lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100224202258.GA615@sgi.com>
Date:	Wed, 24 Feb 2010 14:22:58 -0600
From:	Jack Steiner <steiner@....com>
To:	venkatesh.pallipadi@...el.com, suresh.b.siddha@...el.com
Cc:	mingo@...e.hu, tglx@...utronix.de, linux-kernel@...r.kernel.org
Subject: Panic in reserve_memtype()


We see an X86_64 regression that started a few days ago. The kernel is booted
via EFI & panics in the pat.c code trying to deref a NULL pointer.

I didn't debug the problem but am suspicious of
	x86, pat: Migrate to rbtree only backend for pat memtype management  x86/pat
		author	Pallipadi, Venkatesh <venkatesh.pallipadi@...el.com>	
		Wed, 10 Feb 2010 23:26:07 +0000 (15:26 -0800)
	committer	H. Peter Anvin <hpa@...or.com>	
		Thu, 18 Feb 2010 23:41:36 +0000 (15:41 -0800)



Has anyone seen this? If not, I can debug further....

Problem is in the git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86.git tree.



Pid: 0, comm: swapper Not tainted 2.6.33-rc8-tip-medusa+ #2 /
RIP: 0010:[<ffffffff810304b0>]  [<ffffffff810304b0>] rbt_memtype_check_insert+0x1b2/0x232
RSP: 0000:ffffffff81601df8  EFLAGS: 00000256
RAX: 00000000000b0000 RBX: ffff88000f840100 RCX: 00000000000001c1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88000f8244c0
RBP: ffffffff81601e38 R08: 0000000000000001 R09: ffffffff8152cd79
R10: ffffffff8152cd79 R11: 0000000000018620 R12: ffff88000f8244c0
R13: 0000000000000010 R14: 0000000000000000 R15: 00000000fffffff4
FS:  0000000000000000(0000) GS:ffff880001c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005007b
CR2: 0000000000000000 CR3: 0000000001604000 CR4: 00000000000006b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
Process swapper (pid: 0, threadinfo ffffffff81600000, task ffffffff8160c020)
Stack:
 ffffffff81601e38 00000000000b0000 0000000000006000 ffff88000f840100
<0> ffff88000f8244c0 0000000000000000 0000000000000010 00000000fffffff4
<0> ffffffff81601e88 ffffffff8102edff 00000000000b0000 0000000000006000
Call Trace:
 [<ffffffff8102edff>] reserve_memtype+0x2ce/0x4c9
 [<ffffffff8102e0d0>] set_memory_uc+0x41/0x89
 [<ffffffff816b92be>] efi_enter_virtual_mode+0xc9/0x269
 [<ffffffff816aada0>] start_kernel+0x3b8/0x42b
 [<ffffffff816aa140>] ? early_idt_handler+0x0/0x71
 [<ffffffff816aa29e>] x86_64_start_reservations+0xa5/0xa9
 [<ffffffff816aa3ed>] x86_64_start_kernel+0x14b/0x15a



Source of the NULL pointer is:

	int set_memory_uc(unsigned long addr, int numpages)
	{
		...
		ret = reserve_memtype(__pa(addr), __pa(addr) + numpages * PAGE_SIZE,
                            _PAGE_CACHE_UC_MINUS, NULL);



--- jack
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ