Hi!
The following back-trace (by the excellent kgdb) illustrates a problem
with rtnetlink. The function rtmsg_ifinfo is called from interrupt
context when inserting a cardbus card. It tries to allocate an skb
with GFP_KERNEL, causing a kernel panic. I changed the allocate flag
to GFP_ATOMIC, and all seems fine now. I have only had be brief look
at the code, and the fix should be verified by someone. The bug is
real, though.
(Linux 2.3.99-pre3)
/Tobias
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) rmt
0xc0110ee9 in breakpoint () at gdbstub.c:711
711 if (initialized) BREAKPOINT();
(gdb) break skbuff.c:140
Breakpoint 1 at 0xc01e2858: file skbuff.c, line 140.
(gdb) c
Continuing.
Breakpoint 1, alloc_skb (size=0xf60, gfp_mask=0x7) at skbuff.c:140
140 if (++count < 5) {
(gdb) bt
#0 alloc_skb (size=0xf60, gfp_mask=0x7) at skbuff.c:140
#1 0xc01e883c in rtmsg_ifinfo (type=0x10, dev=0xc4090800, change=0xffffffff)
at rtnetlink.c:258
#2 0xc01e8cee in rtnetlink_event (this=0xc0290020, event=0x5, ptr=0xc4090800)
at rtnetlink.c:505
#3 0xc01e576b in register_netdevice (dev=0xc4090800) at
/home/tori/linux-2.3-2/include/linux/notifier.h:71
#4 0xc01a411b in init_netdev (dev=0x0, sizeof_priv=0x3b8, mask=0xc0249ef1
"eth%d", setup=0xc01a41b0 <ether_setup>) at net_init.c:138
#5 0xc01a4146 in init_etherdev (dev=0x0, sizeof_priv=0x3b8) at net_init.c:164
#6 0xc01a3239 in tulip_init_one (pdev=0xc401fc00, ent=0xc028bc98) at
tulip_core.c:1003
#7 0xc01c4f59 in pci_announce_device (drv=0xc028bea0, dev=0xc401fc00) at
pci.c:289
#8 0xc01c5079 in pci_insert_device (dev=0xc401fc00, bus=0xc40eb0a0) at
pci.c:339
#9 0xc01d0431 in cb_alloc (s=0xc1132000) at cardbus.c:319
#10 0xc01c7c65 in unreset_socket (i=0x0) at cs.c:571
#11 0xc011fb6a in timer_bh () at timer.c:283
#12 0xc011cdb9 in bh_action (nr=0x0) at softirq.c:239
#13 0xc011cd08 in tasklet_hi_action (a=0xc02c3d00) at softirq.c:175
#14 0xc011cbda in do_softirq () at softirq.c:73
#15 0xc010bf74 in do_IRQ (regs={ebx = 0xc0108990, ecx = 0xc40f6000, edx =
0xc0294000, esi = 0xc0294000, edi = 0xc0108990,
ebp = 0xc0295fd4, eax = 0x0, xds = 0xc0100018, xes = 0xc0290018, orig_eax
= 0xffffff00, eip = 0xc01089b6, xcs = 0x10,
eflags = 0x246, esp = 0xc0295fe8, xss = 0xc0108a02}) at irq.c:628
#16 0xc010ad44 in ret_from_intr () at usb-uhci.c:2819
#17 0xc0108a02 in cpu_idle () at process.c:104
#18 0xc0296b26 in start_kernel () at init/main.c:581
#19 0xc010018e in L6 () at usb-uhci.c:2819
Cannot access memory at address 0xa0.
(gdb)
--- rtnetlink.c.orig Sat Apr 1 12:49:12 2000
+++ rtnetlink.c Sat Apr 1 12:49:18 2000
@@ -255,7 +255,7 @@
struct sk_buff *skb;
int size = NLMSG_GOODSIZE;
- skb = alloc_skb(size, GFP_KERNEL);
+ skb = alloc_skb(size, GFP_ATOMIC);
if (!skb)
return;
@@ -264,7 +264,7 @@
return;
}
NETLINK_CB(skb).dst_groups = RTMGRP_LINK;
- netlink_broadcast(rtnl, skb, 0, RTMGRP_LINK, GFP_KERNEL);
+ netlink_broadcast(rtnl, skb, 0, RTMGRP_LINK, GFP_ATOMIC);
}
static int rtnetlink_done(struct netlink_callback *cb)
|