From owner-freebsd-alpha Mon Jan 21 9:13:47 2002 Delivered-To: freebsd-alpha@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 515D437B4E3 for ; Mon, 21 Jan 2002 09:11:31 -0800 (PST) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id MAA12308; Mon, 21 Jan 2002 12:11:27 -0500 (EST) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g0LHAvc33966; Mon, 21 Jan 2002 12:10:57 -0500 (EST) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15436.19361.398632.413668@grasshopper.cs.duke.edu> Date: Mon, 21 Jan 2002 12:10:57 -0500 (EST) To: Bernd Walter Cc: freebsd-alpha@FreeBSD.ORG Subject: Re: 4.5-RC panic In-Reply-To: <20020121172920.U58301@cicely8.cicely.de> References: <20020121035556.D58301@cicely8.cicely.de> <15436.8686.765933.505738@grasshopper.cs.duke.edu> <20020121172920.U58301@cicely8.cicely.de> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-alpha@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bernd Walter writes: > > I did not follow the -stable commits regulary so I can't say. > The box has some memory load so I wouldn't be surprised if the complete > tcsh was swapped. > > > Can you disassemble this and see if its faulting on the call or the return? > > int > sigreturn(struct proc *p, > struct sigreturn_args /* { > ucontext_t *sigcntxp; > } */ *uap) > { > fffffc00004d0354: 09 04 f0 47 mov a0,s0 > ucontext_t uc, *ucp; > struct pcb *pcb; > unsigned long val; > > if (((struct osigcontext*)uap->sigcntxp)->sc_regs[R_ZERO] == 0xACEDBADE) Directly deref'ing a user pointer inside the kernel looks pretty bad to me. It makes sense you'd panic if tcsh was swapped out. It looks like this bug is over 2 years old.. Can you reproduce this? I've appended an untested patch to try. Please check over my pointer arith.. Drew Index: machdep.c =================================================================== RCS file: /home/ncvs/src/sys/alpha/alpha/machdep.c,v retrieving revision 1.68.2.15 diff -u -r1.68.2.15 machdep.c --- machdep.c 13 Dec 2001 19:18:00 -0000 1.68.2.15 +++ machdep.c 21 Jan 2002 17:02:11 -0000 @@ -1570,9 +1570,6 @@ struct pcb *pcb; unsigned long val; - if (((struct osigcontext*)uap->sigcntxp)->sc_regs[R_ZERO] == 0xACEDBADE) - return osigreturn(p, (struct osigreturn_args *)uap); - ucp = uap->sigcntxp; pcb = &p->p_addr->u_pcb; @@ -1582,10 +1579,24 @@ #endif /* - * Fetch the entire context structure at once for speed. + * Fetch the context structure in 2 chunks: + * First get just sizeof(struct osigcontext) bytes in + * case this is an osigreturn + */ + if (copyin((caddr_t)ucp, (caddr_t)&uc, sizeof(struct osigcontext))) + return (EFAULT); + + if (((struct osigcontext*)ucp)->sc_regs[R_ZERO] == 0xACEDBADE) + return osigreturn(p, (struct osigreturn_args *)uap); + + /* + * Now get the rest of it */ - if (copyin((caddr_t)ucp, (caddr_t)&uc, sizeof(ucontext_t))) + if (copyin((caddr_t)ucp + sizeof(struct osigcontext), + (caddr_t)&uc + sizeof(struct osigcontext), + sizeof(ucontext_t) - sizeof(struct osigcontext))) return (EFAULT); + /* * Restore the user-supplied information To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-alpha" in the body of the message