Project

General

Profile

Actions

Bug #5384

closed

pvn_getpages may assert in valid scenarios

Added by Josef Sipek almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2014-12-03
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:

Description

The assertion tries to ensure that the page list is large enough for the result. However, it fails to take into consideration that the page list is optional - and that it that case the page list size will be less than the expected length.

> ::status
debugging crash dump vmcore.0 (64-bit) from osiris
operating system: 5.11 pvn-getpages (i86pc)
image uuid: 52104cf6-9217-ce01-ef62-b2599905c0d0
panic message: assertion failed: plsz >= len, file: ../../common/vm/vm_pvn.c, line: 1118
dump content: kernel pages only
> $c
vpanic()
0xfffffffffbdf23c8()
pvn_getpages+0x1f5(fffffffff79e9460, ffffff05b3738f00, 0, 1000, 0, 0)
tmp_getpage+0x1a8(ffffff05b3738f00, 0, 1000, 0, 0, 0)
fop_getpage+0x7e(ffffff05b3738f00, 0, 1000, 0, 0, 0)
segvn_faulta+0x17c(ffffff053e44d780, 8050000)
as_faulta+0x143(ffffff0b54055800, 8050000, 23f8)
memcntl+0x53d(8050000, 23f8, 4, 3, 0, 0)
sys_syscall32+0x1f7()

The 5th and 6th args to tmp_getpage are both 0s - IOW, pl NULL, plsz 0. This is valid.

Actions

Also available in: Atom PDF