This is the mail archive of the
gcc-prs@gcc.gnu.org
mailing list for the GCC project.
c/1984: mis-ordering of op codes causes kernel panic
- To: gcc-gnats at gcc dot gnu dot org
- Subject: c/1984: mis-ordering of op codes causes kernel panic
- From: alan dot jones at sun dot com
- Date: 14 Feb 2001 19:51:05 -0000
- Reply-To: alan dot jones at sun dot com
>Number: 1984
>Category: c
>Synopsis: mis-ordering of op codes causes kernel panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 14 11:56:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Sun Microsystems
>Release: cpp-2.95.2
>Organization:
>Environment:
Linux 2.4.1
>Description:
Take Linux 2.4.1, apply kdb-v1.7-2.4.2-pre1 from SGI's
open source web page, and compile. The following mis-order
of opcodes results:
leave
call
ret
(see more detail below)
This mis-ordering results in a panic in the callee function
raw_v4_unhash() that gets the wrong arguments. The options
used to compile this module are:
gcc -D__KERNEL__ -I/work/linux-2.4/include -Wall -Wstrict-prototypes -O2 -fno-strict-aliasing -pipe -march=i586 -c -o net/ipv4/tcp_ipv4.o net/ipv4/tcp_ipv4.c
I've sence tested with cpp-1.1.2 which does not exibt this
behavior.
panic("Failed to create the TCP control socket.\n");
0xc02ea913 tcp_v4_init+0x93call 0xc0113d00 panic
%edx = tcp_socket;
%edx = tcp_socket;
0xc02ea918 tcp_v4_init+0x98mov 0xc02d37e0,%edx
%eax = tcp_socket->sk;
0xc02ea91e tcp_v4_init+0x9emov 0x18(%edx),%eax
tcp_socket->sk->allocation=GFP_ATOMIC;
0xc02ea921 tcp_v4_init+0xa1movl $0x2,0x88(%eax)
%eax = tcp_socket->sk;
0xc02ea92b tcp_v4_init+0xabmov 0x18(%edx),%eax
tcp_socket->sk->protinfo.af_inet.ttl = MAXTTL;
0xc02ea92e tcp_v4_init+0xaemovl $0xff,0x2a0(%eax)
%eax = tcp_socket->sk;
0xc02ea938 tcp_v4_init+0xb8mov 0x18(%edx),%eax
%edx = tcp_socket->sk->prot;
0xc02ea93b tcp_v4_init+0xbbmov 0xcc(%eax),%edx
push tcp_socket->sk, 1st argument
0xc02ea941 tcp_v4_init+0xc1push %eax
%eax = tcp_socket->sk->prot->unhash;
0xc02ea942 tcp_v4_init+0xc2mov 0x3c(%edx),%eax
0xc02ea945 tcp_v4_init+0xc5leave
tcp_socket->sk->prot->unhash(tcp_socket->sk);
0xc02ea946 tcp_v4_init+0xc6call *%eax
0xc02ea948 tcp_v4_init+0xc8ret
0xc02ea949 tcp_v4_init+0xc9add %al,(%eax)
0xc02ea94b tcp_v4_init+0xcbadd %dl,0xffffff89(%ebp)
>How-To-Repeat:
Take Linux 2.4.1, apply kdb-v1.7-2.4.2-pre1 from SGI's
open source web page, and compile. The kernel will panic
in raw_v4_unhash().
>Fix:
Currently reverting to cpp-1.1.2 until a fix is found.
>Release-Note:
>Audit-Trail:
>Unformatted: