Samsung Enterprise Portal mySingle

From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailout1.samsung.com (mailout1.samsung.com [203.254.224.24]) by ozlabs.org (Postfix) with ESMTP id 5356A67ED6 for ; Thu, 11 Aug 2005 13:02:57 +1000 (EST) Received: from ep_ms13_bk (mailout1.samsung.com [203.254.224.24]) by mailout1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IL1009S4EO6G3@mailout1.samsung.com> for linuxppc-dev@ozlabs.org; Thu, 11 Aug 2005 11:52:54 +0900 (KST) Received: from ep_spt01 (ms13.samsung.com [203.254.225.109]) by ms13.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IL100L2HEO6NG@ms13.samsung.com> for linuxppc-dev@ozlabs.org; Thu, 11 Aug 2005 11:52:54 +0900 (KST) Date: Thu, 11 Aug 2005 02:52:47 +0000 (GMT) From: V MURAHARI To: "linuxppc-dev@ozlabs.org" Message-id: <0IL100L2IEO6NG@ms13.samsung.com> MIME-version: 1.0 Content-type: text/html; charset=windows-1252 Subject: copy_from_user problem Reply-To: murahari@samsung.com List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Samsung Enterprise Portal mySingle

Hello,

I am working on a character driver for reading and writing the registers to FPGA in our system.

I am using driver ioctl to read/write to these registers of FPGA. As the function call to the ioctl is being made, the printk trace shows that the call goes to switch->copy_from_user. As soon as the call is made to copy_from_user, the kernel crashes

Can someone help me with this problem?

***************************************************************************************************

Unhandled kernel unaligned access in unaligned.c::emulate_load_store_insn, line 483

$0 : 00000000 10001f00 8fbf0034 02a01021 801157a0 8fe8e000 10001f00 ffff00ff

$8 : 8fe8ffe0 00001f00 00000000 00000003 74652053 8fe9fed8 0000000a 50434942

$16: 10001f01 00000001 801157a0 0000000f 8fe8fee8 00000104 00000000 0000000f

$24: 00000000 2ac0fdb0 8fe8e000 8fe8fe38 00000001 8012010c

Hi : 00000000

Lo : 00000000

epc : 8011f774 Tainted: GF

Status: 10001f02

Cause : 00800014

Process rsgbm (pid: 317, stackpage=8fe8e000)

Stack: 802d920a 0000000a 10001f01 0000003c 10001f01 0000003c 8012010c

80120104 caa8f356 8fe82008 8fe82000 0000000f 00000000 7fff7d00 7fff7d00

0000c001 00000003 10012808 ffffffff caa8e548 00004000 8fe9e272 00000150

7fff7d00 ffffffea 00000000 00000240 8fe82000 00000000 00000001 00000001

7ebff310 00000000 0000000f 8fef24e0 00000004 7ebff3e8 00000000 0000002e

80159c6c ...

Call Trace: [<8012010c>] [<80120104>] [<caa8f356>] [<caa8e548>] [<80159c6c>]

[<8010a5c4>] [<80271dc4>]

Code: 8c820004 24110001 ac430000 <ac620004> ac800000 ac800004 ac800000 ac800004

8f820004

Unit Fault Handler !!! (INDEX=10)

**************************************************************************************************

int

chr1_ioctl(struct inode *ino, struct file *filp, unsigned int cmd,

unsigned long arg)

{

int ret = 0;

n2_debug_rw_reg *dw;

switch(cmd)

{

case IOCTL_WIN_DEBUG_READ_CODE:

{

n2_debug_rw_reg test;

printk("%s %d\n", current->comm, current->pid);

printk("%lx\n", arg);

copy_from_user(&test, (n2_debug_rw_reg*)arg, sizeof(n2_debug_rw_reg));

printk("%lx %lx\n", ((n2_debug_rw_reg*)arg)->data, ((n2_debug_rw_reg*)arg)->

addr);

}

Thanks & Regards,

--Murahari

From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from moutvdomng.kundenserver.de (moutvdom.kundenserver.de [212.227.126.249]) by ozlabs.org (Postfix) with ESMTP id C23D768086 for ; Thu, 11 Aug 2005 21:14:30 +1000 (EST) Message-ID: <42FB3048.7000202@anagramm.de> Date: Thu, 11 Aug 2005 13:02:32 +0200 From: Clemens Koller MIME-Version: 1.0 To: murahari@samsung.com References: <0IL100L2IEO6NG@ms13.samsung.com> In-Reply-To: <0IL100L2IEO6NG@ms13.samsung.com> Content-Type: text/plain; charset=windows-1252; format=flowed Cc: "linuxppc-dev@ozlabs.org" Subject: Re: copy_from_user problem List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi, Murahari! > I am working on a character driver for reading and writing the registers to FPGA > in our system. You didn't tell much about your system. But checkout the examples in the book "Linux Device Drivers, 3rd Edition". (http://lwn.net/images/pdf/LDD3/) which is worth buying, too! You might be missing some simple __user casts for your data structures you want to copy... And you might need to ioremap the memory area of your fpga or whatever you need to access. > epc : 8011f774 Tainted: GF ^^^^^^^^^^^ And you might end up with less support here if you use a tainted Kernel. Greets, Clemens Koller _______________________________ R&D Imaging Devices Anagramm GmbH Rupert-Mayer-Str. 45/1 81379 Muenchen Germany http://www.anagramm.de Phone: +49-89-741518-50 Fax: +49-89-741518-19 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpauth05.mail.atl.earthlink.net (smtpauth05.mail.atl.earthlink.net [209.86.89.65]) by ozlabs.org (Postfix) with ESMTP id AA9E667EB7 for ; Fri, 12 Aug 2005 00:39:06 +1000 (EST) From: "T Michael Turney" To: , Date: Thu, 11 Aug 2005 07:29:21 -0700 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0017_01C59E46.64070C50" In-Reply-To: <0IL100L2IEO6NG@ms13.samsung.com> Subject: RE: copy_from_user problem List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , This is a multi-part message in MIME format. ------=_NextPart_000_0017_01C59E46.64070C50 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Samsung Enterprise Portal mySingleMurahari, I always start simple and work up to the harder things. Try to access a single long word in the ioctl, e.g., int chr1_ioctl(struct inode *ino, struct file *filp, unsigned int cmd, unsigned long arg) { int ret = 0; unsigned int userdata; switch(cmd) { case IOCTL_WIN_DEBUG_READ_CODE: { ret = get_user(userdata, (unsigned int *)arg); ...... } } } The two O'Reilly books, Linux Device Drivers and Understanding the Linux Kernel are also good references for how to use the get_user and copy_from_user macros. Hope this helps. Cheers, T.mike -----Original Message----- From: linuxppc-dev-bounces@ozlabs.org [mailto:linuxppc-dev-bounces@ozlabs.org]On Behalf Of V MURAHARI Sent: Wednesday, August 10, 2005 7:53 PM To: linuxppc-dev@ozlabs.org Subject: copy_from_user problem Hello, I am working on a character driver for reading and writing the registers to FPGA in our system. I am using driver ioctl to read/write to these registers of FPGA. As the function call to the ioctl is being made, the printk trace shows that the call goes to switch->copy_from_user. As soon as the call is made to copy_from_user, the kernel crashes Can someone help me with this problem? **************************************************************************** *********************** Unhandled kernel unaligned access in unaligned.c::emulate_load_store_insn, line 483 : $0 : 00000000 10001f00 8fbf0034 02a01021 801157a0 8fe8e000 10001f00 ffff00ff $8 : 8fe8ffe0 00001f00 00000000 00000003 74652053 8fe9fed8 0000000a 50434942 $16: 10001f01 00000001 801157a0 0000000f 8fe8fee8 00000104 00000000 0000000f $24: 00000000 2ac0fdb0 8fe8e000 8fe8fe38 00000001 8012010c Hi : 00000000 Lo : 00000000 epc : 8011f774 Tainted: GF Status: 10001f02 Cause : 00800014 Process rsgbm (pid: 317, stackpage=8fe8e000) Stack: 802d920a 0000000a 10001f01 0000003c 10001f01 0000003c 8012010c 80120104 caa8f356 8fe82008 8fe82000 0000000f 00000000 7fff7d00 7fff7d00 0000c001 00000003 10012808 ffffffff caa8e548 00004000 8fe9e272 00000150 7fff7d00 ffffffea 00000000 00000240 8fe82000 00000000 00000001 00000001 7ebff310 00000000 0000000f 8fef24e0 00000004 7ebff3e8 00000000 0000002e 80159c6c ... Call Trace: [<8012010c>] [<80120104>] [] [] [<80159c6c>] [<8010a5c4>] [<80271dc4>] Code: 8c820004 24110001 ac430000 ac800000 ac800004 ac800000 ac800004 8f820004 Unit Fault Handler !!! (INDEX=10) **************************************************************************** ********************** int chr1_ioctl(struct inode *ino, struct file *filp, unsigned int cmd, unsigned long arg) { int ret = 0; n2_debug_rw_reg *dw; switch(cmd) { case IOCTL_WIN_DEBUG_READ_CODE: { n2_debug_rw_reg test; printk("%s %d\n", current->comm, current->pid); printk("%lx\n", arg); copy_from_user(&test, (n2_debug_rw_reg*)arg, sizeof(n2_debug_rw_reg)); printk("%lx %lx\n", ((n2_debug_rw_reg*)arg)->data, ((n2_debug_rw_reg*)arg)-> addr); } } } Thanks & Regards, --Murahari ------=_NextPart_000_0017_01C59E46.64070C50 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Samsung Enterprise Portal mySingle

Murahari,

I=20 always start simple and work up to the harder things. Try to = access a=20 single

long=20 word in the ioctl, e.g.,

int

chr1_ioctl(struct inode *ino, struct file = *filp, unsigned=20 int cmd, unsigned long = arg)

{

int ret =3D 0;

= unsigned int=20 userdata;

switch(cmd)

{

case=20 IOCTL_WIN_DEBUG_READ_CODE:

{

ret =3D=20 get_user(userdata, (unsigned int *)arg);

......

}

The = two O'Reilly=20 books, Linux Device Drivers and Understanding the Linux Kernel are also=20 good

references for how=20 to use the get_user and copy_from_user macros.

Hope = this=20 helps.

Cheers,

T.mike

-----Original Message-----
From:=20 linuxppc-dev-bounces@ozlabs.org = [mailto:linuxppc-dev-bounces@ozlabs.org]On=20 Behalf Of V MURAHARI
Sent: Wednesday, August 10, 2005 = 7:53=20 PM
To: linuxppc-dev@ozlabs.org
Subject: = copy_from_user=20 problem

Hello,=20
I am working on a character driver for reading and writing the = registers to=20 FPGA in our system.

I am using driver ioctl to read/write to these registers of FPGA. = As the=20 function call to the ioctl is being made, the printk trace shows that = the call=20 goes to switch->copy_from_user. As soon as the call is made to=20 copy_from_user, the kernel crashes

Can someone help me with this problem?

=
**********************************************************************= *****************************

Unhandled kernel unaligned access in=20 unaligned.c::emulate_load_store_insn, line 483

:

$0 : 00000000 10001f00 8fbf0034 02a01021 801157a0 8fe8e000 10001f00 = ffff00ff

$8 : 8fe8ffe0 00001f00 00000000 00000003 74652053 8fe9fed8 0000000a = 50434942

$16: 10001f01 00000001 801157a0 0000000f 8fe8fee8 00000104 00000000 = 0000000f

$24: 00000000 2ac0fdb0=20 =             &= nbsp;     8fe8e000=20 8fe8fe38 00000001 8012010c

Hi : 00000000

Lo : 00000000

epc : 8011f774    Tainted: GF

Status: 10001f02

Cause : 00800014

Process rsgbm (pid: 317, stackpage=3D8fe8e000)

Stack:    802d920a 0000000a 10001f01 0000003c = 10001f01=20 0000003c 8012010c

80120104 caa8f356 8fe82008 8fe82000 0000000f 00000000 = 7fff7d00=20 7fff7d00

0000c001 00000003 10012808 ffffffff caa8e548 00004000 = 8fe9e272=20 00000150

7fff7d00 ffffffea 00000000 00000240 8fe82000 00000000 = 00000001=20 00000001

7ebff310 00000000 0000000f 8fef24e0 00000004 7ebff3e8 = 00000000=20 0000002e

80159c6c ...

Call Trace:   [<8012010c>] [<80120104>]=20 [<caa8f356>] [<caa8e548>] [<80159c6c>]

[<8010a5c4>] [<80271dc4>]

Code: 8c820004 24110001 ac430000 <ac620004> = ac800000=20 ac800004 ac800000 ac800004

  8f820004

Unit Fault Handler !!! (INDEX=3D10)
=
**********************************************************************= ****************************

int

chr1_ioctl(struct inode *ino, struct file *filp, unsigned int = cmd,

      unsigned long arg)

{

   int ret =3D 0;

   n2_debug_rw_reg *dw;

   switch(cmd)

   {

      case = IOCTL_WIN_DEBUG_READ_CODE:

      {

   n2_debug_rw_reg test;

        printk("%s %d\n",=20 current->comm, current->pid);

        printk("%lx\n", = arg);
=
        copy_from_user(&te= st,=20 (n2_debug_rw_reg*)arg, sizeof(n2_debug_rw_reg));

        printk("%lx %lx\n", = ((n2_debug_rw_reg*)arg)->data, ((n2_debug_rw_reg*)arg)->

addr);

         }

}

}

Thanks & Regards,

--Murahari

------=_NextPart_000_0017_01C59E46.64070C50-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "e31.co.us.ibm.com", Issuer "Equifax" (verified OK)) by ozlabs.org (Postfix) with ESMTP id 7EF21DDE07 for ; Tue, 26 Feb 2008 12:47:41 +1100 (EST) Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com [9.17.195.106]) by e31.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1Q1ld13023615 for ; Mon, 25 Feb 2008 20:47:39 -0500 Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay04.boulder.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1Q1lcih101932 for ; Mon, 25 Feb 2008 18:47:39 -0700 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1Q1lc9g026883 for ; Mon, 25 Feb 2008 18:47:38 -0700 Received: from [127.0.0.1] (9-10-86-150.rchland.ibm.com [9.10.86.150]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m1Q1lcxp026875 for ; Mon, 25 Feb 2008 18:47:38 -0700 Message-ID: <47C36FBA.1030600@us.ibm.com> Date: Mon, 25 Feb 2008 19:47:38 -0600 From: Maynard Johnson MIME-Version: 1.0 To: linuxppc-dev@ozlabs.org Subject: copy_from_user problem Content-Type: text/plain; charset=ISO-8859-1; format=flowed Reply-To: maynardj@us.ibm.com List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi, I'm developing a kernel module that needs to parse the in-memory ELF objects for a shared library (libc, to be specific). When running my test on a 32-bit library, it works fine, but for a 64-bit library, the very first copy_from_user() fails: Elf64_Ehdr ehdr; copy_from_user(&ehdr, location_of_lib, sizeof(Elf64_Ehdr); I talked this over a bit with Will Schmidt. He determined that access_ok (being done as a result of copy_from_user) was failing, but we don't know why. I have 32-bit and 64-bit testcases that start up and then pause, waiting for input. We look at the entry for libc in /proc//maps, and the permissions are the same for both 32-bit and 64-bit. I've run this test on both a stock SLES 10 SP1 kernel and on 2.6.24. I'm sure this is a user error, but for the life of me, I don't know what I'm doing wrong. Can anyone out there help? Thanks. Maynard Johnson LTC POWER Toolchain From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTP id 69AD0DDDEE for ; Tue, 26 Feb 2008 13:57:00 +1100 (EST) Subject: Re: copy_from_user problem From: Benjamin Herrenschmidt To: maynardj@us.ibm.com In-Reply-To: <47C36FBA.1030600@us.ibm.com> References: <47C36FBA.1030600@us.ibm.com> Content-Type: text/plain Date: Tue, 26 Feb 2008 13:56:39 +1100 Message-Id: <1203994599.15052.84.camel@pasglop> Mime-Version: 1.0 Cc: linuxppc-dev@ozlabs.org Reply-To: benh@kernel.crashing.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Mon, 2008-02-25 at 19:47 -0600, Maynard Johnson wrote: > Hi, > I'm developing a kernel module that needs to parse the in-memory ELF > objects for a shared library (libc, to be specific). When running my > test on a 32-bit library, it works fine, but for a 64-bit library, the > very first copy_from_user() fails: > Elf64_Ehdr ehdr; > copy_from_user(&ehdr, location_of_lib, sizeof(Elf64_Ehdr); > > I talked this over a bit with Will Schmidt. He determined that > access_ok (being done as a result of copy_from_user) was failing, but we > don't know why. I have 32-bit and 64-bit testcases that start up and > then pause, waiting for input. We look at the entry for libc in > /proc//maps, and the permissions are the same for both 32-bit and > 64-bit. > > I've run this test on both a stock SLES 10 SP1 kernel and on 2.6.24. > I'm sure this is a user error, but for the life of me, I don't know what > I'm doing wrong. > > Can anyone out there help? I would have to look at the code. Ben. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <18371.41934.106111.627351@cargo.ozlabs.ibm.com> Date: Tue, 26 Feb 2008 16:29:50 +1100 From: Paul Mackerras To: maynardj@us.ibm.com Subject: Re: copy_from_user problem In-Reply-To: <47C36FBA.1030600@us.ibm.com> References: <47C36FBA.1030600@us.ibm.com> Cc: linuxppc-dev@ozlabs.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Maynard Johnson writes: > I'm developing a kernel module that needs to parse the in-memory ELF > objects for a shared library (libc, to be specific). When running my > test on a 32-bit library, it works fine, but for a 64-bit library, the > very first copy_from_user() fails: > Elf64_Ehdr ehdr; > copy_from_user(&ehdr, location_of_lib, sizeof(Elf64_Ehdr); Should be OK provided location_of_lib is a user address. I assume you know that copy_from_user returns the number of bytes *not* copied, hence a 0 return means success. > I talked this over a bit with Will Schmidt. He determined that > access_ok (being done as a result of copy_from_user) was failing, but we I suggest you print out the value of location_of_lib just to sanity-check it. Paul. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "e35.co.us.ibm.com", Issuer "Equifax" (verified OK)) by ozlabs.org (Postfix) with ESMTP id 03010DDF03 for ; Wed, 27 Feb 2008 01:49:40 +1100 (EST) Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e35.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1QEnaPY006484 for ; Tue, 26 Feb 2008 09:49:36 -0500 Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1QEnUhg201648 for ; Tue, 26 Feb 2008 07:49:31 -0700 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1QEnS1f006081 for ; Tue, 26 Feb 2008 07:49:28 -0700 Message-ID: <47C426F8.7070203@us.ibm.com> Date: Tue, 26 Feb 2008 08:49:28 -0600 From: Maynard Johnson MIME-Version: 1.0 To: benh@kernel.crashing.org Subject: Re: copy_from_user problem References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> In-Reply-To: <1203994599.15052.84.camel@pasglop> Content-Type: multipart/mixed; boundary="------------000504030706060407050108" Cc: linuxppc-dev@ozlabs.org Reply-To: maynardj@us.ibm.com List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , This is a multi-part message in MIME format. --------------000504030706060407050108 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Benjamin Herrenschmidt wrote: > On Mon, 2008-02-25 at 19:47 -0600, Maynard Johnson wrote: >> Hi, >> I'm developing a kernel module that needs to parse the in-memory ELF >> objects for a shared library (libc, to be specific). When running my >> test on a 32-bit library, it works fine, but for a 64-bit library, the >> very first copy_from_user() fails: >> Elf64_Ehdr ehdr; >> copy_from_user(&ehdr, location_of_lib, sizeof(Elf64_Ehdr); >> >> I talked this over a bit with Will Schmidt. He determined that >> access_ok (being done as a result of copy_from_user) was failing, but we >> don't know why. I have 32-bit and 64-bit testcases that start up and >> then pause, waiting for input. We look at the entry for libc in >> /proc//maps, and the permissions are the same for both 32-bit and >> 64-bit. >> >> I've run this test on both a stock SLES 10 SP1 kernel and on 2.6.24. >> I'm sure this is a user error, but for the life of me, I don't know what >> I'm doing wrong. >> >> Can anyone out there help? > > I would have to look at the code. Ben, I've pared down the code to a minimal testcase and attached the source file. Here are the makefile rules to build it: ---------------------------------------------- obj-m := uaccess_test.o KDIR := /lib/modules/$(shell uname -r)/build PWD := $(shell pwd) default: $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules clean: rm -f *.mod.c *.ko *.o .*.cmd rm -rf .tmp_versions ---------------------------------------------- Instructions: 1. Write a simple C program that will pause, waiting for input, so that you can obtain the address of libc to pass into the uaccess_test kernel module. For example: #include int main(void) { printf("Press Enter to continue.\n"); getchar(); return 0; } -------------- 2. Compile C program as 32-bit; then run it. While the program is waiting for input, obtain its PID and do 'cat /proc//maps' to get the address of where libc is loaded. 3. From the dir where you build the uaccess_test kernel module: 'insmod ./uaccess_test.ko lib_addr=0x' This should succeed. dmesg to verify. 4. Unload the module. 5. Recompile your C program with -m64; start it up and obtain the address of libc again (now a 64-bit address). 6. Load the uaccess_test kernel module and pass 'lib_addr=0x'. Note that this time, the load fails. dmesg to see debug printk's. Thanks for any light you can shed on this! -Maynard > > Ben. > > --------------000504030706060407050108 Content-Type: text/plain; name="uaccess_test.c" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="uaccess_test.c" #include #include #include #include static long lib_addr; module_param(lib_addr, long, 0); MODULE_PARM_DESC(lib_addr, "lib_addr"); static unsigned long parse_elf64(unsigned long start_loc) { Elf64_Ehdr * ehdr; int ret = 0; ehdr = kmalloc(sizeof(Elf64_Ehdr), GFP_KERNEL); if (copy_from_user((void *)ehdr, (void *) start_loc, sizeof(Elf64_Ehdr))) { printk("cannot get Elf64_Ehdr from " "start_loc %lx\n", start_loc); goto out; } if (ehdr->e_ident[EI_CLASS] != ELFCLASS64) { printk("EI_CLASS of Elf64_Hdr is incorrect! %d\n", ehdr->e_ident[EI_CLASS]); goto out; } if (ehdr->e_type != ET_DYN) { printk(KERN_INFO "LPA: " "%s, line %d: Unexpected e_type %u parsing ELF\n", __FUNCTION__, __LINE__, ehdr->e_type); goto out; } ret = ehdr->e_ident[EI_CLASS]; printk(KERN_INFO "Elf class from Ehdr is %d\n", ret); out: return ret; } static unsigned long parse_elf32(unsigned long start_loc) { Elf32_Ehdr ehdr; int ret = 0; if (copy_from_user(&ehdr, (void *) start_loc, sizeof (ehdr))) goto out; if (ehdr.e_ident[EI_CLASS] != ELFCLASS32) goto out; if (ehdr.e_type != ET_DYN) { printk(KERN_INFO "%s, line %d: Unexpected e_type %u parsing ELF\n", __FUNCTION__, __LINE__, ehdr.e_type); goto out; } ret = ehdr.e_ident[EI_CLASS]; printk(KERN_INFO "Elf class from Ehdr is %d\n", ret); out: return ret; } int find_ehdr(unsigned long start_loc) { int ret = 0; if (!(ret = parse_elf32(start_loc))) ret = parse_elf64(start_loc); return ret; } int __init init_module(void) { if (!(find_ehdr(lib_addr))) { printk(KERN_INFO "uaccess test failed\n"); return -1; } printk(KERN_INFO "uaccess test succeeded\n"); return 0; } void __exit cleanup_module(void) { } MODULE_LICENSE("GPL"); --------------000504030706060407050108-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sasl.smtp.pobox.com (a-sasl-fastnet.sasl.smtp.pobox.com [207.106.133.19]) by ozlabs.org (Postfix) with ESMTP id 0BBA6DDE18 for ; Wed, 27 Feb 2008 02:02:00 +1100 (EST) Date: Tue, 26 Feb 2008 09:01:38 -0600 From: Nathan Lynch To: Maynard Johnson Subject: Re: copy_from_user problem Message-ID: <20080226150138.GD16241@localdomain> References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> <47C426F8.7070203@us.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <47C426F8.7070203@us.ibm.com> Cc: linuxppc-dev@ozlabs.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Maynard Johnson wrote: > > static long lib_addr; > module_param(lib_addr, long, 0); ^^^^ Should be unsigned long? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sasl.smtp.pobox.com (a-sasl-fastnet.sasl.smtp.pobox.com [207.106.133.19]) by ozlabs.org (Postfix) with ESMTP id 188E3DDEC8 for ; Wed, 27 Feb 2008 02:30:52 +1100 (EST) Date: Tue, 26 Feb 2008 09:30:24 -0600 From: Nathan Lynch To: Maynard Johnson Subject: Re: copy_from_user problem Message-ID: <20080226153024.GE16241@localdomain> References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> <47C426F8.7070203@us.ibm.com> <20080226150138.GD16241@localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <20080226150138.GD16241@localdomain> Cc: linuxppc-dev@ozlabs.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Nathan Lynch wrote: > Maynard Johnson wrote: > > > > static long lib_addr; > > module_param(lib_addr, long, 0); > ^^^^ > Should be unsigned long? ulong, rather, but that doesn't fix it. In any case, lib_addr is a user virtual address; doesn't the kernel need to do get_user_pages or some such to get at arbitrary process memory? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e32.co.us.ibm.com (e32.co.us.ibm.com [32.97.110.150]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "e32.co.us.ibm.com", Issuer "Equifax" (verified OK)) by ozlabs.org (Postfix) with ESMTP id 89B30DDDF7 for ; Wed, 27 Feb 2008 02:36:59 +1100 (EST) Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e32.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1QFaS8o006627 for ; Tue, 26 Feb 2008 10:36:28 -0500 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1QFauww207546 for ; Tue, 26 Feb 2008 08:36:56 -0700 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1QFatmP023212 for ; Tue, 26 Feb 2008 08:36:55 -0700 Message-ID: <47C43217.6060800@us.ibm.com> Date: Tue, 26 Feb 2008 09:36:55 -0600 From: Maynard Johnson MIME-Version: 1.0 To: Nathan Lynch Subject: Re: copy_from_user problem References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> <47C426F8.7070203@us.ibm.com> <20080226150138.GD16241@localdomain> In-Reply-To: <20080226150138.GD16241@localdomain> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Cc: linuxppc-dev@ozlabs.org Reply-To: maynardj@us.ibm.com List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Nathan Lynch wrote: > Maynard Johnson wrote: >> static long lib_addr; >> module_param(lib_addr, long, 0); > ^^^^ > Should be unsigned long? Right. I switched this to 'ulong', but that didn't make a difference in my test results. > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTP id C6B0FDDE05 for ; Wed, 27 Feb 2008 10:23:16 +1100 (EST) Subject: Re: copy_from_user problem From: Benjamin Herrenschmidt To: maynardj@us.ibm.com In-Reply-To: <47C426F8.7070203@us.ibm.com> References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> <47C426F8.7070203@us.ibm.com> Content-Type: text/plain Date: Wed, 27 Feb 2008 10:22:26 +1100 Message-Id: <1204068146.15052.188.camel@pasglop> Mime-Version: 1.0 Cc: linuxppc-dev@ozlabs.org Reply-To: benh@kernel.crashing.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Tue, 2008-02-26 at 08:49 -0600, Maynard Johnson wrote: > 2. Compile C program as 32-bit; then run it. While the program is > waiting for input, obtain its PID and do 'cat /proc//maps' to > get > the address of where libc is loaded. > 3. From the dir where you build the uaccess_test kernel module: > 'insmod ./uaccess_test.ko lib_addr=0x' > This should succeed. dmesg to verify. > 4. Unload the module. > 5. Recompile your C program with -m64; start it up and obtain the > address of libc again (now a 64-bit address). > 6. Load the uaccess_test kernel module and pass > 'lib_addr=0x'. Note that this time, the load fails. > dmesg to see debug printk's. Sounds to me that your kernel module will try to copy_from_user() from the user context of ... insmod :-) You need to do your copy_from_user() from within the context of the program you try to access the memory from ! If you need to access another context than the current one, you then need to use a different mechanism, such as get_user_pages(), though beware that you can only do that for memory, not SPE local store or register mappings. Ben. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "e36.co.us.ibm.com", Issuer "Equifax" (verified OK)) by ozlabs.org (Postfix) with ESMTP id 9C423DDE05 for ; Wed, 27 Feb 2008 23:28:05 +1100 (EST) Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e36.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1RCS1MH002154 for ; Wed, 27 Feb 2008 07:28:01 -0500 Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1RCS15H207444 for ; Wed, 27 Feb 2008 05:28:01 -0700 Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1RCS1xn013956 for ; Wed, 27 Feb 2008 05:28:01 -0700 Message-ID: <47C5574D.2090409@us.ibm.com> Date: Wed, 27 Feb 2008 06:27:57 -0600 From: Maynard Johnson MIME-Version: 1.0 To: benh@kernel.crashing.org Subject: Re: copy_from_user problem References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> <47C426F8.7070203@us.ibm.com> <1204068146.15052.188.camel@pasglop> In-Reply-To: <1204068146.15052.188.camel@pasglop> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Cc: linuxppc-dev@ozlabs.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Benjamin Herrenschmidt wrote: > On Tue, 2008-02-26 at 08:49 -0600, Maynard Johnson wrote: > >> 2. Compile C program as 32-bit; then run it. While the program is >> waiting for input, obtain its PID and do 'cat /proc//maps' to >> get >> the address of where libc is loaded. >> 3. From the dir where you build the uaccess_test kernel module: >> 'insmod ./uaccess_test.ko lib_addr=0x' >> This should succeed. dmesg to verify. >> 4. Unload the module. >> 5. Recompile your C program with -m64; start it up and obtain the >> address of libc again (now a 64-bit address). >> 6. Load the uaccess_test kernel module and pass >> 'lib_addr=0x'. Note that this time, the load fails. >> dmesg to see debug printk's. >> > > Sounds to me that your kernel module will try to copy_from_user() from > the user context of ... insmod :-) > Yeah, that's probably the problem (along with my lack of understanding how VM works -- heh). I guess I was just getting lucky with the 32-bit test in that the 32-bit libc was being loaded for my insmod process at the same virtual memory address as for my C test program. > You need to do your copy_from_user() from within the context of the > program you try to access the memory from ! > Can't do that in the "real" code I'm developing, so I guess I'll need to use get_user_pages. Hmmm . . . not quite as simple to use as copy_from_user, and I don't see any doc on it. But at least I've found a couple examples in the kernel tree. > If you need to access another context than the current one, you then > need to use a different mechanism, such as get_user_pages(), though > beware that you can only do that for memory, not SPE local store or > register mappings. > The "real" code I'm developing is targeted at POWER, not Cell. Thanks, Ben! -Maynard > Ben. > > > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by ozlabs.org (Postfix) with ESMTP id 8622DDDDEF for ; Wed, 27 Feb 2008 23:40:19 +1100 (EST) From: Arnd Bergmann To: linuxppc-dev@ozlabs.org Subject: Re: copy_from_user problem Date: Wed, 27 Feb 2008 13:40:02 +0100 References: <47C36FBA.1030600@us.ibm.com> <1204068146.15052.188.camel@pasglop> <47C5574D.2090409@us.ibm.com> In-Reply-To: <47C5574D.2090409@us.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200802271340.02930.arnd@arndb.de> List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Wednesday 27 February 2008, Maynard Johnson wrote: > > Sounds to me that your kernel module will try to copy_from_user() from > > the user context of ... insmod :-) > > =A0=20 > Yeah, that's probably the problem (along with my lack of understanding=20 > how VM works =A0-- heh). =A0I guess I was just getting lucky with the 32-= bit=20 > test in that the 32-bit libc was being loaded for my insmod process at=20 > the same virtual memory address as for my C test program. > > You need to do your copy_from_user() from within the context of the > > program you try to access the memory from ! > > =A0=20 > Can't do that in the "real" code I'm developing, so I guess I'll need to= =20 > use get_user_pages. =A0Hmmm . . . not quite as simple to use as=20 > copy_from_user, and I don't see any doc on it. =A0But at least I've found= =20 > a couple examples in the kernel tree. Are you sure that this has to run in kernel space? You may be able to do the same thing with ptrace() from another user process, which is normally a lot easier to do, especially if you're not familiar with all the corner cases in powerpc linux memory management. > > If you need to access another context than the current one, you then > > need to use a different mechanism, such as get_user_pages(), though > > beware that you can only do that for memory, not SPE local store or > > register mappings. > > =A0=20 > The "real" code I'm developing is targeted at POWER, not Cell. Cell systems are compliant to the Power architecture and they run the same software, so you should at least make sure you have error handling in place to deal with an access of SPU local store pages and don't cause random crashes. Arnd <>< From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTP id 56D13DDE3B for ; Thu, 28 Feb 2008 07:25:25 +1100 (EST) Subject: Re: copy_from_user problem From: Benjamin Herrenschmidt To: Maynard Johnson In-Reply-To: <47C5574D.2090409@us.ibm.com> References: <47C36FBA.1030600@us.ibm.com> <1203994599.15052.84.camel@pasglop> <47C426F8.7070203@us.ibm.com> <1204068146.15052.188.camel@pasglop> <47C5574D.2090409@us.ibm.com> Content-Type: text/plain Date: Thu, 28 Feb 2008 07:24:51 +1100 Message-Id: <1204143891.15052.244.camel@pasglop> Mime-Version: 1.0 Cc: linuxppc-dev@ozlabs.org Reply-To: benh@kernel.crashing.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Wed, 2008-02-27 at 06:27 -0600, Maynard Johnson wrote: > Can't do that in the "real" code I'm developing, so I guess I'll need to > use get_user_pages. Hmmm . . . not quite as simple to use as > copy_from_user, and I don't see any doc on it. But at least I've found > a couple examples in the kernel tree. We can help you if you tell us more about the "real" code. Ben.