Created attachment 21386 [details]
Calling futex with FUTEX_LOCK_PI crashes the kernel.
Reverting e4dc5b7a36a49eff97050894cf1b3a9a02523717 (futex: clean up fault logic) fixes the bug.
On which platform/architecture ?
This is on ppc/ppc64.
Ok, can reproduce on x86 as well (does not crash, boot loops
Fix below, but I'm wondering why the kernel is crashing. On x86 we run
into an endless loop and I would have expected to see the same on
PPC. Can you stick a dmesg output into the bugzilla please ?
@@ -235,7 +235,7 @@ static int get_futex_key(u32 __user *uad
- err = get_user_pages_fast(address, 1, 0, &page);
+ err = get_user_pages_fast(address, 1, 1, &page);
if (err < 0)
The kernel does not really crash, but it locks up in such a way that no userspace activity is possible any more.
> The kernel does not really crash, but it locks up in such a way that no
> userspace activity is possible any more.
Ok, that's what I expected. Does the patch fix it for you as well ?
Yes, the patch works for me.
Thomas is there a reason this isn't yet upstream with 2.6.30 close ?
Handled-By : Thomas Gleixner <email@example.com>
Patch : http://bugzilla.kernel.org/show_bug.cgi?id=13331#c4
On Monday 25 May 2009, Peter Zijlstra wrote:
> On Sun, 2009-05-24 at 21:11 +0200, Rafael J. Wysocki wrote:
> > This message has been generated automatically as a part of a report
> > of recent regressions.
> > The following bug entry is on the current list of known regressions
> > from 2.6.29. Please verify if it still should be listed and let me know
> > (either way).
> > Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=13331
> > Subject : FUTEX_LOCK_PI kills kernel
> > Submitter : Andreas Schwab <firstname.lastname@example.org>
> > Date : 2009-05-17 09:51 (8 days old)
> commit 64d1304a64477629cb16b75491a77bafe6f86963
> Author: Thomas Gleixner <email@example.com>
> Date: Mon May 18 21:20:10 2009 +0200
> futex: setup writeable mapping for futex ops which modify user space data