[PATCH] futex: Fix hrtimer oops in futex_lock

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
@ 2017-04-14 14:08 Tony Lindgren
  2017-04-14 14:23 ` Peter Zijlstra
  0 siblings, 1 reply; 4+ messages in thread
From: Tony Lindgren @ 2017-04-14 14:08 UTC (permalink / raw)
  To: Thomas Gleixner, Peter Zijlstra
  Cc: linux-kernel, juri.lelli, bigeasy, xlpang, rostedt,
	mathieu.desnoyers, jdesfossez, dvhart, bristot

Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
rt_mutex_*_proxy_lock()") caused a regression where things would
occasionally randomly oops when restarting X:

Unable to handle kernel NULL pointer dereference at virtual address 00000000
...
Internal error: Oops: 80000005 [#1] SMP ARM
...
PC is at 0x0
LR is at __hrtimer_run_queues+0x138/0x58c
pc : [<00000000>]    lr : [<c01c7884>]    psr: 20000193
...
[<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
(hrtimer_interrupt+0xbc/0x210)
[<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
...

When this happens, the hrtimer is not properly initialized and it's
function is NULL. This happens because we now call hrtimer_start_expires()
in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().

To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
in the same function.

Fixes: cfafcd117da0 ("futex: Rework futex_lock_pi() to use
rt_mutex_*_proxy_lock()")
Cc: juri.lelli@arm.com
Cc: bigeasy@linutronix.de
Cc: xlpang@redhat.com
Cc: rostedt@goodmis.org
Cc: mathieu.desnoyers@efficios.com
Cc: jdesfossez@efficios.com
Cc: dvhart@infradead.org
Cc: bristot@redhat.com
Signed-off-by: Tony Lindgren <tony@atomide.com>
---
 kernel/futex.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/futex.c b/kernel/futex.c
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2736,8 +2736,10 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags,
 out_put_key:
 	put_futex_key(&q.key);
 out:
-	if (to)
+	if (to) {
+		hrtimer_cancel(&to->timer);
 		destroy_hrtimer_on_stack(&to->timer);
+	}
 	return ret != -EINTR ? ret : -ERESTARTNOINTR;
 
 uaddr_faulted:
-- 
2.12.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
  2017-04-14 14:08 [PATCH] futex: Fix hrtimer oops in futex_lock_pi() Tony Lindgren
@ 2017-04-14 14:23 ` Peter Zijlstra
  2017-04-14 14:28   ` Tony Lindgren
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Zijlstra @ 2017-04-14 14:23 UTC (permalink / raw)
  To: Tony Lindgren
  Cc: Thomas Gleixner, linux-kernel, juri.lelli, bigeasy, xlpang,
	rostedt, mathieu.desnoyers, jdesfossez, dvhart, bristot

On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> rt_mutex_*_proxy_lock()") caused a regression where things would
> occasionally randomly oops when restarting X:
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> ...
> Internal error: Oops: 80000005 [#1] SMP ARM
> ...
> PC is at 0x0
> LR is at __hrtimer_run_queues+0x138/0x58c
> pc : [<00000000>]    lr : [<c01c7884>]    psr: 20000193
> ...
> [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> (hrtimer_interrupt+0xbc/0x210)
> [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> ...
> 
> When this happens, the hrtimer is not properly initialized and it's
> function is NULL. This happens because we now call hrtimer_start_expires()
> in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
> 
> To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> in the same function.

Already fixed:

  https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org

Thanks for the patch though.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
  2017-04-14 14:23 ` Peter Zijlstra
@ 2017-04-14 14:28   ` Tony Lindgren
  2017-04-14 14:41     ` Tony Lindgren
  0 siblings, 1 reply; 4+ messages in thread
From: Tony Lindgren @ 2017-04-14 14:28 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: Thomas Gleixner, linux-kernel, juri.lelli, bigeasy, xlpang,
	rostedt, mathieu.desnoyers, jdesfossez, dvhart, bristot

* Peter Zijlstra <peterz@infradead.org> [170414 07:25]:
> On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> > Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> > rt_mutex_*_proxy_lock()") caused a regression where things would
> > occasionally randomly oops when restarting X:
> > 
> > Unable to handle kernel NULL pointer dereference at virtual address 00000000
> > ...
> > Internal error: Oops: 80000005 [#1] SMP ARM
> > ...
> > PC is at 0x0
> > LR is at __hrtimer_run_queues+0x138/0x58c
> > pc : [<00000000>]    lr : [<c01c7884>]    psr: 20000193
> > ...
> > [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> > (hrtimer_interrupt+0xbc/0x210)
> > [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> > ...
> > 
> > When this happens, the hrtimer is not properly initialized and it's
> > function is NULL. This happens because we now call hrtimer_start_expires()
> > in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
> > 
> > To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> > in the same function.
> 
> Already fixed:
> 
>   https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org
> 
> Thanks for the patch though.

Oh OK thanks. It seems to be missing in Linux next though.

Regards,

Tony

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
  2017-04-14 14:28   ` Tony Lindgren
@ 2017-04-14 14:41     ` Tony Lindgren
  0 siblings, 0 replies; 4+ messages in thread
From: Tony Lindgren @ 2017-04-14 14:41 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: Thomas Gleixner, linux-kernel, juri.lelli, bigeasy, xlpang,
	rostedt, mathieu.desnoyers, jdesfossez, dvhart, bristot

* Tony Lindgren <tony@atomide.com> [170414 07:28]:
> * Peter Zijlstra <peterz@infradead.org> [170414 07:25]:
> > On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> > > Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> > > rt_mutex_*_proxy_lock()") caused a regression where things would
> > > occasionally randomly oops when restarting X:
> > > 
> > > Unable to handle kernel NULL pointer dereference at virtual address 00000000
> > > ...
> > > Internal error: Oops: 80000005 [#1] SMP ARM
> > > ...
> > > PC is at 0x0
> > > LR is at __hrtimer_run_queues+0x138/0x58c
> > > pc : [<00000000>]    lr : [<c01c7884>]    psr: 20000193
> > > ...
> > > [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> > > (hrtimer_interrupt+0xbc/0x210)
> > > [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> > > ...
> > > 
> > > When this happens, the hrtimer is not properly initialized and it's
> > > function is NULL. This happens because we now call hrtimer_start_expires()
> > > in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
> > > 
> > > To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> > > in the same function.
> > 
> > Already fixed:
> > 
> >   https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org
> > 
> > Thanks for the patch though.
> 
> Oh OK thanks. It seems to be missing in Linux next though.

Oh it was just committed, I see it now in tip after git fetch.
So should be heading into nex soon.

Tony

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-04-14 14:43 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-14 14:08 [PATCH] futex: Fix hrtimer oops in futex_lock_pi() Tony Lindgren
2017-04-14 14:23 ` Peter Zijlstra
2017-04-14 14:28   ` Tony Lindgren
2017-04-14 14:41     ` Tony Lindgren

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.