Re: 2.6.12-rc6-mm1 oops on startup.
From: Andrew Morton (akpm_at_osdl.org)
Date: 06/22/05
- Previous message: Andrew Morton: "Re: -mm -> 2.6.13 merge status (fuse)"
- In reply to: James Courtier-Dutton: "2.6.12-rc6-mm1 oops on startup."
- Next in thread: Guillaume Thouvenin: "Re: 2.6.12-rc6-mm1 oops on startup."
- Reply: Guillaume Thouvenin: "Re: 2.6.12-rc6-mm1 oops on startup."
- Reply: James Courtier-Dutton: "Re: 2.6.12-rc6-mm1 oops on startup."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 21 Jun 2005 23:51:44 -0700 To: James Courtier-Dutton <James@superbug.demon.co.uk>
James Courtier-Dutton <James@superbug.demon.co.uk> wrote:
>
> I have used the kernel.org normal kernel, and it compiles and boots fine.
> I then use exactly the same .config file for the 2.6.12-rc6-mm1 and it
> fails to boot.
It's due to the fork notifier code. Set CONFIG_FORK_CONNECTOR=n and you
should be OK.
The oops is detected by CONFIG_DEBUG_PAGEALLOC. It's good that you're
running with CONFIG_DEBUG_PAGEALLOC, but be aware that it uses tons of
memory and will slow down smaller machines quite a lot.
Here:
if (clone_flags & CLONE_VFORK) {
wait_for_completion(&vfork);
if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
}
fork_connector(current->tgid, current->pid,
p->tgid, p->pid);
Someone does a call_usermodehelper() which uses CLONE_VFORK. The new
process at `p' exits quickly so when the parent returns from
wait_for_completion() it is left with freed memory at *p. When the parent
tries to reference p->pid we oops due to the use-after-free bug.
Guillaume, I'll do this for now:
--- 25/kernel/fork.c~connector-add-a-fork-connector-use-after-free-fix 2005-06-21 23:46:35.000000000 -0700
+++ 25-akpm/kernel/fork.c 2005-06-21 23:46:58.000000000 -0700
@@ -1248,14 +1248,15 @@ long do_fork(unsigned long clone_flags,
ptrace_notify ((trace << 8) | SIGTRAP);
}
+ fork_connector(current->tgid, current->pid, p->tgid, p->pid);
+
if (clone_flags & CLONE_VFORK) {
+
wait_for_completion(&vfork);
if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
- ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
+ ptrace_notify((PTRACE_EVENT_VFORK_DONE << 8) |
+ SIGTRAP);
}
-
- fork_connector(current->tgid, current->pid,
- p->tgid, p->pid);
} else {
free_pidmap(pid);
pid = PTR_ERR(p);
_
But you need to work out what semantics you want for vfork()?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Andrew Morton: "Re: -mm -> 2.6.13 merge status (fuse)"
- In reply to: James Courtier-Dutton: "2.6.12-rc6-mm1 oops on startup."
- Next in thread: Guillaume Thouvenin: "Re: 2.6.12-rc6-mm1 oops on startup."
- Reply: Guillaume Thouvenin: "Re: 2.6.12-rc6-mm1 oops on startup."
- Reply: James Courtier-Dutton: "Re: 2.6.12-rc6-mm1 oops on startup."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
