Bug#593760: linux-image-2.6.32-5-amd64: gdb /bin/true crashes the system if oprofile is in use under xen
Bastian Blank <waldi@debian.org> writes:
> Which register shows the address of the unalligned access?
The RIP register.
(The following numbers apply to my 2.6.32-18 only:)
$ objdump -axdt /lib/modules/2.6.32-5-amd64/kernel/arch/x86/oprofile/oprofile.ko|grep "<sync_buffer>"
0000000000000b63 <sync_buffer>:
shows that sync_buffer is at 0xb63 so sync_buffer+0xae = 0xc11
which looks like
bf2: e9 e3 02 00 00 jmpq eda <sync_buffer+0x377>
bf7: 8b 74 24 0c mov 0xc(%rsp),%esi
bfb: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi
c00: e8 00 00 00 00 callq c05 <sync_buffer+0xa2>
c01: R_X86_64_PC32 op_cpu_buffer_read_entry+0xfffffffffffffffc
c05: 48 85 c0 test %rax,%rax
c08: 48 89 c5 mov %rax,%rbp
c0b: 0f 84 d8 02 00 00 je ee9 <sync_buffer+0x386>
--> c11: 48 8b 38 mov (%rax),%rdi <------
c14: 48 83 ff ff cmp $0xffffffffffffffff,%rdi
c18: 0f 85 2a 02 00 00 jne e48 <sync_buffer+0x2e5>
c1e: 48 8b 58 08 mov 0x8(%rax),%rbx
c22: f6 c3 04 test $0x4,%bl
c25: 74 12 je c39 <sync_buffer+0xd6>
c27: e8 00 00 00 00 callq c2c <sync_buffer+0xc9>
c28: R_X86_64_PC32 add_event_entry+0xfffffffffffffffc
and matches contents of the "Code:" line.
The C code in question is
sample = op_cpu_buffer_read_entry(&entry, cpu);
if (!sample)
break;
if (is_code(sample->eip)) {
where sample stored in %rax and seems to contain 0xffff88003cc9d36c
which is indeed not aligned to sizeof(void*) == 8. According to
http://people.redhat.com/wcohen/OProfileTutorial.txt
oprofile does enable the flag(s?) that generates interrupts if
unaligned acceses are made so that it can collect statistics.
1) Is oprofile supposed to keep that flag enabled also when executing
kernel code?
2) If yes, why is it not handled?
3) If no, why is the flag set?
Reply to: