When fixing the breakpoint failure Jason's reproducible testcase was
very helpful, so I'll return the favor in case someone else wants to
fix this one...

Running huge.exp from the gdb testsuite over gdbserver, with the
gdbserver inside a mips or mipsel qemu, reliably crashes the kernel.
It will end up taking a recursive fault, and when it runs out of stack
it'll start overwriting other helpful things like the page tables.

All you need is a file with a single huge static array full of zero
bytes.  0x800000 bytes works nicely.  If you tell gdb to print it
while running a native MIPS gdb, it reads the contents from
/proc/PID/mem using pread in a single huge lump; this works fine.  If
you tell gdb to print it while connected to gdbserver, gdbserver will
use ptrace to read it one word at a time.  This does not work fine.
At some random point in the array the kernel will go belly-up.
Therefore I assume this is something to do with frequently mapping and
unmapping pages in the kmap area.

So far I have not had any luck figuring out what's going on.  It seems
like a zero word appears in the wrong place, though, so my suspect is
the mapping and unmapping in copy_to_user_page...

-- 
Daniel Jacobowitz
CodeSourcery


Reply via email to