Re: 2.6.12-rc6-mm1 oops on startup.

James Courtier-Dutton <[email protected]> wrote:
>
> I have used the kernel.org normal kernel, and it compiles and boots fine.
>  I then use exactly the same .config file for the 2.6.12-rc6-mm1 and it
>  fails to boot.

It's due to the fork notifier code.  Set CONFIG_FORK_CONNECTOR=n and you
should be OK.

The oops is detected by CONFIG_DEBUG_PAGEALLOC.  It's good that you're
running with CONFIG_DEBUG_PAGEALLOC, but be aware that it uses tons of
memory and will slow down smaller machines quite a lot.


Here:

	if (clone_flags & CLONE_VFORK) {
		wait_for_completion(&vfork);
		if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
			ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
	}

	fork_connector(current->tgid, current->pid,
	               p->tgid, p->pid);

Someone does a call_usermodehelper() which uses CLONE_VFORK.  The new
process at `p' exits quickly so when the parent returns from
wait_for_completion() it is left with freed memory at *p.  When the parent
tries to reference p->pid we oops due to the use-after-free bug.

Guillaume, I'll do this for now:

--- 25/kernel/fork.c~connector-add-a-fork-connector-use-after-free-fix	2005-06-21 23:46:35.000000000 -0700
+++ 25-akpm/kernel/fork.c	2005-06-21 23:46:58.000000000 -0700
@@ -1248,14 +1248,15 @@ long do_fork(unsigned long clone_flags,
 			ptrace_notify ((trace << 8) | SIGTRAP);
 		}
 
+		fork_connector(current->tgid, current->pid, p->tgid, p->pid);
+
 		if (clone_flags & CLONE_VFORK) {
+
 			wait_for_completion(&vfork);
 			if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
-				ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
+				ptrace_notify((PTRACE_EVENT_VFORK_DONE << 8) |
+						SIGTRAP);
 		}
-
-		fork_connector(current->tgid, current->pid,
-		               p->tgid, p->pid);
 	} else {
 		free_pidmap(pid);
 		pid = PTR_ERR(p);
_


But you need to work out what semantics you want for vfork()?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: 2.6.12-rc6-mm1 oops on startup.
    • From: James Courtier-Dutton <[email protected]>
  • Re: 2.6.12-rc6-mm1 oops on startup.
    • From: Guillaume Thouvenin <[email protected]>

• References:
  • 2.6.12-rc6-mm1 oops on startup.
    • From: James Courtier-Dutton <[email protected]>

• Prev by Date: Re: -mm -> 2.6.13 merge status (fuse)
• Next by Date: Re: [patch 1/16] s390: klist bus_find_device & driver_find_device callback.
• Previous by thread: Re: 2.6.12-rc6-mm1 oops on startup.
• Next by thread: Re: 2.6.12-rc6-mm1 oops on startup.
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]