From: Al Viro <viro@ZenIV.linux.org.uk>
To: Dave Jones <davej@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: 3.5-rc6 dentry related GPF
Date: Mon, 16 Jul 2012 23:27:48 +0100 [thread overview]
Message-ID: <20120716222747.GR31729@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20120716215318.GA14629@redhat.com>
On Mon, Jul 16, 2012 at 05:53:18PM -0400, Dave Jones wrote:
> On Mon, Jul 16, 2012 at 10:32:18PM +0100, Al Viro wrote:
> > On Wed, Jul 11, 2012 at 12:10:12PM -0700, Linus Torvalds wrote:
> > > rdi = 54415541e5894855
> > >
> > > which looks like some odd corrupted ASCII to me ("UH\211\345AUAT") but
> > > that makes no sense either.
> >
> > It makes a lot of sense as amd64 code, though:
> >
> > 55 push %rbp
> > 48 89 e5 mov %rsp,%rbp
> > 41 55 push %r13
> > 41 54 push %r12
> >
> > IOW, it's the first 8 bytes from a fairly sane beginning of some function.
> > So &(inode->i_fop->owner) (and thus inode->i_fop - owner is the first field)
> > is some spot in .text. Would be interesting to find out what function
> > was that from (i.e. what's the value of inode->i_fop); with any luck it
> > might've still been in some register. Could you post objdump of
> > do_dentry_open() from your kernel?
>
> I've done a few rebuilds since posting that, but hopefully things haven't
> moved around too much in that area recently..
>
> http://fpaste.org/Pw5d/ is the whole open.o disassembly.
Lousy...
mov 0x200(%r14),%rax // r14 == inode, rax = inode->i_fop
test %rax,%rax // if (rax)
je 1f // {
mov (%rax),%rdi // rdi = rax->owner
callq try_module_get // rax = try_module_get(rdi);
1f:
... and the value of inode->i_fop, which somehow has turned out to be
the address of some function prologue, was only in rax. Clobbered
by the point where try_module_get() has oopsed ;-/
Alas. Looks like all we are getting out of that one is that some
function address has ended up in inode->i_fop...
prev parent reply other threads:[~2012-07-16 22:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-11 18:32 3.5-rc6 dentry related GPF Dave Jones
2012-07-11 19:10 ` Linus Torvalds
2012-07-11 19:18 ` Dave Jones
2012-07-16 21:32 ` Al Viro
2012-07-16 21:53 ` Dave Jones
2012-07-16 22:27 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120716222747.GR31729@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.