kernel oops on insmod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello.
There is a kernel oops when doing insmod of a module that has symbols, if CONFIG_KALLSYMS is enabled.
Kernel version 2.6.32.42.

Please press Enter to activate this console. CPU 0 Unable to handle kernel paging request at virtual address 000001e0, epc == 80055230, ra == 80058e58
Oops[#1]:
Cpu 0
$ 0   : 00000000 0000006e 000001e0 00000000
$ 4   : 81a5ed20 00000001 81a5ed20 ffffffff
$ 8   : 00000003 80365850 00000010 652e7468
$12   : 696f6e43 00000000 80351068 6865636b
$16   : 00000000 81a5ed20 81a5ed20 00486028
$20   : 00000000 00403828 004080dc 00000002
$24   : 00000010 2ab18370
$28   : 81a2e000 81a2fee0 7ffbd718 80058e58
Hi    : 00000000
Lo    : 00000000
epc   : 80055230 do_mod_ctors+0x24/0x54
    Not tainted
ra    : 80058e58 sys_init_module+0xb0/0x214
Status: 1100fc03    KERNEL EXL IE
Cause : 00800008
BadVA : 000001e0
PrId  : 0001964c (MIPS 24Kc)
Modules linked in: drv_ifxos(+)
Process insmod (pid: 335, threadinfo=81a2e000, task=81872108, tls=00000000)
Stack : 00007590 00486028 00000000 00403828 00000000 004884a0 fffffffc 80058e58
        81817e00 81a45cc0 00488478 8009425c 00000000 00007590 00007808 004884a0
        00486028 2ab7e060 7ffbd8e8 80004544 0048644c 004863dc 004863ec 7f974e64
        00007590 00000000 00000000 00000001 00001020 2ab0b000 004884a0 00007590
        00486028 00000000 00000000 00000001 00000006 81a572dc 00000000 2ab827d8
        ...
Call Trace:
[<80055230>] do_mod_ctors+0x24/0x54
[<80058e58>] sys_init_module+0xb0/0x214
[<80004544>] stack_done+0x20/0x3c

The fields exit, ref, ctors and num_ctors of mod structure are overwritten in add_kallsyms in this loop:

            for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
                        if (!is_core_symbol(src, sechdrs, shnum))
                                    continue;
                        dst[ndst] = *src;
                        dst[ndst].st_name = bitmap_weight(strmap, dst[ndst].st_name);
                        ++ndst;
            }

Pointer values:
mod->module_core = 0x81A7C000
symoffs =  0x2E40
mod->core_symtab = dst = mod->module_core + symoffs = 0x81A7C000 + 0x2E40  = 81A7EE40
mod = 0x81A7ED20
dst[1] points at 0x81A7EE50 and it is the same where mod->exit is located.

Now the oops occurs in do_mod_ctors after module load, because mod->ctors is invalid (0x000001e0 == 480). mod->ctors got written with the „Size” value of symbol.

Num:    Value  Size Type    Bind   Vis      Ndx Name
  266: 00000000   480 FUNC    GLOBAL DEFAULT   43 IFX_Var_Fifo_readElement
--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux