still bug in csum_partial_copy() in Linux/AXP 2.0.7

Harald Koenig (koenig@tat.physik.uni-tuebingen.de)
Wed, 17 Jul 1996 11:41:54 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: still bug in csum_partial_copy() in Linux/AXP 2.0.7"
Previous message: David Mosberger-Tang: "glibc/ELF Linux/Alpha is self-hosting"

Hi,

rcp(1) doesn't work anymore at least in Linux/AXP 2.0.6 and 2.0.7.
it's SEGVing when trying to write the first 8k of data to the remote shell:

(gdb) b 531
Breakpoint 1 at 0x120001ed0: file rcp.c, line 531.
(gdb) r /tmp/hello beta:/tmp/prog
Starting program: /usr/src/redhat/BUILD/NetKit-B-0.06/rcp/rcp /tmp/hello beta:/tmp/prog

Breakpoint 1, source (argc=1, argv=0x11ffff928) at rcp.c:531
531 (void)write(rem, bp->buf, amt);
(gdb) p rem
$1 = 5
(gdb) p amt
$2 = 8192
(gdb) x bp->buf
0x140016000 <_end+35736>: 0x00090183
(gdb) x/c bp->buf+8191
0x140017fff <_end+43927>: 71 'G'
(gdb) x/c bp->buf+8192
0x140018000 <_end+43928>: Cannot access memory at address 0x140018000.

[root@alpha rcp]# cat /proc/241/maps
000000011fffe000-0000000120000000 rwxp 0000000000000000 00:00 0
0000000120000000-0000000120034000 r-xp 0000000000000000 08:02 149005
0000000140000000-0000000140006000 rwxp 0000000000034000 08:02 149005
0000000140006000-0000000140018000 rwxp 0000000000000000 00:00 0

(gdb) n

Unable to handle kernel paging request at virtual address 0000000140018004
rcp(241): Oops 0
pc = [<fffffc0000420fd4>] ps = 0000
rp = [<fffffc0000366598>] sp = fffffc000187fd40
r0=598434760b3dfdaa r1=1 r2=1 r3=c3e00017201fffff
r8=fffffc0001b0f060
r16=140017ffc r17=fffffc0001b0f3d8 r18=4 r19=0
r20=fffffc0000458598 r21=7b0 r22=0 r23=fffffc00003e69bc
r24=1f r25=20 r26=fffffc0000366598 r27=fffffc0000420ed0
r28=d87 r29=fffffc000046b490 r30=fffffc000187fd40
Code: 42411412 40020400 e6400088 <2c500008> a4310000 488506c3 48450f44 44640403 48720643

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

note that the 8k buffer at bp->buf are very end of the very end of
the data segment but there should be no reason to access bp->buf+8192.

the kernel Oops only shows up in 2.0.7 but not in 2.0.6.

(gdb) x/i 0xfffffc0000420fd4
0xfffffc0000420fd4 <csum_partial_copy+260>: 2c500008 ldq_u t1, 8(a0)
(gdb) x/i 0xfffffc0000366598
0xfffffc0000366598 <do_tcp_sendmsg+2352>: 27ba0010 ldah gp, 1048576(ra)
(gdb)

Harald

-- 
All SCSI disks will from now on                     ___       _____
be required to send an email notice                0--,|    /OOOOOOO\
24 hours prior to complete hardware failure!      <_/  /  /OOOOOOOOOOO\
                                                    \  \/OOOOOOOOOOOOOOO\
                                                      \ OOOOOOOOOOOOOOOOO|//
Harald Koenig,                                         \/\/\/\/\/\/\/\/\/
Inst.f.Theoret.Astrophysik                              //  /     \\  \
koenig@tat.physik.uni-tuebingen.de                     ^^^^^       ^^^^^

Next message: Linus Torvalds: "Re: still bug in csum_partial_copy() in Linux/AXP 2.0.7"
Previous message: David Mosberger-Tang: "glibc/ELF Linux/Alpha is self-hosting"