I get this oops while booting 2.4.7-pre9:
Jul 20 08:01:52 hafnium kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000007c
Jul 20 08:01:52 hafnium kernel: c01467e3
Jul 20 08:01:52 hafnium kernel: *pde = 00000000
Jul 20 08:01:52 hafnium kernel: Oops: 0000
Jul 20 08:01:52 hafnium kernel: CPU: 0
Jul 20 08:01:52 hafnium kernel: EIP: 0010:[proc_pid_make_inode+131/176]
Jul 20 08:01:52 hafnium kernel: EIP: 0010:[<c01467e3>]
Using defaults from ksymoops -t elf32-i386 -a i386
Jul 20 08:01:52 hafnium kernel: EFLAGS: 00010206
Jul 20 08:01:52 hafnium kernel: eax: 00000000 ebx: c11ba000 ecx: c48c89c0 edx: c104b578
Jul 20 08:01:52 hafnium kernel: esi: c11ed000 edi: 0000000b ebp: c01e0ca0 esp: c493de68
Jul 20 08:01:52 hafnium kernel: ds: 0018 es: 0018 ss: 0018
Jul 20 08:01:52 hafnium kernel: Process pidof (pid: 177, stackpage=c493d000)
Jul 20 08:01:52 hafnium kernel: Stack: c11ba000 0000000b c01bf0aa c0146a3a c11ed000 c11ba000 0000000b c11ba000
Jul 20 08:01:52 hafnium kernel: ffffffea fffffff4 c01406a8 c1157e08 000000f0 c4b6c9a0 fffffff4 c48c87e0
Jul 20 08:01:52 hafnium kernel: c4b6c920 c01388cf c48c87e0 c4b6c9a0 c493df00 c4b6c920 c4b6c920 c4fee00c
Jul 20 08:01:52 hafnium kernel: Call Trace: [proc_base_lookup+138/544] [d_alloc+24/368] [real_lookup+79/192] [path_walk+1409/2000] [destroy_inode+48/64] [open_namei+124/1360] [filp_open+52/96]
Jul 20 08:01:52 hafnium kernel: Call Trace: [<c0146a3a>] [<c01406a8>] [<c01388cf>] [<c0138fd1>] [<c0141050>] [<c013972c>] [<c012e334>]
Jul 20 08:01:52 hafnium kernel: [<c013861f>] [<c012e636>] [<c0106cf3>]
Jul 20 08:01:52 hafnium kernel: Code: f6 40 7c 01 74 12 8b 83 24 01 00 00 89 41 30 8b 83 34 01 00
>>EIP; c01467e3 <proc_pid_make_inode+83/b0> <=====
Trace; c0146a3a <proc_base_lookup+8a/220>
Trace; c01406a8 <d_alloc+18/170>
Trace; c01388cf <real_lookup+4f/c0>
Trace; c0138fd1 <path_walk+581/7d0>
Trace; c0141050 <destroy_inode+30/40>
Trace; c013972c <open_namei+7c/550>
Trace; c012e334 <filp_open+34/60>
Trace; c013861f <getname+5f/a0>
Trace; c012e636 <sys_open+36/b0>
Trace; c0106cf3 <system_call+33/40>
Code; c01467e3 <proc_pid_make_inode+83/b0>
00000000 <_EIP>:
Code; c01467e3 <proc_pid_make_inode+83/b0> <=====
0: f6 40 7c 01 testb $0x1,0x7c(%eax) <=====
Code; c01467e7 <proc_pid_make_inode+87/b0>
4: 74 12 je 18 <_EIP+0x18> c01467fb <proc_pid_make_inode+9b/b0>
Code; c01467e9 <proc_pid_make_inode+89/b0>
6: 8b 83 24 01 00 00 mov 0x124(%ebx),%eax
Code; c01467ef <proc_pid_make_inode+8f/b0>
c: 89 41 30 mov %eax,0x30(%ecx)
Code; c01467f2 <proc_pid_make_inode+92/b0>
f: 8b 83 34 01 00 00 mov 0x134(%ebx),%eax
--
Niels Kristian Bech Jensen -- [email protected] -- http://www.image.dk/~nkbj/
----------->> Stop software piracy --- use free software! <<-----------
Niels Kristian Bech Jensen writes:
> >>EIP; c01467e3 <proc_pid_make_inode+83/b0> <=====
This should fix it:
--- fs/proc/base.c.~1~ Thu Jul 19 23:02:12 2001
+++ fs/proc/base.c Thu Jul 19 23:25:28 2001
@@ -670,7 +670,8 @@
inode->u.proc_i.task = task;
inode->i_uid = 0;
inode->i_gid = 0;
- if (ino == PROC_PID_INO || task->mm->dumpable) {
+ if (ino == PROC_PID_INO ||
+ (task->mm && task->mm->dumpable)) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
}
Niels Kristian Bech Jensen wrote:
>
> I get this oops while booting 2.4.7-pre9:
Kernel is trying to read /proc/pid entries for a kernel thread
which has called daemonize(). It has a null task_struct.mm.
I tested various other possible problems, such as making
/sbin/hotplug an elf executable and it looks OK, apart from
the /proc problem.
--- linux-2.4.7-pre9/fs/proc/base.c Fri Jul 20 15:39:12 2001
+++ linux-akpm/fs/proc/base.c Fri Jul 20 16:43:02 2001
@@ -670,7 +670,7 @@ static struct inode *proc_pid_make_inode
inode->u.proc_i.task = task;
inode->i_uid = 0;
inode->i_gid = 0;
- if (ino == PROC_PID_INO || task->mm->dumpable) {
+ if (ino == PROC_PID_INO || (task->mm && task->mm->dumpable)) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
}
On Thu, 19 Jul 2001, David S. Miller wrote:
>
> Niels Kristian Bech Jensen writes:
> > >>EIP; c01467e3 <proc_pid_make_inode+83/b0> <=====
>
> This should fix it:
>
It does, thanks.
--
Niels Kristian Bech Jensen -- [email protected] -- http://www.image.dk/~nkbj/
----------->> Stop software piracy --- use free software! <<-----------
On Fri, 20 Jul 2001, Andrew Morton wrote:
>
> I tested various other possible problems, such as making
> /sbin/hotplug an elf executable and it looks OK, apart from
> the /proc problem.
Actually, there's a double stupidity in the dumpable testing: it should
really test that the process has a VM, but it should also make sure to
lock that access properly.
This ends up being even more of an issue for ptrace, I think. Sorry for
the screw-up. I think the real fix should be something along the lines of
this (actually, we should move the whole ptrace executable test into
ptrace_dumpable: right now x86 is the only one that gets the subtle and
unlikely race with a ptrace and a suid executable right with the memory
access ordering things).
Linus
----
diff -u --recursive --new-file pre9/linux/arch/alpha/kernel/ptrace.c linux/arch/alpha/kernel/ptrace.c
--- pre9/linux/arch/alpha/kernel/ptrace.c Fri Jul 20 01:02:50 2001
+++ linux/arch/alpha/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -267,7 +267,7 @@
ret = -EPERM;
if (child == current)
goto out;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/arm/kernel/ptrace.c linux/arch/arm/kernel/ptrace.c
--- pre9/linux/arch/arm/kernel/ptrace.c Fri Jul 20 01:02:50 2001
+++ linux/arch/arm/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -596,7 +596,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/cris/kernel/ptrace.c linux/arch/cris/kernel/ptrace.c
--- pre9/linux/arch/cris/kernel/ptrace.c Fri Jul 20 01:02:51 2001
+++ linux/arch/cris/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -117,7 +117,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/i386/kernel/ptrace.c linux/arch/i386/kernel/ptrace.c
--- pre9/linux/arch/i386/kernel/ptrace.c Fri Jul 20 01:02:52 2001
+++ linux/arch/i386/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -176,7 +176,7 @@
(current->gid != child->gid)) && !capable(CAP_SYS_PTRACE))
goto out_tsk;
rmb();
- if (!child->mm->dumpable && !capable(CAP_SYS_PTRACE))
+ if (!ptrace_dumpable(child) && !capable(CAP_SYS_PTRACE))
goto out_tsk;
/* the same process cannot be attached many times */
if (child->ptrace & PT_PTRACED)
diff -u --recursive --new-file pre9/linux/arch/ia64/kernel/ptrace.c linux/arch/ia64/kernel/ptrace.c
--- pre9/linux/arch/ia64/kernel/ptrace.c Fri Jul 20 01:02:52 2001
+++ linux/arch/ia64/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -770,7 +770,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/m68k/kernel/ptrace.c linux/arch/m68k/kernel/ptrace.c
--- pre9/linux/arch/m68k/kernel/ptrace.c Fri Jul 20 01:02:52 2001
+++ linux/arch/m68k/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -120,7 +120,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/mips/kernel/ptrace.c linux/arch/mips/kernel/ptrace.c
--- pre9/linux/arch/mips/kernel/ptrace.c Fri Jul 20 01:02:52 2001
+++ linux/arch/mips/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -68,7 +68,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/mips64/kernel/ptrace.c linux/arch/mips64/kernel/ptrace.c
--- pre9/linux/arch/mips64/kernel/ptrace.c Fri Jul 20 01:02:52 2001
+++ linux/arch/mips64/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -64,7 +64,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
@@ -338,7 +338,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/parisc/kernel/ptrace.c linux/arch/parisc/kernel/ptrace.c
--- pre9/linux/arch/parisc/kernel/ptrace.c Fri Jul 20 01:02:52 2001
+++ linux/arch/parisc/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -63,7 +63,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/ppc/kernel/ptrace.c linux/arch/ppc/kernel/ptrace.c
--- pre9/linux/arch/ppc/kernel/ptrace.c Fri Jul 20 01:02:53 2001
+++ linux/arch/ppc/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -120,7 +120,7 @@
if (request == PTRACE_ATTACH) {
if (child == current)
goto out_tsk;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/s390/kernel/ptrace.c linux/arch/s390/kernel/ptrace.c
--- pre9/linux/arch/s390/kernel/ptrace.c Fri Jul 20 01:02:53 2001
+++ linux/arch/s390/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -235,7 +235,7 @@
{
if (child == current)
goto out;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/s390x/kernel/ptrace.c linux/arch/s390x/kernel/ptrace.c
--- pre9/linux/arch/s390x/kernel/ptrace.c Fri Jul 20 01:02:53 2001
+++ linux/arch/s390x/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -249,7 +249,7 @@
{
if (child == current)
goto out;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
@@ -435,7 +435,7 @@
{
if (child == current)
goto out;
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
diff -u --recursive --new-file pre9/linux/arch/sh/kernel/ptrace.c linux/arch/sh/kernel/ptrace.c
--- pre9/linux/arch/sh/kernel/ptrace.c Fri Jul 20 01:02:53 2001
+++ linux/arch/sh/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -184,7 +184,7 @@
(tsk->gid != child->gid)) && !capable(CAP_SYS_PTRACE))
goto out_tsk;
rmb();
- if (!child->mm->dumpable && !capable(CAP_SYS_PTRACE))
+ if (!ptrace_dumpable(child) && !capable(CAP_SYS_PTRACE))
goto out_tsk;
/* the same process cannot be attached many times */
if (child->ptrace & PT_PTRACED)
diff -u --recursive --new-file pre9/linux/arch/sparc/kernel/ptrace.c linux/arch/sparc/kernel/ptrace.c
--- pre9/linux/arch/sparc/kernel/ptrace.c Fri Jul 20 01:02:53 2001
+++ linux/arch/sparc/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -327,7 +327,7 @@
pt_error_return(regs, EPERM);
goto out_tsk;
}
- if((!child->mm->dumpable ||
+ if((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->uid) ||
(current->uid != child->suid) ||
diff -u --recursive --new-file pre9/linux/arch/sparc64/kernel/ptrace.c linux/arch/sparc64/kernel/ptrace.c
--- pre9/linux/arch/sparc64/kernel/ptrace.c Fri Jul 20 01:02:54 2001
+++ linux/arch/sparc64/kernel/ptrace.c Fri Jul 20 01:01:43 2001
@@ -177,7 +177,7 @@
pt_error_return(regs, EPERM);
goto out_tsk;
}
- if ((!child->mm->dumpable ||
+ if ((!ptrace_dumpable(child) ||
(current->uid != child->euid) ||
(current->uid != child->uid) ||
(current->uid != child->suid) ||
diff -u --recursive --new-file pre9/linux/fs/proc/base.c linux/fs/proc/base.c
--- pre9/linux/fs/proc/base.c Fri Jul 20 01:03:03 2001
+++ linux/fs/proc/base.c Fri Jul 20 00:59:38 2001
@@ -670,7 +670,7 @@
inode->u.proc_i.task = task;
inode->i_uid = 0;
inode->i_gid = 0;
- if (ino == PROC_PID_INO || task->mm->dumpable) {
+ if (ino == PROC_PID_INO || ptrace_dumpable(task)) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
}
diff -u --recursive --new-file pre9/linux/include/linux/mm.h linux/include/linux/mm.h
--- pre9/linux/include/linux/mm.h Tue Jul 3 15:42:55 2001
+++ linux/include/linux/mm.h Fri Jul 20 00:59:22 2001
@@ -442,6 +442,7 @@
extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
extern int ptrace_readdata(struct task_struct *tsk, unsigned long src, char *dst, int len);
extern int ptrace_writedata(struct task_struct *tsk, char * src, unsigned long dst, int len);
+extern int ptrace_dumpable(struct task_struct *tsk);
/*
* On a two-level page table, this ends up being trivial. Thus the
diff -u --recursive --new-file pre9/linux/kernel/ptrace.c linux/kernel/ptrace.c
--- pre9/linux/kernel/ptrace.c Mon Mar 19 12:35:08 2001
+++ linux/kernel/ptrace.c Fri Jul 20 00:58:46 2001
@@ -16,6 +16,19 @@
#include <asm/pgtable.h>
#include <asm/uaccess.h>
+int ptrace_dumpable(struct task_struct *task)
+{
+ int dumpable = 0;
+ struct mm_struct *mm;
+
+ task_lock(task);
+ mm = task->mm;
+ if (mm)
+ dumpable = mm->dumpable;
+ task_unlock(task);
+ return dumpable;
+}
+
/*
* Access another process' address space, one page at a time.
*/