lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 26 Jul 2006 13:26:48 +0100 (BST)
From:	Esben Nielsen <nielsen.esben@...glemail.com>
To:	Ingo Molnar <mingo@...e.hu>
cc:	Esben Nielsen <nielsen.esben@...glemail.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Steven Rostedt <rostedt@...dmis.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [patch 0/3] [-rt] Fixes the timeout-bug in the rtmutex/PI-futex.



On Wed, 26 Jul 2006, Ingo Molnar wrote:

>
> * Ingo Molnar <mingo@...e.hu> wrote:
>
>> and i also had to do the fixes below to get it to build.
>
> then it crashed with the assert below. I'll skip this one for now. I've
> attached the patches (cleaned up for whitespaces) plus the
> build-fixpatch.
>
> 	Ingo
>
> Brought up 2 CPUs
> BUG at kernel/rtmutex.c:773!
> ------------[ cut here ]------------
> kernel BUG at kernel/rtmutex.c:773!
> invalid opcode: 0000 [#1]
> PREEMPT SMP
> Modules linked in:
> CPU:    0
> EIP:    0060:[<c03e407c>]    Not tainted VLI
> EFLAGS: 00010246   (2.6.17-rt7 #14)
> EIP is at rt_lock_slowlock+0x21e/0x231
> eax: 00000020   ebx: c31d7000   ecx: c0477be4   edx: c31d97f0
> esi: 00000000   edi: c31d7d34   ebp: c31d7cdc   esp: c31d7c70
> ds: 007b   es: 007b   ss: 0068   preempt: 00000001
>
>

It is a very simple bug: The waiter was made garbage by the 
debug_rt_mutex_free_waiter() before it was used in the BUG_ON() line.
My UP machine boots now with CONFIG_DEBUG_RT_MUTEXEX on in -rt8. Fix 
is below. Apply on top of the patches you just send me with no further 
changes. I hope I don't have white space damage in this small patch!!

Esben

  kernel/rtmutex.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.17-rt8/kernel/rtmutex.c
===================================================================
--- linux-2.6.17-rt8.orig/kernel/rtmutex.c
+++ linux-2.6.17-rt8/kernel/rtmutex.c
@@ -768,9 +768,9 @@ rt_lock_slowlock(struct rt_mutex *lock _
  	if (adjust_prio_final)
  		rt_mutex_adjust_prio_final(current, waiter.old_sched_lifo);

-	debug_rt_mutex_free_waiter(&waiter);
  	BUG_ON(current->boosting_prio != MAX_PRIO);
  	BUG_ON(waiter.old_sched_lifo != get_sched_lifo());
+	debug_rt_mutex_free_waiter(&waiter);
  }

  /*

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ