kmalloc bug?

Jonathan Foster Kliegman (jk8q+@andrew.cmu.edu)
Sun, 27 Jun 1999 22:15:14 -0400 (EDT)


While doing some network development I noticed a few times kmalloc
returned a pointer to the kernel code space.. To fix up my code, I
called everything through a wrapper around kmalloc to trap this;
unfortunately I was still noticing problems and there were spots I
couldn't trap - namely calls to dev_alloc_skb among others. I went into
mm/slab.c and modified kmalloc() by checking the return value from
__kmem_cache_alloc. If it was below the address of _end then I would
print an error and return NULL. So - on future reboots the kernel dies
horribly with lots of bad return values.

My source tree is 2.2.10, the only other modification was to add _end to
kernel/ksyms.c. I'm running on a P2-300.

Here's a dump of the boot messages - hope they help...

-Jon

Loading linux_2.2.10.........
Linux version 2.2.10 (root@kahn.ece.cmu.edu) (gcc version 2.7.2.3) #6
Sun Jun 27 21:59:42 EDT 1999
Detected 299946253 Hz processor.
Console: colour VGA+ 80x25
Calibrating delay loop... 299.01 BogoMIPS
Memory: 128264k/131072k available (864k kernel code, 408k reserved,
1500k data, 36k init)
kmalloc allocated bad block 0xc0001040
kmalloc allocated bad block 0xc00010e0
kmalloc allocated bad block 0xc0001180
kmalloc allocated bad block 0xc0001220
CPU: Intel Pentium II (Klamath) stepping 04
Checking 386/387 coupling... OK, FPU using exception 16 error reporting.

Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
kmalloc allocated bad block 0xc00012c0
kmalloc allocated bad block 0xc0001360
kmalloc allocated bad block 0xc0001400
kmalloc allocated bad block 0xc00014a0
kmalloc allocated bad block 0xc0001540
kmalloc allocated bad block 0xc00015e0
kmalloc allocated bad block 0xc0001680
PCI: PCI BIOS revision 2.10 entry at 0xfd9cc
PCI: Using configuration type 1
PCI: Probing PCI hardware
kmalloc allocated bad block 0xc0001720
Unable to handle kernel NULL pointer dereference at virtual address
00000000 current->tss.cr3 = 00101000, %cr3 = 00101000
*pde = 00000000
Oops: 0002
CPU: 0
EIP: 0010:[<c01f754c>]
EFLAGS: 00010246
eax: 00000000 ebx: 00000000 ecx: 00000012 edx: 00000001
esi: 00000000 edi: 00000000 ebp: c0217b4c esp: c0003f80
ds: 0018 es: 0018 ss: 0018
Process swapper (pid: 1, process nr: 1, stackpage=c0003000)
Stack: c0217b6c 00009000 c01faced 0000001a 00000001 00000000 00000018
00000000 00000000 0000001a c0003fcc c0217b5c 00000f00 00000000
00000000 00009000 c01facd3 c01dcaac 00000286 71808086 0000001a
c01f7a7e c0217b4c c0106000 Call Trace: [<c0106000>] [<c0106093>]
[<c0106513>]
Code: f3 ab 89 2b 8b 44 24 40 89 43 14 66 8b 7c 24 54 66 89 7b 18

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/