* [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
@ 2017-04-14 14:08 Tony Lindgren
2017-04-14 14:23 ` Peter Zijlstra
0 siblings, 1 reply; 4+ messages in thread
From: Tony Lindgren @ 2017-04-14 14:08 UTC (permalink / raw)
To: Thomas Gleixner, Peter Zijlstra
Cc: linux-kernel, juri.lelli, bigeasy, xlpang, rostedt,
mathieu.desnoyers, jdesfossez, dvhart, bristot
Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
rt_mutex_*_proxy_lock()") caused a regression where things would
occasionally randomly oops when restarting X:
Unable to handle kernel NULL pointer dereference at virtual address 00000000
...
Internal error: Oops: 80000005 [#1] SMP ARM
...
PC is at 0x0
LR is at __hrtimer_run_queues+0x138/0x58c
pc : [<00000000>] lr : [<c01c7884>] psr: 20000193
...
[<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
(hrtimer_interrupt+0xbc/0x210)
[<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
...
When this happens, the hrtimer is not properly initialized and it's
function is NULL. This happens because we now call hrtimer_start_expires()
in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
in the same function.
Fixes: cfafcd117da0 ("futex: Rework futex_lock_pi() to use
rt_mutex_*_proxy_lock()")
Cc: juri.lelli@arm.com
Cc: bigeasy@linutronix.de
Cc: xlpang@redhat.com
Cc: rostedt@goodmis.org
Cc: mathieu.desnoyers@efficios.com
Cc: jdesfossez@efficios.com
Cc: dvhart@infradead.org
Cc: bristot@redhat.com
Signed-off-by: Tony Lindgren <tony@atomide.com>
---
kernel/futex.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/futex.c b/kernel/futex.c
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2736,8 +2736,10 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags,
out_put_key:
put_futex_key(&q.key);
out:
- if (to)
+ if (to) {
+ hrtimer_cancel(&to->timer);
destroy_hrtimer_on_stack(&to->timer);
+ }
return ret != -EINTR ? ret : -ERESTARTNOINTR;
uaddr_faulted:
--
2.12.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
2017-04-14 14:08 [PATCH] futex: Fix hrtimer oops in futex_lock_pi() Tony Lindgren
@ 2017-04-14 14:23 ` Peter Zijlstra
2017-04-14 14:28 ` Tony Lindgren
0 siblings, 1 reply; 4+ messages in thread
From: Peter Zijlstra @ 2017-04-14 14:23 UTC (permalink / raw)
To: Tony Lindgren
Cc: Thomas Gleixner, linux-kernel, juri.lelli, bigeasy, xlpang,
rostedt, mathieu.desnoyers, jdesfossez, dvhart, bristot
On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> rt_mutex_*_proxy_lock()") caused a regression where things would
> occasionally randomly oops when restarting X:
>
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> ...
> Internal error: Oops: 80000005 [#1] SMP ARM
> ...
> PC is at 0x0
> LR is at __hrtimer_run_queues+0x138/0x58c
> pc : [<00000000>] lr : [<c01c7884>] psr: 20000193
> ...
> [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> (hrtimer_interrupt+0xbc/0x210)
> [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> ...
>
> When this happens, the hrtimer is not properly initialized and it's
> function is NULL. This happens because we now call hrtimer_start_expires()
> in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
>
> To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> in the same function.
Already fixed:
https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org
Thanks for the patch though.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
2017-04-14 14:23 ` Peter Zijlstra
@ 2017-04-14 14:28 ` Tony Lindgren
2017-04-14 14:41 ` Tony Lindgren
0 siblings, 1 reply; 4+ messages in thread
From: Tony Lindgren @ 2017-04-14 14:28 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Thomas Gleixner, linux-kernel, juri.lelli, bigeasy, xlpang,
rostedt, mathieu.desnoyers, jdesfossez, dvhart, bristot
* Peter Zijlstra <peterz@infradead.org> [170414 07:25]:
> On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> > Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> > rt_mutex_*_proxy_lock()") caused a regression where things would
> > occasionally randomly oops when restarting X:
> >
> > Unable to handle kernel NULL pointer dereference at virtual address 00000000
> > ...
> > Internal error: Oops: 80000005 [#1] SMP ARM
> > ...
> > PC is at 0x0
> > LR is at __hrtimer_run_queues+0x138/0x58c
> > pc : [<00000000>] lr : [<c01c7884>] psr: 20000193
> > ...
> > [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> > (hrtimer_interrupt+0xbc/0x210)
> > [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> > ...
> >
> > When this happens, the hrtimer is not properly initialized and it's
> > function is NULL. This happens because we now call hrtimer_start_expires()
> > in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
> >
> > To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> > in the same function.
>
> Already fixed:
>
> https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org
>
> Thanks for the patch though.
Oh OK thanks. It seems to be missing in Linux next though.
Regards,
Tony
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
2017-04-14 14:28 ` Tony Lindgren
@ 2017-04-14 14:41 ` Tony Lindgren
0 siblings, 0 replies; 4+ messages in thread
From: Tony Lindgren @ 2017-04-14 14:41 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Thomas Gleixner, linux-kernel, juri.lelli, bigeasy, xlpang,
rostedt, mathieu.desnoyers, jdesfossez, dvhart, bristot
* Tony Lindgren <tony@atomide.com> [170414 07:28]:
> * Peter Zijlstra <peterz@infradead.org> [170414 07:25]:
> > On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> > > Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> > > rt_mutex_*_proxy_lock()") caused a regression where things would
> > > occasionally randomly oops when restarting X:
> > >
> > > Unable to handle kernel NULL pointer dereference at virtual address 00000000
> > > ...
> > > Internal error: Oops: 80000005 [#1] SMP ARM
> > > ...
> > > PC is at 0x0
> > > LR is at __hrtimer_run_queues+0x138/0x58c
> > > pc : [<00000000>] lr : [<c01c7884>] psr: 20000193
> > > ...
> > > [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> > > (hrtimer_interrupt+0xbc/0x210)
> > > [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> > > ...
> > >
> > > When this happens, the hrtimer is not properly initialized and it's
> > > function is NULL. This happens because we now call hrtimer_start_expires()
> > > in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
> > >
> > > To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> > > in the same function.
> >
> > Already fixed:
> >
> > https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org
> >
> > Thanks for the patch though.
>
> Oh OK thanks. It seems to be missing in Linux next though.
Oh it was just committed, I see it now in tip after git fetch.
So should be heading into nex soon.
Tony
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-14 14:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-14 14:08 [PATCH] futex: Fix hrtimer oops in futex_lock_pi() Tony Lindgren
2017-04-14 14:23 ` Peter Zijlstra
2017-04-14 14:28 ` Tony Lindgren
2017-04-14 14:41 ` Tony Lindgren
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.