I've been looking at an oops that happened on 2.2.12-20smp (i386) on a
four-processor SMP machine. It turns out that in remove_filp,
file->f_next and file->f_pprev are both NULL.
I wonder if it could be a race between insert_file_free and
get_empty_filp, but it seems very odd that I'm the only one to see this
race! Here's the patch I think might help (I haven't tried it yet):
--- file_table.c~ Wed Feb 23 17:11:33 2000
+++ file_table.c Wed Feb 23 17:12:21 2000
@@ -24,8 +24,8 @@ static void insert_file_free(struct file
{
if((file->f_next = free_filps) != NULL)
free_filps->f_pprev = &file->f_next;
- free_filps = file;
file->f_pprev = &free_filps;
+ free_filps = file;
nr_free_files++;
}
@@ -36,8 +36,8 @@ static inline void put_inuse(struct file
{
if((file->f_next = inuse_filps) != NULL)
inuse_filps->f_pprev = &file->f_next;
- inuse_filps = file;
file->f_pprev = &inuse_filps;
+ inuse_filps = file;
}
/* It does not matter which list it is on. */
So my question is, is this patch needed, or have I just overlooked the
locking mechanism (likely, since I don't know this code very well)?
Here's the original oops:
ksymoops 2.3.3 on i686 2.2.15pre9. Options used
-v vmlinux-2.2.12-20smp (specified)
-K (specified)
-L (specified)
-o /lib/modules/2.2.12-20smp (specified)
-m System.map-2.2.12-20smp (specified)
No modules in ksyms, skipping objects
Unable to handle kernel NULL pointer dereference at virtual address 00000000
current->tss.cr3 = 1cb5d000, %cr3 = 1cb5d000
*pde = 00000000
Oops: 0002
CPU: 0
EIP: 0010:[<c012a776>]
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010246
eax: 00000000 ebx: 00000003 ecx: 00000003 edx: 00000000
esi: ddbe4000 edi: dd919000 ebp: dbdd85c0 esp: ddbe5f84
ds: 0018 es: 0018 ss: 0018
Process file (pid: 6309, process nr: 202, stackpage=ddbe5000)
Stack: dd919000 bfffdc90 bfffdc90 c01292ee 00000003 ddbe4000 dd919000 bfffdc90
c0129582 dd919000 00000000 000001b6 ddbe4000 00000008 0804c1c9 c01093e4
08068a18 00000000 000001b6 00000008 0804c1c9 bfffdc90 00000005 0000002b
Call Trace: [<c01292ee>] [<c0129582>] [<c01093e4>]
Code: 89 10 ff 0d b4 60 22 c0 b9 16 00 00 00 89 ef 31 c0 fc f3 ab
>>EIP; c012a776 <get_empty_filp+36/130> <=====
Trace; c01292ee <filp_open+e/f0>
Trace; c0129582 <sys_open+52/b0>
Trace; c01093e4 <system_call+34/38>
Code; c012a776 <get_empty_filp+36/130>
00000000 <_EIP>:
Code; c012a776 <get_empty_filp+36/130> <=====
0: 89 10 mov %edx,(%eax) <=====
Code; c012a778 <get_empty_filp+38/130>
2: ff 0d b4 60 22 c0 decl 0xc02260b4
Code; c012a77e <get_empty_filp+3e/130>
8: b9 16 00 00 00 mov $0x16,%ecx
Code; c012a783 <get_empty_filp+43/130>
d: 89 ef mov %ebp,%edi
Code; c012a785 <get_empty_filp+45/130>
f: 31 c0 xor %eax,%eax
Code; c012a787 <get_empty_filp+47/130>
11: fc cld
Code; c012a788 <get_empty_filp+48/130>
12: f3 ab repz stos %eax,%es:(%edi)
Tim.
*/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:33 EST