Re: [PATCH?] Crash in 2.4.17/ptrace

Daniel Jacobowitz (dan@debian.org)
Mon, 28 Jan 2002 16:19:00 -0500

On Mon, Jan 28, 2002 at 01:03:05PM -0800, Andrew Morton wrote:
> Oh nice. And it seems that, say, an O_DIRECT write of, say,
> a mmaped framebuffer will also oops the kernel.
>
> Most callers of get_user_pages() aren't prepared for a
> null page* in the returned array.
>
> This patch *may* be sufficient, but perhaps get_user_pages()
> should just bale out as soon as it finds an invalid page, rather
> than sticking a null page * into the returned array and continuing.
>
> --- linux-2.4.18-pre7/mm/memory.c Fri Dec 21 11:19:23 2001
> +++ linux-akpm/mm/memory.c Mon Jan 28 12:54:40 2002
> @@ -453,6 +453,7 @@ int get_user_pages(struct task_struct *t
> vma = find_extend_vma(mm, start);
>
> if ( !vma ||
> + (vma->vm_flags & VM_IO) ||
> (!force &&
> ((write && (!(vma->vm_flags & VM_WRITE))) ||
> (!write && (!(vma->vm_flags & VM_READ))) ) )) {

Frame buffers aren't reliable marked VM_IO when mapped, currently. Ben
H. said he was going to push a fix for this at least to the PPC trees
today or tomorrow.

It's cute - fbmem.c goes out of its way to set the flag on some
architectures and not others. I can't imagine why.

But with that, yes, that should fix it.

> > Of course, I would much rather be able to see the contents of the
> > framebuffer. Any suggestions?
>
> Not with this patch, I'm afraid. For your testing purposes you
> could just remove the VALID_PAGE() test in mm/memory.c:get_page_map(),
> and then gdb should be able to get at the framebuffer.

I'm sure there's a good reason to not do that in general. Mind
enlightening me?

-- 
Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/