From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 1 11:45:55 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E8B216A41F for ; Thu, 1 Dec 2005 11:45:55 +0000 (GMT) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [195.245.194.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id E52F343D49 for ; Thu, 1 Dec 2005 11:45:46 +0000 (GMT) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from pm513-1.comsys.ntu-kpi.kiev.ua (pm513-1.comsys.ntu-kpi.kiev.ua [10.18.52.101]) (authenticated bits=0) by comsys.ntu-kpi.kiev.ua (8.12.10/8.12.10) with ESMTP id jB1Bu8VO053245 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 1 Dec 2005 13:56:09 +0200 (EET) Received: by pm513-1.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1001) id 2AB965C023; Thu, 1 Dec 2005 13:45:47 +0200 (EET) Date: Thu, 1 Dec 2005 13:45:47 +0200 From: Andrey Simonenko To: Daniel Rudy Message-ID: <20051201114547.GA1843@pm513-1.comsys.ntu-kpi.kiev.ua> References: <438E9BDF.4060902@pacbell.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <438E9BDF.4060902@pacbell.net> User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-4.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on comsys.ntu-kpi.kiev.ua X-Virus-Scanned: ClamAV 0.82/1198/Tue Nov 29 12:05:20 2005 on comsys.ntu-kpi.kiev.ua X-Virus-Status: Clean Cc: freebsd-hackers@freebsd.org Subject: Re: Page fault in kernel mode from LKM X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 11:45:55 -0000 On Wed, Nov 30, 2005 at 10:44:47PM -0800, Daniel Rudy wrote: > > > http://pastebin.com/444571 > > I'm not sure WHY it keeps panicing the system. This is code that is > part of a klm that I'm writing. Any ideas? > It would be better to insert code of your KLD in your letter. I think your KLD module has some problems. You cannot access vm_map without holding lock on vm_map, use vm_map_lock() and vm_map_unlock() for this. If some program is multithreaded, then some thread can use sbrk() (which calls obreak()) and you will have race condition between your functions mod_xfrom_allocate() and mod_xform_free(). As I understand mod_syscall_open() is a wrapper for open() syscall and its address is setuped in p_sysent->sv_table. If my assumption is correct, then your wrapper gets pointer to uap, which is already in the kernel space. Read i386/trap.c:syscall(), copyin() already was called for the address in the user space. Why you do not see this mistake? Because return value of copyin() and copyout() should be checked. I think you get EFAULT from copyin, since uap is in stack, which is in KVM. You correctly noticed that original open() returns EFAULT, this is because supplied buffer has garbage. If I understood your code correctly, then it looks like, that you need to revisit logic of your wrapper, and allocate memory only for arguments which are in the user space. Also, I'm not sure why you decided (again incorrectly) to copy *uap back to user space, it can confuse program. Hope this can help.