PROBLEM: smbfs oops in 2.1.50

System Administrator (linux@billabong.demon.co.uk)
Sun, 17 Aug 1997 17:25:12 +0000 (GMT)

Since kernel 2.1.44, an "oops" has been issued whenever I've tried to
access (from my Linux machine) an smbfs exported from one of our Windows
machines. The smbmount program seems to work ok, and the smbd daemon
certainly exports the filesystem here to the Windows machines. The oops
happens when I try to 'ls', 'cat' or otherwise access (from the Linux
machine) a file that exists on a Windows machine.

It seems that during smb_encode_path, eax is made to hold a very strange
pointer indeed! It is the function smb_encode_this_name that returns
this pointer, and maybe that function is being passed a bad pointer? Is
it significant that one of the bytes of this pointer is the ASCII code
for "\"?

Furthermore, examination of the compile of my kernel shows that the
pointers to the (not sure about this) inode structure members that hold
the filenames are wrongly specified in fs/smbfs/inode.c and
fs/smbfs/dir.c. The smb_fs.h header and the declarations in the
above-mentioned files are different.

Yes, I have applied the earlier patches to sort out the f_inode and
other problems.

Here's the oops, generated by 2.1.50 using smbfs and the Win95
workaround.

Unable to handle kernel paging request at virtual address 83a15c49
Unable to handle kernel paging request at virtual address 83a15c49
current->tss.cr3 = 012b7000,
current->tss.cr3 = 012b7000,
*pde = 00000000
*pde = 00000000
Oops: 0002
CPU: 0
EIP: 0010:[<c0150a73>]
EFLAGS: 00010292
eax: 83a15c49 ebx: c1200c20 ecx: c1200c1f edx: c2815029
esi: c2815028 edi: c1200ea0 ebp: c1fb7000 esp: c1741d3c
ds: 0018 es: 0018 ss: 0018
Process ls (pid: 223, process nr: 22, stackpage=c1741000)
Stack: c2815028 c1200ea0 c1200c20 c1fb7000 c172f2f4 c2815000 c1741de8 c172f2f4
c01525eb c1fb7000 c2815028 c1fb72cc c1200ea0 c1200c20 c1fb7000 00000008
00000000 00000000 00000000 c172f2f4 c1fb7000 c1200c20 c0152862 c172f2f4
Call Trace: [<c2815028>] [<c2815000>] [<c01525eb>] [<c2815028>] [<c0152862>] [<c0155b93>] [<c01295a0>]
[<c0129699>] [<c012986c>] [<c01298f0>] [<c0127962>] [<c010943a>]
Code: c6 00 00 40 83 c4 0c 83 7d 00 02 77 11 56 89 44 24 14 e8 a2

and here's what ksymsoops makes of it:

Using `/usr/src/linux/System.map' to map addresses to symbols.

>>EIP: c0150a73 <smb_encode_path+33/5c>
Trace: c2815028
Trace: c2815000
Trace: c01525eb <smb_proc_getattr_core+4f/c0>
Trace: c2815028
Trace: c0152862 <smb_proc_getattr+72/c0>
Trace: c0155b93 <smb_lookup+233/310>
Trace: c01295a0 <real_lookup+40/6c>
Trace: c0129699 <lookup+2d/44>
Trace: c012986c <lookup_dentry+134/190>
Trace: c01298f0 <__namei+28/7c>
Trace: c0127962 <sys_newlstat+16/64>
Trace: c010943a <system_call+3a/40>

Code: c0150a73 <smb_encode_path+33/5c>
Code: c0150a73 <smb_encode_path+33/5c> c6 00 00 movb $0x0,(%eax)
Code: c0150a76 <smb_encode_path+36/5c> 40 incl %eax
Code: c0150a77 <smb_encode_path+37/5c> 83 c4 0c addl $0xc,%esp
Code: c0150a7a <smb_encode_path+3a/5c> 83 7d 00 02 cmpl $0x2,0x0(%ebp)
Code: c0150a84 <smb_encode_path+44/5c> 77 11 ja c0150a91 <smb_encode_path+51/5c>
Code: c0150a86 <smb_encode_path+46/5c> 56 pushl %esi
Code: c0150a87 <smb_encode_path+47/5c> 89 44 24 14 movl %eax,0x14(%esp,1)
Code: c0150a8b <smb_encode_path+4b/5c> e8 a2 00 90 90 call 909000b9 <_EIP+909000b9>
Code: c0150a96 <smb_encode_path+56/5c> 90 nop

Can anyone help?

Yours (hacking the kernel for the first time)
John Hayward-Warburton
linux@billabong.demon.co.uk