Re: [patch] i386: fix recursive fault in page-fault handler
From: Chuck Ebbert
Date: Mon Jul 17 2006 - 16:01:44 EST
In-Reply-To: <Pine.LNX.4.64.0607171107390.15611@xxxxxxxxxxxx>
On Mon, 17 Jul 2006 11:08:26 -0700 (PDT), Linus Torvalds wrote:
>
> On Mon, 17 Jul 2006, Chuck Ebbert wrote:
> >
> > Krzysztof Halasa reported recursive faults in do_page_fault()
> > causing a stream of partial oops messages on the console. Fix
> > by adding a fixup for that code.
>
> This patch is really too ugly to live.
I was afraid to use __put_user, but I guess it's OK?
--- 2.6.18-rc1-32.orig/arch/i386/mm/fault.c
+++ 2.6.18-rc1-32/arch/i386/mm/fault.c
@@ -585,9 +585,10 @@ no_context:
printk(KERN_ALERT "*pte = %08lx\n", page);
}
#endif
- tsk->thread.cr2 = address;
- tsk->thread.trap_no = 14;
- tsk->thread.error_code = error_code;
+ /* avoid possible fault here if tsk is garbage */
+ __put_user(address, &tsk->thread.cr2);
+ __put_user(14, &tsk->thread.trap_no);
+ __put_user(error_code, &tsk->thread.error_code);
die("Oops", regs, error_code);
bust_spinlocks(0);
do_exit(SIGKILL);
> Does it even work? If 'tsk' is
> broken, I'd expect the die() to oops anyway - it does
>
> if (notify_die(DIE_OOPS, str, regs, err,
> current->thread.trap_no, SIGSEG...
>
> anyway (where that "current->thread.trap_no" gets dereferenced).
This should at least stop the endless faults because recursive faulting
in die() is handled properly. Right now the original error message
(incomplete but still possibly useful) scrolls away.
I was going to fix handling of bad task pointer in die() and
show_registers() after I got feedback from the first patch.
--
Chuck
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/