All of lore.kernel.org
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Randy Dunlap <randy.dunlap@oracle.com>
Cc: netdev <netdev@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Karsten Keil <isdn@linux-pingi.de>
Subject: Re: Linux 2.6.38-rc4 (hysdn: BUG)
Date: Wed, 9 Feb 2011 11:44:00 -0800	[thread overview]
Message-ID: <AANLkTimUg8Dm9mZotubcgPHz8_at=_hnbeWUo-LfSALp@mail.gmail.com> (raw)
In-Reply-To: <20110209092419.2b335697.randy.dunlap@oracle.com>

[-- Attachment #1: Type: text/plain, Size: 2424 bytes --]

On Wed, Feb 9, 2011 at 9:24 AM, Randy Dunlap <randy.dunlap@oracle.com> wrote:
>
> on x86_64.  no HYSDN hardware found (correct).
> Nearly allmodconfig.
>
>
> [   65.397577] HYSDN: module Rev: 1.6.6.6 loaded
> [   65.397584] HYSDN: network interface Rev: 1.8.6.4
> [   65.398057] HYSDN: 0 card(s) found.
> [   65.398121] BUG: unable to handle kernel paging request at ffffffffa06c99f0
> [   65.398269] IP: [<ffffffffa06c68ba>] hysdn_getrev+0x2e/0x50 [hysdn]
> [   65.398379] PGD 1a14067 PUD 1a18063 PMD 6f6c1067 PTE 800000006ce8c161
> [   65.398613] Oops: 0003 [#1] SMP DEBUG_PAGEALLOC
> [   65.400030]
> [   65.400030] Pid: 2497, comm: modprobe Not tainted 2.6.38-rc4 #1 0TY565/OptiPlex 745
> [   65.400030] RIP: 0010:[<ffffffffa06c68ba>]  [<ffffffffa06c68ba>] hysdn_getrev+0x2e/0x50 [hysdn]
> [   65.400030] RSP: 0018:ffff88006eec1e68  EFLAGS: 00010206
> [   65.400030] RAX: ffffffffa06c99f1 RBX: ffffffffa06c99e9 RCX: ffff88007c4159a0

The instruction sequence decodes to

  1e:	be 24 00 00 00       	mov    $0x24,%esi
  23:	48 89 df             	mov    %rbx,%rdi
  26:	e8 5b 39 c0 e0       	callq  0xffffffffe0c03986
  2b:*	c6 40 ff 00          	movb   $0x0,-0x1(%rax)     <-- trapping instruction

which seems to be this

                p = strchr(rev, '$');
                *--p = 0;

code. And yes, it's total crap, because while "p" and "rev" are "char
*", the string that is passed in is actually of type "const char *",
so that function is seriously broken. It's also seriously broken to
not test that "p" is non-NULL - the function would just break if there
is a colon in the string but not a '$'.

And hysdn_procconf_init() passes in a constant string to the thing:

    static char *hysdn_procconf_revision = "$Revision: 1.8.6.4 $";

What happens is that it breaks when we mark the constant section as
read-only, because you have CONFIG_DEBUG_RODATA enabled.

So the fix seems to be to
 - fix the prototype for hysdn_getrev() to not have "const".
 - fix hysdn_procconf_init() to not pass in a constant string to it

The minimal patch would appear to be something like the appended. UNTESTED!

Btw, all of this code seems to go back to before the git history even
started, so it doesn't seem to be new. I assume you haven't tried
booting these all-module kernels before? Or is it just the
DEBUG_RODATA thing that is new for you?

                    Linus

[-- Attachment #2: patch.diff --]
[-- Type: text/x-patch, Size: 1685 bytes --]

 drivers/isdn/hysdn/hysdn_defs.h     |    2 +-
 drivers/isdn/hysdn/hysdn_init.c     |    2 +-
 drivers/isdn/hysdn/hysdn_procconf.c |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/isdn/hysdn/hysdn_defs.h b/drivers/isdn/hysdn/hysdn_defs.h
index 729df40..d21b4a0 100644
--- a/drivers/isdn/hysdn/hysdn_defs.h
+++ b/drivers/isdn/hysdn/hysdn_defs.h
@@ -227,7 +227,7 @@ extern hysdn_card *card_root;	/* pointer to first card */
 /*************************/
 /* im/exported functions */
 /*************************/
-extern char *hysdn_getrev(const char *);
+extern char *hysdn_getrev(char *);
 
 /* hysdn_procconf.c */
 extern int hysdn_procconf_init(void);	/* init proc config filesys */
diff --git a/drivers/isdn/hysdn/hysdn_init.c b/drivers/isdn/hysdn/hysdn_init.c
index b7cc5c2..4ba2123 100644
--- a/drivers/isdn/hysdn/hysdn_init.c
+++ b/drivers/isdn/hysdn/hysdn_init.c
@@ -53,7 +53,7 @@ static hysdn_card *card_last = NULL;	/* pointer to first card */
 /* extract revision number from string for log output */
 /******************************************************/
 char *
-hysdn_getrev(const char *revision)
+hysdn_getrev(char *revision)
 {
 	char *rev;
 	char *p;
diff --git a/drivers/isdn/hysdn/hysdn_procconf.c b/drivers/isdn/hysdn/hysdn_procconf.c
index 96b3e39..1c396e1 100644
--- a/drivers/isdn/hysdn/hysdn_procconf.c
+++ b/drivers/isdn/hysdn/hysdn_procconf.c
@@ -23,7 +23,7 @@
 #include "hysdn_defs.h"
 
 static DEFINE_MUTEX(hysdn_conf_mutex);
-static char *hysdn_procconf_revision = "$Revision: 1.8.6.4 $";
+static char hysdn_procconf_revision[] = "$Revision: 1.8.6.4 $";
 
 #define INFO_OUT_LEN 80		/* length of info line including lf */
 

  reply	other threads:[~2011-02-09 19:44 UTC|newest]

Thread overview: 64+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-08  0:23 Linux 2.6.38-rc4 Linus Torvalds
2011-02-08 10:17 ` lockdep: possible reason: unannotated irqs-off. (was: Re: Linux 2.6.38-rc4) Borislav Petkov
2011-02-08 10:41   ` Peter Zijlstra
2011-02-08 12:11     ` Yong Zhang
2011-02-08 12:14       ` [PATCH 2/2] timer: use local_bh_enable_force_wake() in del_timer_sync() Yong Zhang
2011-02-08 13:34       ` lockdep: possible reason: unannotated irqs-off. (was: Re: Linux 2.6.38-rc4) Yong Zhang
2011-02-08 13:48         ` Peter Zijlstra
2011-02-08 14:18           ` Peter Zijlstra
2011-02-08 15:15             ` Ingo Molnar
2011-02-08 15:51             ` [tip:core/urgent] Revert "lockdep, timer: Fix del_timer_sync() annotation" tip-bot for Peter Zijlstra
2011-02-09  1:46             ` lockdep: possible reason: unannotated irqs-off. (was: Re: Linux 2.6.38-rc4) Yong Zhang
2011-02-14 14:51             ` Yong Zhang
2011-02-14 18:53               ` Thomas Gleixner
2011-02-08 20:28 ` Heads up Linux 2.6.38-rc4 compile problems Eric W. Biederman
2011-02-08 20:44   ` Linus Torvalds
2011-02-09  9:01     ` Eric W. Biederman
2011-02-09 14:59       ` Alex Riesen
2011-02-09 16:02         ` Linus Torvalds
2011-02-13 17:39           ` Linus Torvalds
2011-02-14  2:04             ` Eric W. Biederman
2011-02-14  2:45               ` Linus Torvalds
2011-02-14  3:40                 ` Eric W. Biederman
2011-02-14  5:34                   ` Eric W. Biederman
2011-02-14 15:26                     ` Linus Torvalds
2011-02-14 15:37                     ` Eric W. Biederman
2011-02-14 16:37                       ` Linus Torvalds
2011-02-14 17:39                         ` Eric W. Biederman
2011-02-14 17:49                         ` Linus Torvalds
2011-02-14 18:08                           ` Linus Torvalds
2011-02-14 19:44                             ` Eric W. Biederman
2011-02-14 20:13                               ` Andrew Morton
2011-02-14 18:25                         ` Andi Kleen
2011-02-14 16:58                     ` Mike Snitzer
2011-02-15 14:07                       ` [Crash-utility] " Dave Anderson
2011-02-09 17:08 ` Linux 2.6.38-rc4 (test_nx: BUG) Randy Dunlap
2011-02-09 17:10   ` Arjan van de Ven
2011-02-17 19:33     ` Kees Cook
2011-02-09 17:24 ` Linux 2.6.38-rc4 (hysdn: BUG) Randy Dunlap
2011-02-09 17:24   ` Randy Dunlap
2011-02-09 19:44   ` Linus Torvalds [this message]
2011-02-09 21:25     ` Randy Dunlap
2011-02-09 21:57       ` David Miller
2011-02-09 22:00         ` Linus Torvalds
2011-02-09 17:26 ` Linux 2.6.38-rc4 (tty/ifx6x60: BUG) Randy Dunlap
2011-02-09 18:28   ` Alan Cox
2011-02-09 17:28 ` Linux 2.6.38-rc4 (target_core: rmmod GP fault) Randy Dunlap
2011-02-09 17:28   ` Randy Dunlap
2011-02-09 19:00   ` Linus Torvalds
2011-02-09 20:02     ` Nicholas A. Bellinger
2011-02-09 20:13       ` James Bottomley
2011-02-09 20:20         ` Nicholas A. Bellinger
2011-02-09 20:28           ` James Bottomley
2011-02-09 20:44             ` Nicholas A. Bellinger
2011-02-09 17:36 ` Linux 2.6.38-rc4 (other bugs) Randy Dunlap
2011-02-09 22:01   ` David Miller
2011-02-09 22:16     ` Randy Dunlap
2011-02-10  4:58     ` Linux 2.6.38-rc4 (other bugs: x25) Randy Dunlap
2011-02-10  5:48       ` David Miller
2011-02-10  6:29         ` Randy Dunlap
2011-02-10  6:35           ` David Miller
2011-02-10 19:34   ` Linux 2.6.38-rc4 (other bugs: ipmi Oops) Randy Dunlap
2011-02-10 20:03     ` Linus Torvalds
2011-02-10 20:08       ` Corey Minyard
2011-02-10 21:41       ` Randy Dunlap

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='AANLkTimUg8Dm9mZotubcgPHz8_at=_hnbeWUo-LfSALp@mail.gmail.com' \
    --to=torvalds@linux-foundation.org \
    --cc=isdn@linux-pingi.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=randy.dunlap@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.