From: Peter Zijlstra <peterz@infradead.org>
To: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Nick Piggin <npiggin@suse.de>, Ingo Molnar <mingo@elte.hu>,
LKML <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Darren Hart <dvhltc@us.ibm.com>
Subject: Re: [PATCH] futex: Fix ZERO_PAGE cause infinite loop
Date: Thu, 24 Dec 2009 10:39:25 +0100 [thread overview]
Message-ID: <1261647565.4937.177.camel@laptop> (raw)
In-Reply-To: <20091224182630.3DCB.A69D9226@jp.fujitsu.com>
Added tglx and dvhart to the CC.
On Thu, 2009-12-24 at 18:29 +0900, KOSAKI Motohiro wrote:
> This patch need both futex and zero-page developer's ack.
> ==========================================================
>
> commit a13ea5b7 (mm: reinstate ZERO_PAGE) made the unfortunate regression.
> following test program never finish and waste 100% cpu time.
>
> At the making commit 38d47c1b7 (rely on get_user_pages() for shared
> futexes). There isn't zero page in linux kernel. then, futex developers
> thought gup retry is safe. but we reinstated zero page later...
>
> This patch fixes it.
>
> futex-zero.c
> ---------------------------------------------------------------------
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/mman.h>
> #include <syscall.h>
> #include <sys/time.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <unistd.h>
> #include <errno.h>
> #include <linux/futex.h>
> #include <pthread.h>
>
> int main(int argc, char **argv)
> {
> long page_size;
> int ret;
> void *buf;
>
> page_size = sysconf(_SC_PAGESIZE);
>
> buf = mmap(NULL, page_size, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
> if (buf == (void *)-1) {
> perror("mmap error.\n");
> exit(1);
> }
>
> fprintf(stderr, "futex wait\n");
> ret = syscall( SYS_futex, buf, FUTEX_WAIT, 1, NULL, NULL, NULL);
> if (ret != 0 && errno != EWOULDBLOCK) {
> perror("futex error.\n");
> exit(1);
> }
> fprintf(stderr, "futex_wait: ret = %d, errno = %d\n", ret, errno);
>
> return 0;
> }
> ---------------------------------------------------------------------
>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
> Cc: Nick Piggin <npiggin@suse.de>
> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
> Cc: Ingo Molnar <mingo@elte.hu>
> ---
> include/linux/mm.h | 16 ++++++++++++++++
> kernel/futex.c | 3 +++
> mm/memory.c | 14 --------------
> 3 files changed, 19 insertions(+), 14 deletions(-)
> diff --git a/kernel/futex.c b/kernel/futex.c
> index 8e3c3ff..79b89cc 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -254,6 +254,8 @@ again:
>
> page = compound_head(page);
> lock_page(page);
> + if (is_zero_pfn(page_to_pfn(page)))
> + goto anon_key;
> if (!page->mapping) {
> unlock_page(page);
> put_page(page);
> @@ -268,6 +270,7 @@ again:
> * the object not the particular process.
> */
> if (PageAnon(page)) {
> + anon_key:
> key->both.offset |= FUT_OFF_MMSHARED; /* ref taken on mm */
> key->private.mm = mm;
> key->private.address = address;
Doesn't it make more sense to simply fail the futex op?
What I mean is, all (?) futex ops assume userspace actually wrote
something to the address in question to begin with, therefore it can
never be the zero page.
So it being the zero page means someone goofed up, and we should bail,
no?
next prev parent reply other threads:[~2009-12-24 9:40 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-24 9:29 [PATCH] futex: Fix ZERO_PAGE cause infinite loop KOSAKI Motohiro
2009-12-24 9:39 ` Peter Zijlstra [this message]
2009-12-24 17:15 ` Ulrich Drepper
2009-12-25 1:51 ` KOSAKI Motohiro
2009-12-30 16:03 ` Hugh Dickins
2010-01-05 7:32 ` [PATCH v2] futex: remove rw parameter from get_futex_key() KOSAKI Motohiro
2010-01-05 11:21 ` Hugh Dickins
2010-01-05 20:41 ` Darren Hart
2010-01-06 2:27 ` KOSAKI Motohiro
2010-01-06 23:14 ` Darren Hart
2010-01-06 23:29 ` Darren Hart
2010-01-13 10:30 ` [tip:core/urgent] futexes: Remove " tip-bot for KOSAKI Motohiro
2010-01-07 6:32 ` [PATCH] mips,mm: Reinstate move_pte optimization KOSAKI Motohiro
2010-01-11 10:15 ` Ralf Baechle
2010-01-05 18:04 ` [PATCH] futex: Fix ZERO_PAGE cause infinite loop Darren Hart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1261647565.4937.177.camel@laptop \
--to=peterz@infradead.org \
--cc=dvhltc@us.ibm.com \
--cc=hugh.dickins@tiscali.co.uk \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=npiggin@suse.de \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox