lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1270202304.1989.14.camel@edumazet-laptop>
Date:	Fri, 02 Apr 2010 11:58:24 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	netdev <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>
Cc:	FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>
Subject: Re: [BUG] latest net-next-2.6 doesnt fly

Le vendredi 02 avril 2010 à 11:40 +0200, Eric Dumazet a écrit :

> 
> [  206.020316] BUG: unable to handle kernel NULL pointer dereference at 000000b4
> [  206.020451] IP: [<c12d76b4>] illegal_highdma+0x44/0x170
> [  206.020543] *pde = 00000000 
> [  206.020627] Oops: 0000 [#2] PREEMPT SMP DEBUG_PAGEALLOC
> [  206.020808] last sysfs file: /sys/devices/system/cpu/cpu3/cpufreq/stats/time_in_state
> [  206.020882] Modules linked in: xt_hashlimit ipmi_si ipmi_msghandler hpilo bonding
> [  206.021148] 
> [  206.021198] Pid: 4632, comm: emonitor Tainted: G      D W  2.6.34-rc1-01558-gba0ad27-dirty #599 /ProLiant BL460c G1
> [  206.021276] EIP: 0060:[<c12d76b4>] EFLAGS: 00010202 CPU: 4
> [  206.021332] EIP is at illegal_highdma+0x44/0x170
> [  206.021386] EAX: c23a7e80 EBX: 00000000 ECX: f1f75cb0 EDX: f292af30
> [  206.021443] ESI: 00000001 EDI: 00000001 EBP: ee83ab68 ESP: ee83ab58
> [  206.021500]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
> [  206.021556] Process emonitor (pid: 4632, ti=ee83a000 task=ee9726e0 task.ti=ee83a000)
> [  206.021629] Stack:
> [  206.021678]  00000000 f292af30 00010000 f2bdc800 ee83aba8 c12dcfb9 c1046b27 f2976f24
> [  206.021958] <0> ee83ab88 c1073810 c12e4275 f2976f00 ee83ab90 c107398b ee83ab9c c1046b27
> [  206.022316] <0> f2976f24 f292af30 f2976f00 f2976f24 ee83abec c12e428b f2976f48 00000000
> [  206.022717] Call Trace:
> [  206.022770]  [<c12dcfb9>] ? dev_queue_xmit+0x229/0x550
> [  206.022828]  [<c1046b27>] ? local_bh_enable_ip+0x67/0xd0
> [  206.022885]  [<c1073810>] ? trace_hardirqs_on_caller+0x20/0x190
> [  206.022943]  [<c12e4275>] ? neigh_resolve_output+0xd5/0x350
> [  206.023000]  [<c107398b>] ? trace_hardirqs_on+0xb/0x10
> [  206.023055]  [<c1046b27>] ? local_bh_enable_ip+0x67/0xd0
> [  206.023111]  [<c12e428b>] ? neigh_resolve_output+0xeb/0x350
> [  206.023169]  [<c12f0008>] ? qdisc_create+0x1f8/0x340
> [  206.023225]  [<c12ed8f0>] ? eth_header+0x0/0xb0
> [  206.023282]  [<c130dc64>] ? ip_finish_output2+0xc4/0x280
> [  206.023339]  [<c12fe4b8>] ? nf_hook_slow+0x108/0x140
> [  206.023394]  [<c130de20>] ? ip_finish_output+0x0/0x70
> [  206.023450]  [<c130de6c>] ? ip_finish_output+0x4c/0x70
> [  206.023506]  [<c130df42>] ? ip_output+0xb2/0xd0
> [  206.023560]  [<c130de20>] ? ip_finish_output+0x0/0x70
> [  206.023616]  [<c130d31d>] ? ip_local_out+0x1d/0x30
> [  206.023671]  [<c130d7cd>] ? ip_queue_xmit+0x13d/0x380
> [  206.023728]  [<c10b5434>] ? get_page_from_freelist+0x254/0x510
> [  206.023785]  [<c12d0517>] ? __skb_clone+0x27/0xe0
> [  206.023841]  [<c132120d>] ? tcp_transmit_skb+0x35d/0x7a0
> [  206.023898]  [<c13231e1>] ? tcp_write_xmit+0x1e1/0x980
> [  206.023955]  [<c10c6de2>] ? might_fault+0x62/0xb0
> [  206.024010]  [<c13239b5>] ? tcp_push_one+0x35/0x40
> [  206.024066]  [<c1317cc8>] ? tcp_sendmsg+0x898/0x910
> [  206.024123]  [<c12ca08b>] ? sock_aio_write+0xfb/0x110
> [  206.024180]  [<c10e370d>] ? do_sync_readv_writev+0x9d/0xe0
> [  206.024237]  [<c10e35b0>] ? rw_copy_check_uvector+0x80/0xf0
> [  206.024257]  [<c10e4431>] ? do_readv_writev+0xa1/0x1b0
> [  206.024257]  [<c12c9f90>] ? sock_aio_write+0x0/0x110
> [  206.024257]  [<c10e4950>] ? rcu_read_unlock+0x0/0x50
> [  206.024257]  [<c10e4976>] ? rcu_read_unlock+0x26/0x50
> [  206.024257]  [<c10e4a6b>] ? fget_light+0xcb/0xe0
> [  206.024257]  [<c10e4585>] ? vfs_writev+0x45/0x60
> [  206.024257]  [<c10e4676>] ? sys_writev+0x46/0x70
> [  206.024257]  [<c1002e50>] ? sysenter_do_call+0x12/0x36
> [  206.024257] Code: 0d 80 34 53 c1 8b 49 3c 85 c9 0f 84 37 01 00 00 8b 8a a0 00 00 00 8b 98 34 03 00 00 0f b7 71 04 85 f6 0f 84 1f 01 00 00 8b 41 2c <8b> 9b b4 00 00 00 8b 10 c1 ea 1a 85 db 8b 14 d5 c0 04 cb c1 74 
> [  206.024257] EIP: [<c12d76b4>] illegal_highdma+0x44/0x170 SS:ESP 0068:ee83ab58
> [  206.024257] CR2: 00000000000000b4
> [  206.027098] ---[ end trace 2b194fa03b7756a0 ]---

Here is the patch I did to solve this problem

[PATCH net-next-2.6] net: illegal_highdma() fix

Followup to commit 5acbbd428db47b12f137a8a2aa96b3c0a96b744e
(net: change illegal_highdma to use dma_mask)

If dev->dev.parent is NULL, we should not try to dereference it.

Dont force inline illegal_highdma() as its pretty big now.

Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
---
 net/core/dev.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index e19cdae..c6b5206 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1801,7 +1801,7 @@ EXPORT_SYMBOL(netdev_rx_csum_fault);
  * 2. No high memory really exists on this machine.
  */
 
-static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
 {
 #ifdef CONFIG_HIGHMEM
 	int i;
@@ -1814,6 +1814,8 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
 	if (PCI_DMA_BUS_IS_PHYS) {
 		struct device *pdev = dev->dev.parent;
 
+		if (!pdev)
+			return 0;
 		for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
 			dma_addr_t addr = page_to_phys(skb_shinfo(skb)->frags[i].page);
 			if (!pdev->dma_mask || addr + PAGE_SIZE - 1 > *pdev->dma_mask)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ