Bug 13331

Summary: FUTEX_LOCK_PI kills kernel
Product: Process Management Reporter: Andreas Schwab (schwab)
Component: OtherAssignee: process_other
Status: CLOSED CODE_FIX    
Severity: normal CC: alan, rjw, tglx
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.30-rc6 Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 13070    
Attachments: Testcase

Description Andreas Schwab 2009-05-17 09:51:34 UTC
Created attachment 21386 [details]
Testcase

Calling futex with FUTEX_LOCK_PI crashes the kernel.

Reverting e4dc5b7a36a49eff97050894cf1b3a9a02523717 (futex: clean up fault logic) fixes the bug.
Comment 1 Thomas Gleixner 2009-05-17 14:32:34 UTC
On which platform/architecture ?
Comment 2 Andreas Schwab 2009-05-17 15:11:00 UTC
This is on ppc/ppc64.
Comment 3 Thomas Gleixner 2009-05-17 15:53:21 UTC
Ok, can reproduce on x86 as well (does not crash, boot loops
forever).
Comment 4 Thomas Gleixner 2009-05-18 07:56:14 UTC
Fix below, but I'm wondering why the kernel is crashing. On x86 we run
into an endless loop and I would have expected to see the same on
PPC. Can you stick a dmesg output into the bugzilla please ?

Thanks,

	tglx

--- linux-2.6.orig/kernel/futex.c
+++ linux-2.6/kernel/futex.c
@@ -235,7 +235,7 @@ static int get_futex_key(u32 __user *uad
 	}
 
 again:
-	err = get_user_pages_fast(address, 1, 0, &page);
+	err = get_user_pages_fast(address, 1, 1, &page);
 	if (err < 0)
 		return err;
Comment 5 Andreas Schwab 2009-05-18 09:01:44 UTC
The kernel does not really crash, but it locks up in such a way that no userspace activity is possible any more.
Comment 6 Thomas Gleixner 2009-05-18 09:06:16 UTC
> The kernel does not really crash, but it locks up in such a way that no
> userspace activity is possible any more.

Ok, that's what I expected. Does the patch fix it for you as well ?

Thanks,

	tglx
Comment 7 Andreas Schwab 2009-05-18 09:47:55 UTC
Yes, the patch works for me.
Comment 8 Alan 2009-05-21 16:43:35 UTC
Thomas is there a reason this isn't yet upstream with 2.6.30 close ?
Comment 9 Rafael J. Wysocki 2009-05-25 21:08:32 UTC
Handled-By : Thomas Gleixner <tglx@linutronix.de>
Patch : http://bugzilla.kernel.org/show_bug.cgi?id=13331#c4
Comment 10 Rafael J. Wysocki 2009-05-25 23:24:34 UTC
On Monday 25 May 2009, Peter Zijlstra wrote:
> On Sun, 2009-05-24 at 21:11 +0200, Rafael J. Wysocki wrote:
> > This message has been generated automatically as a part of a report
> > of recent regressions.
> > 
> > The following bug entry is on the current list of known regressions
> > from 2.6.29.  Please verify if it still should be listed and let me know
> > (either way).
> > 
> > 
> > Bug-Entry   : http://bugzilla.kernel.org/show_bug.cgi?id=13331
> > Subject             : FUTEX_LOCK_PI kills kernel
> > Submitter   : Andreas Schwab <schwab@linux-m68k.org>
> > Date                : 2009-05-17 09:51 (8 days old)
> 
> commit 64d1304a64477629cb16b75491a77bafe6f86963
> Author: Thomas Gleixner <tglx@linutronix.de>
> Date:   Mon May 18 21:20:10 2009 +0200
> 
>     futex: setup writeable mapping for futex ops which modify user space data