[uml-user] UML segfaults in copy_from_user()

Oscar Hellström Thu, 15 Apr 2010 09:52:39 -0700

Hi,

I've seen this before on the list, but in that case the reason was from
running UML in gdb without ignoring segfaults. In my case I don't run
inside gdb.


Essentially i have a module, a network device, which gets an ioctl. This
module then does a copy_from_user to get some parameters from user space. I
have checked the pointes, and it comes through properly. It seems that when
trying to map the user space memory, I get some kind of page fault, which I
cannot survive. In some cases, the UML end up in a tight loop inside kernel
space instead and cosumes 99% CPU. I'm not used to debug this kind of
thing, so I'm kind of in the dark here.

This is the stack trace I get from my crashed UML:
Thread 1 (process 1251):
#0  0xb7e6f211 in abort () from /lib/libc.so.6
#1  0x08068188 in os_dump_core () at arch/um/os-Linux/util.c:119
#2  0x0805aae0 in panic_exit (self=0x822b298, unused1=0, unused2=0x8241560)
at arch/um/kernel/um_arch.c:233
#3  0x08086712 in notifier_call_chain (nl=<value optimized out>, val=0,
v=0x8241560, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93
#4  0x0808674e in __atomic_notifier_call_chain (nh=0x8241520, val=0,
v=0x8241560, nr_to_call=-1, nr_calls=0x0) at kernel/notifier.c:182
#5  0x08086765 in atomic_notifier_call_chain (nh=0x8241520, val=0,
v=0x8241560) at kernel/notifier.c:191
#6  0x080732df in panic (fmt=0x81ef5cb "Kernel mode fault at addr 0x%lx, ip
0x%lx") at kernel/panic.c:91
#7  0x0805a865 in segv (fi={error_code = 4, cr2 = 5685821, trap_no = 14},
ip=134590521, is_user=0, regs=0x8229c78) at arch/um/kernel/trap.c:204
#8  0x0805a8ff in segv_handler (sig=11, regs=0x8229c78) at
arch/um/kernel/trap.c:150
#9  0x080674ec in sig_handler_common (sig=11, sc=0x8229d24) at
arch/um/os-Linux/signal.c:49
#10 0x080677e0 in sig_handler (sig=6, sc=0x8229d24) at
arch/um/os-Linux/signal.c:81
#11 0x0806773f in handle_signal (sig=22, sc=0x8229d24) at
arch/um/os-Linux/signal.c:158
#12 0x08068e6f in hard_handler (sig=11) at
arch/um/os-Linux/sys-i386/signal.c:12
#13 <signal handler called>
#14 0x0805b039 in do_op_one_page (addr=3218788464, len=44, is_write=0,
op=0x805afa7 <copy_chunk_from_user>, arg=0x9fb1d98) at
arch/um/kernel/skas/uaccess.c:42
#15 0x0805b193 in buffer_op (addr=3218788464, len=44, is_write=0,
op=0x805afa7 <copy_chunk_from_user>, arg=0x9fb1d98) at
arch/um/kernel/skas/uaccess.c:97
#16 0x0805b2ef in copy_from_user (to=0x9fb2da8, from=0xbfdad070, n=44) at
arch/um/kernel/skas/uaccess.c:148

Best regards
-- 
Oscar Hellström, os...@hellstrom.st
web: http://oscar.hellstrom.st
xmpp: os...@hellstrom.st

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user

[uml-user] UML segfaults in copy_from_user()

Reply via email to