On Sun, 25 Jun 2006 13:19:25 +0200
"Michal Piotrowski" <[email protected]> wrote:
> On 24/06/06, Andrew Morton <[email protected]> wrote:
> >
> > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.17/2.6.17-mm2/
> >
>
> I found this in /var/log/messages.1
>
> Jun 24 22:29:52 ltg01-fedora kernel: BUG: unable to handle kernel
> paging request at virtual address 6b6b6b7b
> Jun 24 22:29:52 ltg01-fedora kernel: printing eip:
> Jun 24 22:29:52 ltg01-fedora kernel: c01174f2
> Jun 24 22:29:52 ltg01-fedora kernel: *pde = 00000000
> Jun 24 22:29:52 ltg01-fedora kernel: Oops: 0000 [#1]
> Jun 24 22:29:52 ltg01-fedora kernel: 4K_STACKS PREEMPT SMP
> Jun 24 22:29:52 ltg01-fedora kernel: last sysfs file:
> /devices/platform/i2c-9191/9191-0290/temp2_input
> Jun 24 22:29:52 ltg01-fedora kernel: Modules linked in: ipv6 w83627hf
> hwmon_vid hwmon i2c_isa af_packet ip_conntrack_netbios
> _ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp
> iptable_filter ip_tables x_tables p4_clockmod speedstep_lib binfmt_
> misc thermal processor fan container parport_pc parport nvram
> snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq
> _oss snd_seq_midi_event evdev snd_seq snd_seq_device snd_pcm_oss
> snd_mixer_oss snd_pcm snd_timer snd soundcore ide_cd snd_pa
> ge_alloc intel_agp i2c_i801 sk98lin skge agpgart cdrom rtc unix
> Jun 24 22:29:52 ltg01-fedora kernel: CPU: 0
> Jun 24 22:29:52 ltg01-fedora kernel: EIP: 0060:[<c01174f2>] Not
> tainted VLI
> Jun 24 22:29:52 ltg01-fedora kernel: EFLAGS: 00010096 (2.6.17-mm2 #51)
> Jun 24 22:29:52 ltg01-fedora kernel: EIP is at task_rq_lock+0x1d/0x57
OK, thanks. I expect the below will fix that (I've since dropped the
offending patches)
Begin forwarded message:
Date: Sun, 25 Jun 2006 01:31:12 +0200
From: Ingo Molnar <[email protected]>
To: Andrew Morton <[email protected]>
Subject: Re: more -mm2 troubles ...
* Ingo Molnar <[email protected]> wrote:
> hm, look at the sched_exit() => task_rq_lock() use-after-free crash
> below.
>
> I bet it was p->real_parent that got freed. (because at the point we
> call sched_exit() we already unlink ourselves from the parent so it is
> free to exit)
>
> We moved sched_exit() within exit.c to an unsafe place in mm2 - what
> patch was that?
patch below seems to fix it for me. mm2 is now stable.
Ingo
--------------
Subject: move sched_exit() back to under the tasklist_lock umbrella
From: Ingo Molnar <[email protected]>
seems like sched_exit() cannot be moved to a later stage just yet.
Needs more investigation.
Signed-off-by: Ingo Molnar <[email protected]>
---
kernel/exit.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: linux/kernel/exit.c
===================================================================
--- linux.orig/kernel/exit.c
+++ linux/kernel/exit.c
@@ -827,6 +827,7 @@ static void exit_notify(struct task_stru
state = EXIT_DEAD;
tsk->exit_state = state;
+ sched_exit(tsk);
write_unlock_irq(&tasklist_lock);
list_for_each_safe(_p, _n, &ptrace_dead) {
@@ -952,8 +953,6 @@ fastcall NORET_TYPE void do_exit(long co
if (tsk->splice_pipe)
__free_pipe_info(tsk->splice_pipe);
- sched_exit(tsk);
-
/* PF_DEAD causes final put_task_struct after we schedule. */
preempt_disable();
BUG_ON(tsk->flags & PF_DEAD);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]