[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Yet another [PATCH] blkfront: Fix wild ptr deref during device destruction.

On Thu, 2010-02-25 at 05:02 -0500, Daniel Stodden wrote:
> On Thu, 2010-02-25 at 04:57 -0500, Daniel Stodden wrote:
> > On Thu, 2010-02-25 at 03:28 -0500, Jan Beulich wrote:
> > > Wouldn't it be better to move blk_cleanup_queue() even before 
> > > del_gendisk()?
> > 
> > No.
> 
> Well, I beg you to differ. Maybe this changed, after all this is 2.6.3x.

Oh, I guess the answer is no. I just came across the same issue in a
debian/lenny while detaching a CD on 2.6.32.

Daniel

Feb 25 13:33:18 debian kernel: [  455.074625] *pdpt = 000000000eff8027 *pde = 
0000000000000000 
Feb 25 13:33:18 debian kernel: [  455.074660] Modules linked in: xenfs nls_utf8 
isofs nls_base loop evdev snd_pcsp snd_pcm snd_timer snd soundcore xen_netfront 
snd_page_alloc ext3 jbd mbcache xen_blkfront thermal_sys
Feb 25 13:33:18 debian kernel: [  455.074727] 
Feb 25 13:33:18 debian kernel: [  455.074733] Pid: 1114, comm: umount Not 
tainted (2.6.32-2-686-bigmem #1) 
Feb 25 13:33:18 debian kernel: [  455.074743] EIP: 0061:[<c1139509>] EFLAGS: 
00010206 CPU: 0
Feb 25 13:33:18 debian kernel: [  455.074751] EIP is at 
kobject_uevent_env+0x3d/0x35c
Feb 25 13:33:18 debian kernel: [  455.074759] EAX: 00000ad1 EBX: cf9562a8 ECX: 
00000000 EDX: 00000ad1
Feb 25 13:33:18 debian kernel: [  455.074768] ESI: cfb00800 EDI: cfb00200 EBP: 
cf9562a8 ESP: ced73eac
Feb 25 13:33:18 debian kernel: [  455.074777]  DS: 007b ES: 007b FS: 00d8 GS: 
00e0 SS: 0069
Feb 25 13:33:18 debian kernel: [  455.074801]  00000000 00000001 00000ad1 
00000000 c1309b85 ced73ec0 ced73ec0 cf915300
Feb 25 13:33:18 debian kernel: [  455.074828] <0> c12f8540 cfb00200 cf9562a8 
cfb00800 cfb00200 00000000 c1125113 ce6ceeb0
Feb 25 13:33:18 debian kernel: [  455.074859] <0> c112d430 cfb00800 cfb00800 
c1130ba3 0000000a c10f509d cfb00800 00000000
Feb 25 13:33:18 debian kernel: [  455.074903]  [<c1125113>] ? 
elv_unregister_queue+0x17/0x21
Feb 25 13:33:18 debian kernel: [  455.074915]  [<c112d430>] ? 
blk_unregister_queue+0x26/0x59
Feb 25 13:33:18 debian kernel: [  455.074926]  [<c1130ba3>] ? 
unlink_gendisk+0x27/0x3b
Feb 25 13:33:18 debian kernel: [  455.074937]  [<c10f509d>] ? 
del_gendisk+0x7b/0xf6
Feb 25 13:33:18 debian kernel: [  455.074949]  [<d082fc73>] ? 
blkfront_closing+0x68/0x72 [xen_blkfront]
Feb 25 13:33:18 debian kernel: [  455.074961]  [<d08300c4>] ? 
blkif_release+0x38/0x3d [xen_blkfront]
Feb 25 13:33:18 debian kernel: [  455.074974]  [<c10d9744>] ? 
__blkdev_put+0x7a/0x10f
Feb 25 13:33:18 debian kernel: [  455.074985]  [<c10ea727>] ? 
vfs_quota_off+0x0/0xd
Feb 25 13:33:18 debian kernel: [  455.074996]  [<c10bc913>] ? 
deactivate_super+0x4a/0x5f
Feb 25 13:33:18 debian kernel: [  455.075007]  [<c10cc6c5>] ? 
sys_umount+0x28b/0x2b1
Feb 25 13:33:18 debian kernel: [  455.075017]  [<c10cc6f6>] ? 
sys_oldumount+0xb/0xe
Feb 25 13:33:18 debian kernel: [  455.075029]  [<c1007f7b>] ? 
sysenter_do_call+0x12/0x28
Feb 25 13:33:18 debian kernel: [  455.075243] ---[ end trace 91b332cfeb23bfaf 
]---



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.