>] iov_iter_advance+0x2e/0x90
PGD 202063 PUD b067 PMD 17def8163 PTE 800000017c72a160
Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC
CPU 0
Modules linked in: af_packet ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 xt_state iptable_filter iptable_raw ip_tables x_tables nf_conntrack_irc nf_conntrack fuse usblp usbcore
Pid: 3546, comm: ftest03 Not tainted 2.6.27-rc1 #2
RIP: 0010:[<ffffffff8026190e>] [<ffffffff8026190e>] iov_iter_advance+0x2e/0x90
RSP: 0018:ffff88017c75fad8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000800 RCX: 0000000000000000
RDX: 0000000000000080 RSI: 0000000000000000 RDI: ffff88017c75fb78
RBP: ffff88017c75fad8 R08: ffff88017c72a000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000001 R12: 0000000000000800
R13: 000000000006e800 R14: ffff88017f6b7ac8 R15: 0000000000000800
FS: 00007f490298d6f0(0000) GS:ffffffff8051f780(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff88017c72a008 CR3: 000000017c631000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process ftest03 (pid: 3546, threadinfo ffff88017c75e000, task ffff88017c51e540)
Stack: ffff88017c75fbd8 ffffffff80263452 000000004890c442 0000000000000246
000000007faae000 ffff88017c75fd98 000000000006e800 ffff88017c75fd18
ffff88017efefe00 ffff88017f6b7ac8 ffffffff80422fc0 ffff88017f6b78e0
Call Trace:
[<ffffffff80263452>] generic_file_buffered_write+0x1e2/0x710
[<ffffffff8040cfd0>] ? _spin_unlock+0x30/0x60
[<ffffffff80263e0f>] __generic_file_aio_write_nolock+0x29f/0x450
[<ffffffff80264026>] generic_file_aio_write+0x66/0xd0
[<ffffffff802c9506>] ext3_file_write+0x26/0xc0
[<ffffffff80264250>] ? generic_file_aio_read+0x0/0x670
[<ffffffff802c94e0>] ? ext3_file_write+0x0/0xc0
[<ffffffff8028921b>] do_sync_readv_writev+0xeb/0x130
[<ffffffff8025284d>] ? trace_hardirqs_on+0xd/0x10
[<ffffffff802449c0>] ? autoremove_wake_function+0x0/0x40
[<ffffffff80289055>] ? rw_copy_check_uvector+0x95/0x130
[<ffffffff80289953>] do_readv_writev+0xc3/0x120
[<ffffffff8025284d>] ? trace_hardirqs_on+0xd/0x10
[<ffffffff802527b5>] ? trace_hardirqs_on_caller+0xd5/0x160
[<ffffffff8025284d>] ? trace_hardirqs_on+0xd/0x10
[<ffffffff802899e9>] vfs_writev+0x39/0x60
[<ffffffff80289d60>] sys_writev+0x50/0x90
[<ffffffff8020b65b>] system_call_fastpath+0x16/0x1b
Code: 77 18 48 89 e5 72 11 48 83 7f 08 01 75 11 48 01 77 10 48 29 77 18 c9 c3 0f 0b 0f 1f 00 eb fb 4c 8b 07 48 8b 4f 10 48 85 f6 75 17 <49> 83 78 08 00 75 07 48 83 7f 18 00 75 09 4c 89 07 48 89 4f 10
RIP [<ffffffff8026190e>] iov_iter_advance+0x2e/0x90
RSP <ffff88017c75fad8>
CR2: ffff88017c72a008
0xffffffff8026190e is in iov_iter_advance (mm/filemap.c:1882).
1877
1878 /*
1879 * The !iov->iov_len check ensures we skip over unlikely
1880 * zero-length segments (without overruning the iovec).
1881 */
1882 ===> while (bytes || unlikely(!iov->iov_len && i->count)) {
1883 int copy;
1884
1885 copy = min(bytes, iov->iov_len - base);
1886 BUG_ON(!i->count || i->count < copy);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists