This is the mail archive of the
mailing list for the systemtap project.
RE: BUG: sleeping function called from invalid context at kernel/rwsem.c:20
- From: "Stone, Joshua I" <joshua dot i dot stone at intel dot com>
- To: "Keshavamurthy, Anil S" <anil dot s dot keshavamurthy at intel dot com>
- Cc: <systemtap at sourceware dot org>
- Date: Fri, 8 Sep 2006 15:02:21 -0700
- Subject: RE: BUG: sleeping function called from invalid context at kernel/rwsem.c:20
On Friday, September 08, 2006 11:38 AM, Keshavamurthy Anil S wrote:
> On Fri, Sep 08, 2006 at 11:09:48AM -0700, Keshavamurthy Anil S wrote:
> More debugging resulted that Systemtap generated code is
> calling down_read() in the probe handler code path.
> down_read()->might_sleep()->__might_sleep(__FILE__, __LINE__);
> If CONFIG_DEBUG_SPINLOCK_SLEEP is turned off, then we don;t see the
> dump. But Red Hat's default kernel config has this option turned on.
> Overall, looks to me that Systemtap in the first place should not use
> rw_semaphore calls in the probe handler code path.
The call stack you listed before showed that you were in
ia64_page_fault, preceded by user_string_quoted. That function is
apparently not protecting against faults properly. user_string_quoted
calls _stp_text_str with the 'user' flag set. _stp_text_str only
validates access_ok on the first byte of the string, and then it calls
__get_user to read the rest. I thought that __get_user would catch
faults, but maybe not...
The other user_string_* functions call _stp_strncpy_from_user, which
checks access_ok on the length of the *destination* buffer. This also
seems wrong, because the source might be a very short string, where
reading a longer string would be invalid.