WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Yet another [PATCH] blkfront: Fix wild ptr deref during

from [Daniel Stodden] [Permanent Link][Original]
To: Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] Yet another [PATCH] blkfront: Fix wild ptr deref during device destruction.
From: Daniel Stodden <daniel.stodden@xxxxxxxxxx>
Date: Thu, 25 Feb 2010 14:54:31 -0800
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Jake Wires <Jake.Wires@xxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>
Delivery-date: Thu, 25 Feb 2010 14:55:18 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1267092157.4996.1760.camel@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4B85AE5C.8050603@xxxxxxxx> <1267053644.5962.409.camel@xxxxxxxxxxxxxxxxxxxxxxx> <4B85B58D.20204@xxxxxxxx> <1267056730.5962.596.camel@xxxxxxxxxxxxxxxxxxxxxxx> <1267056967.5962.616.camel@xxxxxxxxxxxxxxxxxxxxxxx> <1267057462.5962.660.camel@xxxxxxxxxxxxxxxxxxxxxxx> <4B8642D10200007800031353@xxxxxxxxxxxxxxxxxx> <1267091839.4996.1757.camel@xxxxxxxxxxxxxxxxxxx> <1267092157.4996.1760.camel@xxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On Thu, 2010-02-25 at 05:02 -0500, Daniel Stodden wrote:
> On Thu, 2010-02-25 at 04:57 -0500, Daniel Stodden wrote:
> > On Thu, 2010-02-25 at 03:28 -0500, Jan Beulich wrote:
> > > Wouldn't it be better to move blk_cleanup_queue() even before 
> > > del_gendisk()?
> > 
> > No.
> 
> Well, I beg you to differ. Maybe this changed, after all this is 2.6.3x.

Oh, I guess the answer is no. I just came across the same issue in a
debian/lenny while detaching a CD on 2.6.32.

Daniel

Feb 25 13:33:18 debian kernel: [  455.074625] *pdpt = 000000000eff8027 *pde = 
0000000000000000 
Feb 25 13:33:18 debian kernel: [  455.074660] Modules linked in: xenfs nls_utf8 
isofs nls_base loop evdev snd_pcsp snd_pcm snd_timer snd soundcore xen_netfront 
snd_page_alloc ext3 jbd mbcache xen_blkfront thermal_sys
Feb 25 13:33:18 debian kernel: [  455.074727] 
Feb 25 13:33:18 debian kernel: [  455.074733] Pid: 1114, comm: umount Not 
tainted (2.6.32-2-686-bigmem #1) 
Feb 25 13:33:18 debian kernel: [  455.074743] EIP: 0061:[<c1139509>] EFLAGS: 
00010206 CPU: 0
Feb 25 13:33:18 debian kernel: [  455.074751] EIP is at 
kobject_uevent_env+0x3d/0x35c
Feb 25 13:33:18 debian kernel: [  455.074759] EAX: 00000ad1 EBX: cf9562a8 ECX: 
00000000 EDX: 00000ad1
Feb 25 13:33:18 debian kernel: [  455.074768] ESI: cfb00800 EDI: cfb00200 EBP: 
cf9562a8 ESP: ced73eac
Feb 25 13:33:18 debian kernel: [  455.074777]  DS: 007b ES: 007b FS: 00d8 GS: 
00e0 SS: 0069
Feb 25 13:33:18 debian kernel: [  455.074801]  00000000 00000001 00000ad1 
00000000 c1309b85 ced73ec0 ced73ec0 cf915300
Feb 25 13:33:18 debian kernel: [  455.074828] <0> c12f8540 cfb00200 cf9562a8 
cfb00800 cfb00200 00000000 c1125113 ce6ceeb0
Feb 25 13:33:18 debian kernel: [  455.074859] <0> c112d430 cfb00800 cfb00800 
c1130ba3 0000000a c10f509d cfb00800 00000000
Feb 25 13:33:18 debian kernel: [  455.074903]  [<c1125113>] ? 
elv_unregister_queue+0x17/0x21
Feb 25 13:33:18 debian kernel: [  455.074915]  [<c112d430>] ? 
blk_unregister_queue+0x26/0x59
Feb 25 13:33:18 debian kernel: [  455.074926]  [<c1130ba3>] ? 
unlink_gendisk+0x27/0x3b
Feb 25 13:33:18 debian kernel: [  455.074937]  [<c10f509d>] ? 
del_gendisk+0x7b/0xf6
Feb 25 13:33:18 debian kernel: [  455.074949]  [<d082fc73>] ? 
blkfront_closing+0x68/0x72 [xen_blkfront]
Feb 25 13:33:18 debian kernel: [  455.074961]  [<d08300c4>] ? 
blkif_release+0x38/0x3d [xen_blkfront]
Feb 25 13:33:18 debian kernel: [  455.074974]  [<c10d9744>] ? 
__blkdev_put+0x7a/0x10f
Feb 25 13:33:18 debian kernel: [  455.074985]  [<c10ea727>] ? 
vfs_quota_off+0x0/0xd
Feb 25 13:33:18 debian kernel: [  455.074996]  [<c10bc913>] ? 
deactivate_super+0x4a/0x5f
Feb 25 13:33:18 debian kernel: [  455.075007]  [<c10cc6c5>] ? 
sys_umount+0x28b/0x2b1
Feb 25 13:33:18 debian kernel: [  455.075017]  [<c10cc6f6>] ? 
sys_oldumount+0xb/0xe
Feb 25 13:33:18 debian kernel: [  455.075029]  [<c1007f7b>] ? 
sysenter_do_call+0x12/0x28
Feb 25 13:33:18 debian kernel: [  455.075243] ---[ end trace 91b332cfeb23bfaf 
]---



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Using xen-unstable, dom0 hangs during boot, Nadolski, Ed
Next by Date:  Re: [Xen-devel] Using xen-unstable, dom0 hangs during boot, Jeremy Fitzhardinge
Previous by Thread:  Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden
Next by Thread:  [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy