Re: 2.5.69-mm9

From: Andrew Morton (akpm@digeo.com)
Date: Sun May 25 2003 - 17:50:49 EST

Next message: Neil Brown: "Re: 2.5.69-mm9"
Previous message: Trond Myklebust: "intent patches"
In reply to: Felipe Alfaro Solana: "Re: 2.5.69-mm9"
Next in thread: Neil Brown: "Re: 2.5.69-mm9"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Felipe Alfaro Solana <felipe_alfaro@xxxxxxxxxxxxx> wrote:
>
> Unable to handle kernel paging request at virtual address c8df7014
> printing eip:
> e08d1a9b
> *pde = 00023067
> *pte = 08df7000
> Oops: 0000 [#1]
> CPU: 0
> EIP: 0060:[<e08d1a9b>] Not tainted VLI
> EFLAGS: 00010206
> EIP is at svc_udp_recvfrom+0x52b/0x560 [sunrpc]
> eax: dda32004 ebx: c8df7004 ecx: ddff0004 edx: d73ba938
> esi: c8df7004 edi: d68549c4 ebp: 0000808c esp: de3d3eec
> ds: 007b es: 007b ss: 0068
> Process nfsd (pid: 2182, threadinfo=de3d2000 task=d6490000)
> Stack: de3d3f04 d73ba938 ddff0004 c012d4b5 de3d3f04 de3d3f04 c02ea1b0 de3e1f04
> 0082863d 1d244b3c 00000000 00000005 c02b4e54 00000000 00000000 4b87ad6e
> c012d3e0 d6490000 00000000 de3d2000 d73ba938 ddff0004 00000000 e08d384e
> Call Trace:
> [<c012d4b5>] schedule_timeout+0xc5/0xe0
> [<c012d3e0>] process_timeout+0x0/0x10
> [<e08d384e>] svc_recv+0x67e/0x850 [sunrpc]
> [<c011db20>] default_wake_function+0x0/0x20
> [<e08d06c2>] svc_process+0x4e2/0x690 [sunrpc]
> [<c011db20>] default_wake_function+0x0/0x20
> [<c013167a>] sigprocmask+0x18a/0x280
> [<e090c549>] nfsd+0x289/0x7c0 [nfsd]
> [<e090c2c0>] nfsd+0x0/0x7c0 [nfsd]
> [<c0108201>] kernel_thread_helper+0x5/0x14
>
> Code: 0f 00 00 8b 4c 24 60 c1 e8 0c 0f b7 91 88 01 00 00 01 c2 66 89 91 88 01 00 00 8b 54 24 04 8b 42 14 85 c0 74 03 ff 40 08 8b 47 14 <8b> 53 10 8b 4b 14 89 90 94 01 00 00 89 88 98 01 00 00 31 c0 0f

OK, you have CONFIG_DEBUG_PAGEALLOC set. That's the patch which unmaps
pages from kernel virtual address space when they are freed.

That patch seems quite stable on uniprocessor at least - there are question
marks over its honesty on SMP.

I would be inclined to say that this is a hitherto undiscovered
use-after-free bug.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Neil Brown: "Re: 2.5.69-mm9"
Previous message: Trond Myklebust: "intent patches"
In reply to: Felipe Alfaro Solana: "Re: 2.5.69-mm9"
Next in thread: Neil Brown: "Re: 2.5.69-mm9"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]