When running LTP, I notice that recent kernel has a kernel access fault: <1>Unable to handle kernel paging request at virtual address 00000000, epc == 80273860, ra == 80205aa4 Oops in fault.c:do_page_fault, line 204: $0 : 00000000 10001f00 00000002 00000002 00000000 86df5e98 00000001 00000040 $8 : 00000000 00000000 00000001 ffffffff 00000002 802b4864 00000001 00000001 $16: 100003d8 00000000 00000002 86df5e98 00401080 10002df8 00000000 00000097 $24: 0000000a 802e7ab6 86df4000 86df5e60 7fff7c60 80205aa4 Hi : 00000000 Lo : 00000000 epc : 80273860 Not tainted Status: 10001f03 Cause : 9080800c .... Tracing error reveals that user process passed a NULL buffer pointer to sys_getpeername() syscall, probably intentionally. Then it goes all the way down to copy_to_user(0x0, ..., ...) and caused a oops as above. As a result of oops the user process is killed. However I am not sure if this is the right way to respond to an ill argument. copy_to_user() probably should catch this case and return some meaningful error back to the caller. I am not sure what is the best way to achieve this. Any thoughts? Jun
