From: Linus Torvalds <torvalds@linux-foundation•org>
To: "Luck, Tony" <tony.luck@intel•com>
Cc: Rusty Russell <rusty@rustcorp•com.au>,
Dave Young <hidave.darkstar@gmail•com>,
Stephen Rothwell <sfr@canb•auug.org.au>,
"linux-next@vger•kernel.org" <linux-next@vger•kernel.org>,
LKML <linux-kernel@vger•kernel.org>
Subject: RE: linux-next: Tree for June 3
Date: Fri, 4 Jun 2010 15:05:01 -0700 (PDT) [thread overview]
Message-ID: <alpine.LFD.2.00.1006041452130.8175@i5.linux-foundation.org> (raw)
In-Reply-To: <987664A83D2D224EAE907B061CE93D530114C3DC47@orsmsx505.amr.corp.intel.com>
On Fri, 4 Jun 2010, Luck, Tony wrote:
>
> This almost always means that we dereferenced a NULL pointer ... though
> any access into the bottom PAGE_SIZE of kernel virtual address space
> will result in this trap. This happens on ia64 because we have a "NaT"
> page mapped at 0x0 so that speculative loads that chase NULL pointers
> at the end of lists behave more rationally.
>
> Sadly I don't have the actual address. The register that was used
> for the dereference isn't included in the OOPS output.
Ok, so it confirms just that load_module() has returned a pointer that is
either NULL or at least within PAGE_SIZE-552.
It could be a negative error pointer (and the offset of 552 turns it into
the NULL page), but that's what the whole IS_ERR() thing checks for, so
that's not the case.
So the
if (err)
return ERR_PTR(err);
case does seem pretty likely (most of them with a "goto <error-case>", but
some directly. Many of them have the stricter form of "if (err < 0)", but
there's a number that do not.
And in fact, I think I see the bad one:
/* Figure out module layout, and allocate all the memory. */
mod = layout_and_allocate(&info);
if (IS_ERR(mod))
goto free_copy;
which looks fine, but "free_copy:" expects the error number in "err",
which is what the other error cases do.
I think this was introduced by Rusty's commit 5d3f5be82944 ("module:
layout_and_allocate"), and here's a suggested fix.. The easiest fix is to
actually change the "free_copy" target to return "mod" as the above goto
expects, and then just do a conversion before the fall-through from the
other error cases (that have it in 'err').
Does this fix it? I stopped looking for other possible causes when I found
this one.
Linus
---
kernel/module.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index 69a3f12..9a0b275 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2653,9 +2653,10 @@ static struct module *load_module(void __user *umod,
module_unload_free(mod);
free_module:
module_deallocate(mod, &info);
+ mod = ERR_PTR(err);
free_copy:
free_copy(&info);
- return ERR_PTR(err);
+ return mod;
}
/* Call module constructors. */
next prev parent reply other threads:[~2010-06-04 22:10 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-03 3:47 linux-next: Tree for June 3 Stephen Rothwell
2010-06-03 7:39 ` Dave Young
2010-06-03 8:00 ` Dave Young
2010-06-03 8:16 ` Dave Young
2010-06-03 12:52 ` Rusty Russell
2010-06-04 19:46 ` Tony Luck
2010-06-04 20:04 ` Linus Torvalds
2010-06-04 20:46 ` Luck, Tony
2010-06-04 22:05 ` Linus Torvalds [this message]
2010-06-04 22:50 ` Luck, Tony
2010-06-04 22:57 ` Linus Torvalds
2010-06-05 2:39 ` Rusty Russell
2010-06-05 2:51 ` Rusty Russell
2010-06-05 4:01 ` Rusty Russell
2010-06-07 18:16 ` Luck, Tony
2010-06-03 15:46 ` linux-next: Tree for June 3 (qlcnic) Randy Dunlap
2010-06-03 17:31 ` Anirban Chakraborty
[not found] ` <20100603134753.710a64b3.sfr-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
2010-06-03 15:55 ` linux-next: Tree for June 3 (iwlwifi) Randy Dunlap
2010-06-03 17:21 ` John W. Linville
[not found] ` <20100603172114.GA14597-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>
2010-06-03 17:42 ` Guy, Wey-Yi
2010-06-03 17:45 ` reinette chatre
2010-06-03 16:39 ` [PATCH -next] classmate-laptop: fix for RFKILL=m, CMPC=y Randy Dunlap
2010-06-09 20:02 ` Thadeu Lima de Souza Cascardo
2010-06-09 20:05 ` Randy Dunlap
2010-06-09 20:11 ` Matthew Garrett
-- strict thread matches above, loose matches on Subject: below --
2011-06-03 6:38 linux-next: Tree for June 3 Stephen Rothwell
2009-06-03 9:09 Stephen Rothwell
2008-06-03 8:30 Stephen Rothwell
2008-06-04 11:28 ` Dmitri Vorobiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.00.1006041452130.8175@i5.linux-foundation.org \
--to=torvalds@linux-foundation$(echo .)org \
--cc=hidave.darkstar@gmail$(echo .)com \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-next@vger$(echo .)kernel.org \
--cc=rusty@rustcorp$(echo .)com.au \
--cc=sfr@canb$(echo .)auug.org.au \
--cc=tony.luck@intel$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox