linux-mips
[Top] [All Lists]

Re: [PATCH v2] MIPS: Make TASK_SIZE reflect proper size for both 32 and

To: ralf@linux-mips.org
Subject: Re: [PATCH v2] MIPS: Make TASK_SIZE reflect proper size for both 32 and 64 bit processes.
From: David Daney <ddaney@caviumnetworks.com>
Date: Wed, 13 Oct 2010 14:46:10 -0700
Cc: linux-mips@linux-mips.org
In-reply-to: <1286992415-21167-1-git-send-email-ddaney@caviumnetworks.com>
Original-recipient: rfc822;linux-mips@linux-mips.org
References: <1286992415-21167-1-git-send-email-ddaney@caviumnetworks.com>
Sender: linux-mips-bounce@linux-mips.org
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100907 Fedora/3.0.7-1.fc12 Thunderbird/3.0.7
On 10/13/2010 10:53 AM, David Daney wrote:
[...]

-#define __UA_LIMIT     (- TASK_SIZE)
+#define __UA_LIMIT     (1ul<<  63)


This doesn't work:

Unhandled kernel unaligned access[#1]:
Cpu 7
$ 0   : 0000000000000000 10c38ca810c38c78 0000000000000000 0000000000000000
$ 4   : ffffffff811238ac 10c38ca810c38c68 0000000010108ce3 10c38ca810c38c68
$ 8   : 0000000000000000 10c38ca810c38c68 10c38ca810c38c68 10c38ca810c38c68
$12   : 0000000010108ce1 000000001000001e ffffffff8117aa08 ffffffff815905c8
$16   : ffffffffdca80000 a80000009271bcd0 8000000000000000 00000001208d0094
$20   : 10c38ca810c38c68 0000005558776460 ffffffffffffffa7 0000005558776428
$24   : 0000000000000000 0000005558aace60
$28   : a800000092718000 a80000009271bca0 0000005558776420 ffffffff81100880
Hi    : 0000000000000249
Lo    : 077c561f20000000
epc   : ffffffff811238c4 do_ade+0x1f4/0x490
    Not tainted
ra    : ffffffff81100880 ret_from_exception+0x0/0x8
Status: 10108ce3    KX SX UX KERNEL EXL IE
Cause : 00800010
BadVA : 10c38ca810c38c68
PrId  : 000d0409 (Cavium Octeon+)
Modules linked in:
Process loop-3.exe (pid: 31583, threadinfo=a800000092718000, task=a8000000b6529fc8, tls=000000555c5ca880)
Stack : 0000000000000008 0000000000000080 10c38ca810c38c68 0000000000000008
        00000001208d0094 ffffffff81100880 0000000000000000 10c38ca810c38c78
        0000000000000000 8000000000000000 a80000009271be38 10c38ca810c38c68
        0000000000000010 10c38ca810c38c68 0000000000000000 10c38ca810c38c68
        10c38ca810c38c68 10c38ca810c38c68 0000000000000000 0000000000000000
        ffffffff8117aa08 ffffffff815905c8 0000000000000080 10c38ca810c38c68
        0000000000000008 00000001208d0094 10c38ca810c38c68 0000005558776460
        ffffffffffffffa7 0000005558776428 0000000000000000 0000005558aace60
        ffffffff814f8ba8 ffffffff81123f14 a800000092718000 a80000009271be30
        0000005558776420 ffffffff8117aae8 0000000010108ce3 0000000000000249
        ...
Call Trace:
[<ffffffff811238c4>] do_ade+0x1f4/0x490
[<ffffffff81100880>] ret_from_exception+0x0/0x8
[<ffffffff81100590>] less_than_4units+0xc/0x5c
[<ffffffff8117aae8>] SyS_futex+0xe0/0x1c0
[<ffffffff81102bc4>] handle_sys64+0x44/0x60



We are doing a copy_from_user(), with a bad address passed in from userspace. The access_ok() says it is fine, but when we drop into the memcpy, we get the Address Error Exception because we exceeded SEGBITS.

Really we want to clamp things at the SEGBITS boundry.

David Daney

<Prev in Thread] Current Thread [Next in Thread>