| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2007 15:39:12 -0400
From: "Beauchemin, Mark" <Mark.Beauchemin@...amorenet.com>
To: <linux-kernel@...r.kernel.org>
Cc: <mingo@...e.hu>, <tglx@...utronix.de>
Subject: [PATCH -rt] Preemption problem in kernel RT Patch
Hi,
I've found a preemption problem in kernel/rtmutex.c:649. The BUG_ON listed in the patch below makes sure a preemption event hasn't occurred since the thread last checked the owner of the lock. If it did happen and the current task is now the owner, it asserts with BUG_ON. With the RT-PATCH applied, however, interrupts are not disabled and preemption is possible. The following patch removes the BUG_ON as it is an incorrect check in the rt kernel. I've checked the rtmutex code and it appears to handle this case just fine..
Thanks,
Mark Beauchemin
Here's the patch:
--- linux-2.6.21.3-rt9/kernel/rtmutex.c 2007-06-01 15:21:12.000000000 -0400
+++ linux-2.6.21.3-rt9_new/kernel/rtmutex.c 2007-06-20 12:15:44.000000000 -0400
@@ -646,7 +646,7 @@
return;
}
- BUG_ON(rt_mutex_owner(lock) == current);
+/* BUG_ON(rt_mutex_owner(lock) == current); */
/*
* Here we save whatever state the task was in originally,
Here's the bug assertion:
: ------------[ cut here ]------------
Kernel BUG at c01c7bc4 [verbose debug info unavailable]
Oops: Exception in kernel mode, sig: 5 [#1]
PREEMPT
NIP: C01C7BC4 LR: C01C7BA8 CTR: C01531CCJun 1 23:06:51 BC122 kern.warn kernel: REGS: d010ba90 TRAP: 0700 Tainted: P
MSR: 00021000 <ME> CR: 24002082 XER: 00000000
TASK = d0100920[5] 'softirq-timer/0' THREAD: d010a000
GPR00: 00000001 D010BB40 D0100920 00000000 00000030 00000002 C0260000 00029000
GPR08: D0100920 00000000 D2C07970 D0100920 9F472D4B 00121868 C0220000 00000000
GPR16: 00000000 000F422C 29000000 0000003B 9ACA0000 C026562C D010A028 00004000
GPR24: D191F898 00000000 D2C1CAC8 D2C1CB60 D2C07960 CEA752C0 D010A000 00029000
NIP [C01C7BC4] rt_spin_lock_slowlock+0x60/0x1f8
LR [C01C7BA8] rt_spin_lock_slowlock+0x44/0x1f8
Call Trace:
[D010BB40] [C01C7BA8] rt_spin_lock_slowlock+0x44/0x1f8 (unreliable)
[D010BB90] [C0153464] dev_queue_xmit+0x298/0x2a0 Tunnel2
[D010BBB0] [C0176398] ip_output+0x288/0x2dc
[D010BBE0] [C01AC078] ipip_tunnel_xmit+0x508/0x698
[D010BC60] [C0150DF4] dev_hard_start_xmit+0x1b4/0x2a4
[D010BC80] [C0153430] dev_queue_xmit+0x264/0x2a0 Tunnel4
[D010BCA0] [C0176398] ip_output+0x288/0x2dc
[D010BCD0] [C01AC078] ipip_tunnel_xmit+0x508/0x698
[D010BD50] [C0150DF4] dev_hard_start_xmit+0x1b4/0x2a4
[D010BD70] [C0153430] dev_queue_xmit+0x264/0x2a0 Tunnel2
[D010BD90] [C0176398] ip_output+0x288/0x2dc
[D010BDC0] [C017685C] ip_queue_xmit+0x1ac/0x4e4
[D010BE30] [C018762C] tcp_transmit_skb+0x390/0x810
[D010BE70] [C018882C] tcp_retransmit_skb+0x160/0x638
[D010BEA0] [C018BA5C] tcp_write_timer+0x274/0x6c0
[D010BED0] [C0024314] run_timer_softirq+0x2d0/0xedc
[D010BF80] [C001F1C4] ksoftirqd+0xf8/0x1b0
[D010BFC0] [C0031588] kthread+0xc0/0xfc
[D010BFF0] [C000471C] kernel_thread+0x44/0x60
Instruction dump:
913e000c 80030004 2f800000 419e0188 4be73599 2f830000 409e0144 801c0010
5400003a 7c001278 7c000034 5400d97e <0f000000> 39200004 7f401028 7d20112d
note: softirq-timer/0[5] exited with preempt_count 1
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists