All of lore.kernel.org
 help / color / mirror / Atom feed
* futex: Ahead futex_init from __initcall to core_initcall
@ 2016-12-30  8:17 Yang Yang
  2017-02-13 15:16 ` [tip:locking/urgent] futex: Move futex_init() " tip-bot for Yang Yang
  0 siblings, 1 reply; 2+ messages in thread
From: Yang Yang @ 2016-12-30  8:17 UTC (permalink / raw)
  To: tglx
  Cc: linux-kernel, jiang.biao2, deng.huali, jiang.zhengxiong, zhong.weidong


If configs UEVENT_HELPER_PATH [=/sbin/mdev](/sbin/mdev belongs to busybox),
the kernel may trigger oops and kill progress "mdev" when booting.

The reason is when the init progress is calling do_one_initcall(),devices
will be added and trigger /sbin/mdev to execute(in order to make device 
nodes automatically),then /sbin/mdev will call SyS_futex().But when 
SyS_futex() visit the global variable futex_queues,it maynot be 
initalized yet at this time.

Ahead futex_init from __initcall to core_initcall will make sure 
futex_queues is always initalized before the /sbin/mdev executes.

See oops below on arm CPU SABER.
The bug maynot occur due to different race conditions on different CPUs.
But it has a chance to occur by using QUME simulating x86 CPU with 
kernel linux-4.10-rc1.
   
Unable to handle kernel NULL pointer dereference at virtual 
address 00000000 pgd = ed100000
[00000000] *pgd=8e0b1831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] ARM
Modules linked in:
task: ed08b080 ti: ed0ea000 task.ti: ed0ea000
PC is at futex_wake+0x58/0x11c
LR is at futex_wake+0x48/0x11c
pc : [<c004baac>]    lr : [<c004ba9c>]    psr: a0000213
sp : ed0ebe98  ip : bec10000  fp : ed0ebecc
r10: 00000000  r9 : 00000001  r8 : 00000000
r7 : c088e700  r6 : ffffffff  r5 : 00000001  r4 : 00008114
r3 : 00000000  r2 : c088e700  r1 : 34a81583  r0 : fffffff4
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 12c53c7d  Table: 8e100059  DAC: 00000015
Process mdev (pid: 225, stack limit = 0xed0ea1b0)
Backtrace:
[<c004ba54>] (futex_wake+0x0/0x11c) from [<c004d3dc>]
[<c004d2b8>] (do_futex+0x0/0x870) from [<c004dbb0>] 
[<c004db28>] (SyS_futex+0x0/0x16c) from [<c0009240>]
Code: e1a07000 e5903000 e1500003 e243000c (e5934000)

Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>


---
 kernel/futex.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index 0842c8c..cdf3650 100755
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -3323,4 +3323,4 @@ static int __init futex_init(void)
 
 	return 0;
 }
-__initcall(futex_init);
+core_initcall(futex_init);
-- 
1.7.1

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [tip:locking/urgent] futex: Move futex_init() to core_initcall
  2016-12-30  8:17 futex: Ahead futex_init from __initcall to core_initcall Yang Yang
@ 2017-02-13 15:16 ` tip-bot for Yang Yang
  0 siblings, 0 replies; 2+ messages in thread
From: tip-bot for Yang Yang @ 2017-02-13 15:16 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: mingo, tglx, hpa, yang.yang29, peterz, linux-kernel

Commit-ID:  25f71d1c3e98ef0e52371746220d66458eac75bc
Gitweb:     http://git.kernel.org/tip/25f71d1c3e98ef0e52371746220d66458eac75bc
Author:     Yang Yang <yang.yang29@zte.com.cn>
AuthorDate: Fri, 30 Dec 2016 16:17:55 +0800
Committer:  Thomas Gleixner <tglx@linutronix.de>
CommitDate: Mon, 13 Feb 2017 16:12:22 +0100

futex: Move futex_init() to core_initcall

The UEVENT user mode helper is enabled before the initcalls are executed
and is available when the root filesystem has been mounted.

The user mode helper is triggered by device init calls and the executable
might use the futex syscall.

futex_init() is marked __initcall which maps to device_initcall, but there
is no guarantee that futex_init() is invoked _before_ the first device init
call which triggers the UEVENT user mode helper.

If the user mode helper uses the futex syscall before futex_init() then the
syscall crashes with a NULL pointer dereference because the futex subsystem
has not been initialized yet.

Move futex_init() to core_initcall so futexes are initialized before the
root filesystem is mounted and the usermode helper becomes available.

[ tglx: Rewrote changelog ]

Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
Cc: jiang.biao2@zte.com.cn
Cc: jiang.zhengxiong@zte.com.cn
Cc: zhong.weidong@zte.com.cn
Cc: deng.huali@zte.com.cn
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1483085875-6130-1-git-send-email-yang.yang29@zte.com.cn
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
 kernel/futex.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index 0842c8ca..cdf3650 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -3323,4 +3323,4 @@ static int __init futex_init(void)
 
 	return 0;
 }
-__initcall(futex_init);
+core_initcall(futex_init);

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-02-13 15:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-30  8:17 futex: Ahead futex_init from __initcall to core_initcall Yang Yang
2017-02-13 15:16 ` [tip:locking/urgent] futex: Move futex_init() " tip-bot for Yang Yang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.