| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jun 2013 14:06:20 +0200
From: Richard Weinberger <richard@....at>
To: Michal Hocko <mhocko@...e.cz>
CC: LKML <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
cgroups mailinglist <cgroups@...r.kernel.org>,
"kamezawa.hiroyu@...fujitsu.com" <kamezawa.hiroyu@...fujitsu.com>,
bsingharora@...il.com, hannes@...xchg.org
Subject: Re: mem_cgroup_page_lruvec: BUG: unable to handle kernel NULL pointer
dereference at 00000000000001a8
Am 13.06.2013 14:02, schrieb Michal Hocko:
> On Thu 13-06-13 13:48:27, richard -rw- weinberger wrote:
>> Hi!
>>
>> While playing with user namespaces my kernel crashed under heavy load.
>> Kernel is 3.9.0 plus some trivial patches.
>
> Could you post disassembly for mem_cgroup_page_lruvec?
Sure!
00000000000035e0 <mem_cgroup_page_lruvec>:
35e0: 55 push %rbp
35e1: 48 8d 86 c8 03 00 00 lea 0x3c8(%rsi),%rax
35e8: 48 89 e5 mov %rsp,%rbp
35eb: 48 83 ec 10 sub $0x10,%rsp
35ef: 48 89 5d f0 mov %rbx,-0x10(%rbp)
35f3: 48 89 f3 mov %rsi,%rbx
35f6: 8b 35 00 00 00 00 mov 0x0(%rip),%esi # 35fc <mem_cgroup_page_lruvec+0x1c>
35fc: 4c 89 65 f8 mov %r12,-0x8(%rbp)
3600: 85 f6 test %esi,%esi
3602: 75 55 jne 3659 <mem_cgroup_page_lruvec+0x79>
3604: 49 89 fc mov %rdi,%r12
3607: e8 00 00 00 00 callq 360c <mem_cgroup_page_lruvec+0x2c>
360c: 49 8b 14 24 mov (%r12),%rdx
3610: 48 8b 48 08 mov 0x8(%rax),%rcx
3614: 83 e2 20 and $0x20,%edx
3617: 75 1f jne 3638 <mem_cgroup_page_lruvec+0x58>
3619: 48 8b 10 mov (%rax),%rdx
361c: 83 e2 02 and $0x2,%edx
361f: 75 17 jne 3638 <mem_cgroup_page_lruvec+0x58>
3621: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 3628 <mem_cgroup_page_lruvec+0x48>
3628: 48 39 d1 cmp %rdx,%rcx
362b: 74 0b je 3638 <mem_cgroup_page_lruvec+0x58>
362d: 48 89 50 08 mov %rdx,0x8(%rax)
3631: 48 89 d1 mov %rdx,%rcx
3634: 0f 1f 40 00 nopl 0x0(%rax)
3638: 49 8b 04 24 mov (%r12),%rax
363c: 48 89 c2 mov %rax,%rdx
363f: 48 c1 e8 38 shr $0x38,%rax
3643: 83 e0 03 and $0x3,%eax
3646: 48 c1 ea 3a shr $0x3a,%rdx
364a: 48 69 c0 38 01 00 00 imul $0x138,%rax,%rax
3651: 48 03 84 d1 e0 02 00 add 0x2e0(%rcx,%rdx,8),%rax
3658: 00
3659: 48 3b 58 70 cmp 0x70(%rax),%rbx
365d: 75 0a jne 3669 <mem_cgroup_page_lruvec+0x89>
365f: 48 8b 5d f0 mov -0x10(%rbp),%rbx
3663: 4c 8b 65 f8 mov -0x8(%rbp),%r12
3667: c9 leaveq
3668: c3 retq
3669: 48 89 58 70 mov %rbx,0x70(%rax)
366d: eb f0 jmp 365f <mem_cgroup_page_lruvec+0x7f>
366f: 90 nop
FWIW the ./scripts/decodecode output:
All code
========
0: 89 50 08 mov %edx,0x8(%rax)
3: 48 89 d1 mov %rdx,%rcx
6: 0f 1f 40 00 nopl 0x0(%rax)
a: 49 8b 04 24 mov (%r12),%rax
e: 48 89 c2 mov %rax,%rdx
11: 48 c1 e8 38 shr $0x38,%rax
15: 83 e0 03 and $0x3,%eax
18: 48 c1 ea 3a shr $0x3a,%rdx
1c: 48 69 c0 38 01 00 00 imul $0x138,%rax,%rax
23: 48 03 84 d1 e0 02 00 add 0x2e0(%rcx,%rdx,8),%rax
2a: 00
2b:* 48 3b 58 70 cmp 0x70(%rax),%rbx <-- trapping instruction
2f: 75 0a jne 0x3b
31: 48 8b 5d f0 mov -0x10(%rbp),%rbx
35: 4c 8b 65 f8 mov -0x8(%rbp),%r12
39: c9 leaveq
3a: c3 retq
3b: 48 89 58 70 mov %rbx,0x70(%rax)
3f: eb .byte 0xeb
Code starting with the faulting instruction
===========================================
0: 48 3b 58 70 cmp 0x70(%rax),%rbx
4: 75 0a jne 0x10
6: 48 8b 5d f0 mov -0x10(%rbp),%rbx
a: 4c 8b 65 f8 mov -0x8(%rbp),%r12
e: c9 leaveq
f: c3 retq
10: 48 89 58 70 mov %rbx,0x70(%rax)
14: eb .byte 0xeb
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists