yes, in the last chunk of code in oprofile_add_sample()
> Unable to handle kernel paging request at virtual address f8c3c000
> c0212022
> *pde = 00000000
> Oops: 0002
> CPU: 13
> EIP: 0060:[<c0212022>] Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010046
> eax: 40082d94 ebx: 00000340 ecx: 00002000 edx: f8c2c000
^^^^^^^^
buffer overrrun by one entry (8192 entry by default of 8 bytes
each on x86), potentially oprofile_add_sample() add 3 events
in buffer but the protection at begin of code protect against
two addition not three
The bug is rare because add_sample use three entry in rare case,
and thing are wrong only when cpu_buf->pos == buffer_size - 2
the code is not fixed in 2.5.64, John if you have not already
a patch pending for this can you push it in your tree ?
void oprofile_add_sample(unsigned long eip, unsigned int is_kernel,
unsigned long event, int cpu)
.....
- if (cpu_buf->pos > buffer_size - 2) {
+
if (cpu_buf->pos > buffer_size - 3) {
cpu_buf->sample_lost_overflow++;
goto out;
}
>>>EIP; c0212022 <oprofile_add_sample+102/128> <=====
>>
>
>>>edi; c0310f00 <cpu_buffer+340/800>
>>
>
> Trace; c02139f0 <ppro_check_ctrs+4c/80>
> Trace; c0213291 <nmi_callback+21/28>
> Trace; c010a1eb <do_nmi+2b/48>
> Trace; c010962e <nmi+1e/30>
>
> Code; c0212022 <oprofile_add_sample+102/128>
> 00000000 <_EIP>:
> Code; c0212022 <oprofile_add_sample+102/128> <=====
> 0: 89 04 ca mov %eax,(%edx,%ecx,8) <=====
ecx == cpu_bufffer->pos == buffer_size ... boom ...
regards,
Philippe Elie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/