Date: Wed, 18 Feb 1998 17:20:15 +0100 From: Eivind Eklund <eivind@yes.no> To: Mike Smith <mike@smith.net.au> Cc: hackers@FreeBSD.ORG Subject: Re: ed overwrite clue? Message-ID: <19980218172015.22080@follo.net> In-Reply-To: <199802180017.QAA03678@dingo.cdrom.com>; from Mike Smith on Tue, Feb 17, 1998 at 04:17:47PM -0800 References: <19980218002852.55010@follo.net> <199802180017.QAA03678@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 17, 1998 at 04:17:47PM -0800, Mike Smith wrote:
> > > > I'm about to start trigging some crashdumps on purpose now, so I can
> > > > get a good look at how a dump for an OK case is.
> > >
> > > Do you have any custom code in the kernel?
> >
> > Yes. And the system won't boot without it, so ripping it out is
> > really not an option. I could try to revert as much as possible, but
> > it really doesn't look like any of the code that is revertible is at
> > fault; almost none of it has been excersised yet.
>
> The only reason I asked was inre: stack overflow.
Interesting new data point - this diff segment
@@ -2616,7 +2661,9 @@
void
edintr(unit)
int unit;
{
+ if ((unsigned long)&unit == 0xefbfffd8)
+ return;
edintr_sc (&ed_softc[unit]);
}
almost completely stopped the errors. The crashes usually happen at a
fixed stack offset; after adding this patch it seemed to be between
100x and 1000x harder to crash. (I've only run two test-runs so
far; I've started another, but now it takes time to provoke a crash).
The new crashes would have been blocked by a compare against
0xefbfffcc; I'm going to try to add this, and see if there are even
more layers here.
The above patch is not a solution; each time it triggers, it blocks
all incoming data until another outgoing packet has been sent. It is
just an interesting point.
Eivind.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980218172015.22080>