Re: [PATCH?] Crash in 2.4.17/ptrace

Andrea Arcangeli (andrea@suse.de)
Tue, 29 Jan 2002 00:54:51 +0100


On Mon, Jan 28, 2002 at 01:29:15PM -0800, Andrew Morton wrote:
> Daniel Jacobowitz wrote:
> >
> > Frame buffers aren't reliable marked VM_IO when mapped, currently. Ben
> > H. said he was going to push a fix for this at least to the PPC trees
> > today or tomorrow.
>
> They are now, I hope. I fixed that in 2.4.18-pre2.
> drivers/video/fbmem.c:fb_mmap() marks the vma as
> VM_IO for all architectures. But perhaps I missed some;
> an audit is needed in there, which I'll do.
>
> > It's cute - fbmem.c goes out of its way to set the flag on some
> > architectures and not others. I can't imagine why.
> >
> > But with that, yes, that should fix it.
> >
> > > > Of course, I would much rather be able to see the contents of the
> > > > framebuffer. Any suggestions?
> > >
> > > Not with this patch, I'm afraid. For your testing purposes you
> > > could just remove the VALID_PAGE() test in mm/memory.c:get_page_map(),
> > > and then gdb should be able to get at the framebuffer.
> >
> > I'm sure there's a good reason to not do that in general. Mind
> > enlightening me?
>
> Well, get_user_pages is used by several parts of the kernel.
> In the O_DIRECT/map_user_kiobuf case, we could end up asking
> the disk controller to perform busmastering against the video
> PCI device, which will probably explode somewhere down the chain.
>
> Also, just because the hardware is mapped into the process
> virtual address space, it's not necessarily all accessible.
> It is possible to get a bus fault against part of the mapping.
> And the kernel doesn't expect to get bus faults on the source
> of copy_to_user, I think.

another basic problem about allowing map_user_kiobuf to succeed on
invalid pages, is that calling PageReserved/SetPageDirty on a null
pointer will crash, etc...

>
> I'm sure Andrea will have a better notion than I. Sometimes I
> just fling out random patches to get people thinking about
> things ;)

Well, I think your earlier suggestion to bale out with an error if an
invalid page is found sounds like the cleaner fix (possibly in function
of yet another bitflag, so if somebody wants to get the nearby pages
regardless of an invalid pages somewhere, it can).

Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/