Re: 2.6.12-rc6-mm1 oops on startup.

From: Andrew Morton
Date: Wed Jun 22 2005 - 03:03:23 EST

Next message: Andrew Morton: "Re: -mm -> 2.6.13 merge status (fuse)"
Previous message: cutaway: "Re: [RFC] exit_thread() speedups in x86 process.c"
In reply to: randy_dunlap: "Re: 2.6.12-rc6-mm1 oops on startup."
Next in thread: Guillaume Thouvenin: "Re: 2.6.12-rc6-mm1 oops on startup."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Courtier-Dutton <James@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> I have used the kernel.org normal kernel, and it compiles and boots fine.
> I then use exactly the same .config file for the 2.6.12-rc6-mm1 and it
> fails to boot.

It's due to the fork notifier code. Set CONFIG_FORK_CONNECTOR=n and you
should be OK.

The oops is detected by CONFIG_DEBUG_PAGEALLOC. It's good that you're
running with CONFIG_DEBUG_PAGEALLOC, but be aware that it uses tons of
memory and will slow down smaller machines quite a lot.

Here:

if (clone_flags & CLONE_VFORK) {
wait_for_completion(&vfork);
if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
}

fork_connector(current->tgid, current->pid,
p->tgid, p->pid);

Someone does a call_usermodehelper() which uses CLONE_VFORK. The new
process at `p' exits quickly so when the parent returns from
wait_for_completion() it is left with freed memory at *p. When the parent
tries to reference p->pid we oops due to the use-after-free bug.

Guillaume, I'll do this for now:

--- 25/kernel/fork.c~connector-add-a-fork-connector-use-after-free-fix 2005-06-21 23:46:35.000000000 -0700
+++ 25-akpm/kernel/fork.c 2005-06-21 23:46:58.000000000 -0700
@@ -1248,14 +1248,15 @@ long do_fork(unsigned long clone_flags,
ptrace_notify ((trace << 8) | SIGTRAP);
}

+ fork_connector(current->tgid, current->pid, p->tgid, p->pid);
+
if (clone_flags & CLONE_VFORK) {
+
wait_for_completion(&vfork);
if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
- ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
+ ptrace_notify((PTRACE_EVENT_VFORK_DONE << 8) |
+ SIGTRAP);
}
-
- fork_connector(current->tgid, current->pid,
- p->tgid, p->pid);
} else {
free_pidmap(pid);
pid = PTR_ERR(p);
_

But you need to work out what semantics you want for vfork()?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: -mm -> 2.6.13 merge status (fuse)"
Previous message: cutaway: "Re: [RFC] exit_thread() speedups in x86 process.c"
In reply to: randy_dunlap: "Re: 2.6.12-rc6-mm1 oops on startup."
Next in thread: Guillaume Thouvenin: "Re: 2.6.12-rc6-mm1 oops on startup."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]