On 12/26/2012 02:02 PM, joeyli wrote:
Maybe you can try v3.8-rc1 kernel.
hm... I just re-test and do more times, I also can reproduce on v3.8-rc1
and 54e37b8dbe branch now.
Good news you reproduce it. I manage to isolate the following reproducer.
This reproducer causes general protection fault, NULL dereference or just
hanging on QEMU/OVMF (OVMF-0.1+r13902-1.1) with 3.8-rc1 vanilla kernel.
With a logging point in efivarfs_file_write checking &efivars->lock, it
looks like the spinlock is corrupted before call trace kicks in.
Currently deletion with efivarfs_file_write just does the same thing of
unlinking an file while it's open.
Steps to reproduce:
$ gcc efivarfs-unlink-open-file.c -o efivarfs-unlink-open-file
# mount -t efivarfs - /sys/firmware/efi/efivars
# ./efivarfs-unlink-open-file
[ 74.893152] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 74.894131] IP: [<ffffffff81646b4e>] _raw_spin_lock+0xe/0x30
[ 74.894131] PGD 78b3d067 PUD 3f91b067 PMD 0
[ 74.894131] Oops: 0002 [#1] SMP
(...)
---
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
char path[] =
"/sys/firmware/efi/efivars/Lang-8be4df61-93ca-11d2-aa0d-00e098032b8c";
int main()
{
int fd;
fd = open(path, O_RDONLY);
if (fd < 0) {
perror("open");
return 1;
}
if (unlink(path) < 0) {
perror("unlink");
return 1;
}
if (read(fd, NULL, 0) < 0) {
perror("read");
return 1;
}
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
