Re: Dcache oops
From: Al Viro
Date: Fri Jun 03 2016 - 17:27:02 EST
On Fri, Jun 03, 2016 at 02:18:15PM -0700, Linus Torvalds wrote:
> So something must have corrupted the qstr.
>
> The remaining length *should* in %edi, judging by the
>
> 0xffffffff81243b82 <+306>: cmp $0x7,%edi
>
> in the __d_lookup() disassembly. And %rdi contains 2, so there were
> supposed to be two more characters at 'ct' (which is %rdx).
... and since r8 and rsi are 0, we couldn't have consumed anything.
>
> Why would nd->last.name be bogus? I don't see anything.
An interesting part is that it's page-aligned. Which is impossible for
a short name obtained by getname(), but is quite likely for a symlink body.
So at a guess, we have a page containing a symlink body freed under us.