lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.01.0908250931170.3218@localhost.localdomain>
Date:	Tue, 25 Aug 2009 09:43:47 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"Mikko C." <mikko.cal@...il.com>
cc:	Eric Paris <eparis@...hat.com>, Frans Pop <elendil@...net.nl>,
	linux-kernel@...r.kernel.org, zdenek.kabelac@...il.com,
	christoph.thielecke@....de, akpm@...ux-foundation.org,
	viro@...iv.linux.org.uk, grant.wilson@....co.uk
Subject: Re: [PATCH 2/3] inotify: do not BUG on idr entries at inotify
 destruction



On Tue, 25 Aug 2009, Mikko C. wrote:
> 
> I just got this with -rc7, but it doesn't look related to what I was having
> before:
> 
> BUG: Bad page map in process kio_thumbnail  pte:ffff88006cc99128 pmd:6d3b1067
> addr:00007f9d4e3a5000 vm_flags:08000070 anon_vma:(null)
> mapping:ffff88007abe21a0 index:200
> vma->vm_ops->fault: filemap_fault+0x0/0x460
> vma->vm_file->f_op->mmap: ext4_file_mmap+0x0/0x80
> Pid: 28022, comm: kio_thumbnail Not tainted 2.6.31-rc7 #1
> Call Trace:
>  [<ffffffff810afaf4>] ? print_bad_pte+0x1d4/0x2c0
>  [<ffffffff810afc79>] ? vm_normal_page+0x99/0xa0
>  [<ffffffff810b0c7d>] ? unmap_vmas+0x4cd/0x970
>  [<ffffffff810b6c74>] ? exit_mmap+0x104/0x1d0
>  [<ffffffff81043e0d>] ? mmput+0x4d/0x100
>  [<ffffffff81048d81>] ? exit_mm+0x101/0x150
>  [<ffffffff8104b240>] ? do_exit+0x6c0/0x750
>  [<ffffffff8104b326>] ? do_group_exit+0x56/0xd0
>  [<ffffffff8104b3c2>] ? sys_exit_group+0x22/0x40
>  [<ffffffff8100b7eb>] ? system_call_fastpath+0x16/0x1b
> Disabling lock debugging due to kernel taint
> 
> No lockups or anything.

That looks like a memory corruption bug. Your page table entry is bad: 
pte:ffff88006cc99128. It has the "special" bit set (one of the software 
bits), in a mapping that should not have special pages.

But that pte entry is odd in other ways too - it's _PAGE_PROTNONE, which 
is unusual (but not necessarily _wrong_) and _PAGE_BIT_ACCESSED. And it 
has the high bits set, which is really not ok for a page table entry. The 
PTE entry should look more like the pmd entry.

So it looks like the pte has been overwritten by some bogus value, 
presumably by a stale pointer. And it migth be related to your inotify 
problems that way.

		Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ