On Fri, 4 Jun 2010, Tony Luck wrote: > > At the point of dereference it looks like we were trying > to load a 4-byte data object from offset 552 into the > "struct module *" that wa returned by load_module(). Sounds like 'mod->num_ctors' loaded by do_mod_ctors(). It's a 4-byte field in roughly that area. What does a NaT consumption fault mean, and does it give the invalid address it was loaded off? In the successful path of "load_module()", we will have dereferenced the "mod" pointer we return just before, so I wonder if there's some error case that incorrectly returns a positive errno instead of a negative one, and causes us to miss the "IS_ERR()" check or something. There's a couple of checking routines in module.c that do not return a negative error, but instead return 0/1. The one I looked at was converted into a negative error, but there are several cases of if (err) return ERR_PTR(err) and if something does that on a 0/1 value, it will return a bogus pointer. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
