On Tue, May 24, 2016 at 08:20:46PM -0500, Matthew McClintock wrote:
>
> > On May 24, 2016, at 8:10 PM, Al Viro <v...@zeniv.linux.org.uk> wrote:
> >
> > Slap the WARN_ON(!size); in the very beginning of iov_iter_advance(), see
> > where it's triggered...
>
> diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> index 28cb431..d89e154 100644
> --- a/lib/iov_iter.c
> +++ b/lib/iov_iter.c
> @@ -488,6 +488,7 @@ EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
>
> void iov_iter_advance(struct iov_iter *i, size_t size)
> {
> + WARN_ON(!size);
> iterate_and_advance(i, size, v, 0, 0, 0)
> }
> EXPORT_SYMBOL(iov_iter_advance);
>
> [ 1.359869] This architecture does not have kernel memory protection.
> init started: BusyBox v1.24.1 ()
> starting pid 78, tty '': '/etc/init.d/rcS'
> [ 1.435863] random: udevadm urandom read with 0 bits of entropy available
> [ 1.448116] ------------[ cut here ]------------
> [ 1.448193] WARNING: CPU: 1 PID: 88 at lib/iov_iter.c:491
> iov_iter_advance+0xf0/0x1b8
The next obvious question is which binary it is and what's the return
address to userland; make that
if (!size)
printk(KERN_ERR "crap in %s[%x]",
current->comm,
current_pt_regs()->rip);
(in the same place)
