[rds-devel] rds-ping segfault with future/20090218

Andy Grover andy.grover at oracle.com
Tue Feb 24 15:19:55 PST 2009 

Martin Scholl wrote:
> Hello again,
> just workaround'd the issue below -- tiny patch is attached, also.

Hi, thanks for reporting the issue.

> The issue gets triggered by rds_message_alloc() which calls
> sg_init_table with nents == 0, which in turn triggers an "integer
> overflow" afaics (not sure about the terminology here, thought).

Yes, sg_init_table needs nents to be nonzero. I've changed it to only
call sg_init_table if we allocated sg entries.

> I'm sending to andy.g... at oracle.com because I didn't receive any copy of
> my former email.

This is the first email I saw from you... weird.

Thanks again! -- Regards -- Andy

> 
> 
> Hope it helps,
> Martin
> 
> Martin Scholl wrote:
>> Hello all,
>>
>>
>> I have just checked out branch future/20090218 of
>> ~agrover/ofed_1_4/linux-2.6.
>>
>> I get an oops when doing "rds-ping <ip>". I have tested rds-ping on 2
>> machines which both oops'd. As you can see, we are using a Chelsio 10gbe
>> card:
>> 	eth2: Chelsio T310 10GBASE-SR RNIC (rev 3) PCI Express x8 MSI-X
>> 	eth2: 128MB CM, 256MB PMTX, 256MB PMRX, S/N: PTxxxxxxxxx
>>
>> ============================
>>
>> [  394.691599] BUG: unable to handle kernel paging request at
>> ffff88213e0533b8
>> [  394.691605] IP: [<ffffffff803aa7be>] sg_init_table+0x2e/0x50
>> [  394.691613] PGD 202063 PUD 0
>> [  394.691616] Oops: 0000 [#1] SMP
>> [  394.691619] last sysfs file:
>> /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/net/eth2/flags
>> [  394.691622] CPU 0
>> [  394.691623] Modules linked in: rds rdma_cm ib_cm iw_cm ib_sa ib_mad
>> ib_addr iw_cxgb3 ib_core cxgb3 binfmt_misc rfcomm bridge stp bnep sco
>> l2cap bluetooth cpufreq_powersave cpufreq_stats cpufreq_userspace
>> cpufreq_conservative cpufreq_ondemand freq_table pci_slot video output
>> sbs sbshc container battery nfs lockd nfs_acl auth_rpcgss sunrpc
>> af_packet ipv6 iptable_filter ip_tables x_tables nls_iso8859_1 nls_cp437
>> vfat fat ac r8169 mii evdev iTCO_wdt iTCO_vendor_support serio_raw
>> pcspkr button intel_agp shpchp pci_hotplug ext3 jbd mbcache sd_mod
>> crc_t10dif sg ata_generic ata_piix pata_acpi libata scsi_mod skge
>> ehci_hcd uhci_hcd usbcore thermal processor fan fuse [last unloaded: cxgb3]
>> [  394.691676] Pid: 5623, comm: rds-ping Not tainted 2.6.29-rc5-ofed #1
>> G31M-S2L
>> [  394.691678] RIP: 0010:[<ffffffff803aa7be>]  [<ffffffff803aa7be>]
>> sg_init_table+0x2e/0x50
>> [  394.691682] RSP: 0018:ffff88013d145b68  EFLAGS: 00010202
>> [  394.691684] RAX: 0000001fffffffe0 RBX: 0000000000000000 RCX:
>> 0000000000000000
>> [  394.691686] RDX: ffff88213e0533b8 RSI: 0000000000000000 RDI:
>> ffff88013e0533d8
>> [  394.691688] RBP: ffff88013d145b78 R08: 0000000000000000 R09:
>> ffff88013e0533d8
>> [  394.691690] R10: 0000000000000000 R11: 0000000000000246 R12:
>> ffff88013e0533d8
>> [  394.691692] R13: ffff88013d145ee8 R14: ffff880132c29a00 R15:
>> 000000000d0b000a
>> [  394.691695] FS:  00007f0cad9966e0(0000) GS:ffffffff80794080(0000)
>> knlGS:0000000000000000
>> [  394.691697] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [  394.691699] CR2: ffff88213e0533b8 CR3: 000000013293c000 CR4:
>> 00000000000006e0
>> [  394.691701] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [  394.691703] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
>> 0000000000000400
>> [  394.691706] Process rds-ping (pid: 5623, threadinfo ffff88013d144000,
>> task ffff880132412c80)
>> [  394.691707] Stack:
>> [  394.691709]  ffff88013e053300 0000000000000000 ffff88013d145b98
>> ffffffffa03e1849
>> [  394.691712]  ffff88013d145f28 ffff88013d145ee8 ffff88013d145be8
>> ffffffffa03e1c60
>> [  394.691716]  0000000000000000 0000000000000000 0000000000000000
>> 0000000000000000
>> [  394.691720] Call Trace:
>> [  394.691722]  [<ffffffffa03e1849>] rds_message_alloc+0x39/0x70 [rds]
>> [  394.691734]  [<ffffffffa03e1c60>]
>> rds_message_copy_from_user+0x30/0x1a0 [rds]
>> [  394.691744]  [<ffffffffa03e2f26>] rds_sendmsg+0x116/0x610 [rds]
>> [  394.691754]  [<ffffffff8044db17>] sock_sendmsg+0x107/0x130
>> [  394.691758]  [<ffffffff80260b90>] ? autoremove_wake_function+0x0/0x40
>> [  394.691763]  [<ffffffff804fb4b7>] ? wait_for_common+0x37/0x180
>> [  394.691766]  [<ffffffff803a4362>] ? __up_read+0x92/0xb0
>> [  394.691770]  [<ffffffff802648e9>] ? up_read+0x9/0x10
>> [  394.691774]  [<ffffffff804ffc76>] ? do_page_fault+0x216/0x9f0
>> [  394.691777]  [<ffffffff8044dfaa>] sys_sendto+0xea/0x120
>> [  394.691780]  [<ffffffff8044d380>] ? sys_bind+0xb0/0xd0
>> [  394.691783]  [<ffffffff802e6130>] ? fd_install+0x30/0x60
>> [  394.691787]  [<ffffffff8020c75b>] system_call_fastpath+0x16/0x1b
>> [  394.691791] Code: 48 c1 e2 05 48 89 e5 48 83 ec 10 48 89 1c 24 89 f3
>> 31 f6 4c 89 64 24 08 49 89 fc e8 9d d0 ff ff 8d 43 ff 48 c1 e0 05 49 8d
>> 14 04 <48> 8b 02 48 83 c8 02 48 83 e0 fe 48 89 02 48 8b 1c 24 4c 8b 64
>> [  394.691822] RIP  [<ffffffff803aa7be>] sg_init_table+0x2e/0x50
>> [  394.691825]  RSP <ffff88013d145b68>
>> [  394.691826] CR2: ffff88213e0533b8
>> [  394.691829] ---[ end trace b08cc1b2d667feeb ]---
>>
>>
>> ===========================
>>
>> Am I doing anything wrong here? Is there anything I can do to help you
>> fix the issue?
>>
>>
>> Thank you,
>> Martin
>>
>

More information about the rds-devel mailing list