Oops on ARM (was Re: 2.3.28+zoned-H2 bug?)

Russell King (rmk@arm.linux.org.uk)
Tue, 16 Nov 1999 09:36:12 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark Lord: "Re: hot(un)plugging IDE disks"
Previous message: CaT: "Re: [Fwd: DVD-ROM]"

On Sun, 14 Nov 1999, Russell King wrote:
> I've been able to get 2.3.28 with Ingo's zoned-2.3.28-H2 patch going on ARM,
> but unfortunately I keep on getting Oopses in do_fork, specifically in
> copy_fs.
>
> The oops is within the following code:
>
> tsk->fs->root = dget(current->fs->root);
>
> where the dentries count is incremented. The address seems to be the ASCII
> string 'linu'.
>
> Dumping out the contents of current->fs shows that it is valid before the
> kmalloc() but not after it. In fact, turning on poisoning in mm/slab.c
> changes the Oops address to 0x5a5a5a5a, the poison value.

Well, I'm surprised that 2.3.28 works at all tbh. I've located the cause
of the problem, which seems to be a multiple freeing of task structures.
The offending code is:

struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry)
{
...
read_lock(&tasklist_lock);
task = find_task_by_pid(pid);
if (task)
atomic_inc(&mem_map[MAP_NR(task)].count);
read_unlock(&tasklist_lock);
if (!task)
goto out;

inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);

free_task_struct(task);
...
}

Unfortunately, there is no use count associated with a task structure,
so the free_task_struct has immediate effect, freeing a (possibly
currently running) task each time you access /proc/self or /proc/<pid>.
It seems to have been introduced into 2.3.27. Here is a patch which
fixes this:

--- fs/proc/base.c.orig Sun Nov 14 01:00:06 1999
+++ fs/proc/base.c Tue Nov 16 09:32:56 1999
@@ -942,8 +942,6 @@

inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);

- free_task_struct(task);
-
if (!inode)
goto out;
inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
@@ -962,7 +960,6 @@
{
if (inode->u.proc_i.file)
fput(inode->u.proc_i.file);
- free_task_struct(inode->u.proc_i.task);
}

#define PROC_NUMBUF 10

Are we going to be moving to a use-counted task structure?
_____
|_____| ------------------------------------------------- ---+---+-
| | Russell King rmk@arm.linux.org.uk --- ---
| | | | http://www.arm.linux.org.uk/~rmk/aboutme.html / / |
| +-+-+ --- -+-
/ | THE developer of ARM Linux |+| /|\
/ | | | --- |
+-+-+ ------------------------------------------------- /\\\ |

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Lord: "Re: hot(un)plugging IDE disks"
Previous message: CaT: "Re: [Fwd: DVD-ROM]"