[openib-general] missing check in uverbs?

Michael S. Tsirkin mst at mellanox.co.il
Sun May 15 06:57:33 PDT 2005 

Hi, Roland!
I had a mix of an updated kernel level code (rev 2350) and an outdated
userspace library. Running ibv_pingpong client I got the following:

Unable to handle kernel NULL pointer dereference at 0000000000000080 RIP:
<ffffffff8801ff15>{:ib_mthca:mthca_mmap_uar+48}
PGD 14e8ee067 PUD 14e8e7067 PMD 0
Oops: 0000 [1] SMP
CPU 1
Modules linked in: ib_uverbs ib_umad ib_mthca ib_mad ib_core
Pid: 3297, comm: ibv_pingpong Not tainted 2.6.11-openib
RIP: 0010:[<ffffffff8801ff15>] <ffffffff8801ff15>{:ib_mthca:mthca_mmap_uar+48}
RSP: 0018:ffff81014f399e88  EFLAGS: 00010286
RAX: 00002aaaab311000 RBX: ffff81015619fcb8 RCX: 0000000000001000
RDX: 00000000ffffffea RSI: 00002aaaab311000 RDI: 0000000000000000
RBP: 0000000000001000 R08: 800000000000003f R09: ffff81015619fcb8
R10: ffff81015619fcb8 R11: 00000000000000b0 R12: 00002aaaab311000
R13: ffff81014e945280 R14: ffff8101573aa4c0 R15: 00000000001000fa
FS:  00002aaaab20a0a0(0000) GS:ffffffff80522d00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000080 CR3: 000000014edfe000 CR4: 00000000000006e0
Process ibv_pingpong (pid: 3297, threadinfo ffff81014f398000, task ffff8101555520f0)
Stack: ffff81014e945280 ffffffff8802f022 0000000000000292 ffffffff8015f6cb
       ffff8101573aa4c0 ffff8101555520f0 ffffffff8012de31 ffff810005d26560
       0000000000000000 0000000100000001
Call Trace:<ffffffff8802f022>{:ib_uverbs:ib_uverbs_mmap+32} <ffffffff8015f6cb>{do_mmap_pgoff+1328}
       <ffffffff8012de31>{finish_task_switch+57} <ffffffff801134e4>{sys_mmap+142}
       <ffffffff8010d08a>{system_call+126}

Code: 48 8b 97 80 00 00 00 4c 89 cf e8 18 c0 13 f8 83 f8 01 19 d2
RIP <ffffffff8801ff15>{:ib_mthca:mthca_mmap_uar+48} RSP <ffff81014f399e88>
CR2: 0000000000000080

This is on 2.6.11, x86_64.
Unfortunately I updated userspace and the problem went away, and
I didnt note what version my userspace was (IIRC something from last Wednesday).
This seems to indicate some sanity check missing in uverbs, does it not?

-- 
MST - Michael S. Tsirkin

More information about the general mailing list