This is the mail archive of the mailing list for the systemtap project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: BUG: sleeping function called from invalid context at kernel/rwsem.c:20

On Friday, September 08, 2006 11:38 AM, Keshavamurthy Anil S wrote:
> On Fri, Sep 08, 2006 at 11:09:48AM -0700, Keshavamurthy Anil S wrote:
> More debugging resulted that Systemtap generated code is
> calling down_read() in the probe handler code path.
> down_read()->might_sleep()->__might_sleep(__FILE__, __LINE__);
> If CONFIG_DEBUG_SPINLOCK_SLEEP is turned off, then we don;t see the
> dump. But Red Hat's default kernel config has this option turned on.
> Overall, looks to me that Systemtap in the first place should not use
> rw_semaphore calls in the probe handler code path.

The call stack you listed before showed that you were in
ia64_page_fault, preceded by user_string_quoted.  That function is
apparently not protecting against faults properly.  user_string_quoted
calls _stp_text_str with the 'user' flag set.  _stp_text_str only
validates access_ok on the first byte of the string, and then it calls
__get_user to read the rest.  I thought that __get_user would catch
faults, but maybe not...

The other user_string_* functions call _stp_strncpy_from_user, which
checks access_ok on the length of the *destination* buffer.  This also
seems wrong, because the source might be a very short string, where
reading a longer string would be invalid.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]