lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080430195110.GA28743@dreamland.darkstar.lan>
Date:	Wed, 30 Apr 2008 21:51:10 +0200
From:	Luca Tettamanti <kronos.it@...il.com>
To:	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>
Cc:	linux-kernel@...r.kernel.org
Subject: [BUG] smp alternatives: sleeping function called from invalid
	context

Hello,
with git current I'm seeing these warnings when bringing CPUs down:

[13794.108805] CPU0 attaching NULL sched-domain.
[13794.108815] CPU1 attaching NULL sched-domain.
[13794.124695] Broke affinity for irq 22
[13794.192376] CPU 1 is now offline
[13794.192381] lockdep: fixing up alternatives.
[13794.192389] SMP alternatives: switching to UP code
[13794.192395] BUG: sleeping function called from invalid context at /home/kronos/src/linux-2.6.git/mm/slab.c:3049
[13794.192398] in_atomic():1, irqs_disabled():0
[13794.192401] 4 locks held by bash/11413:
[13794.192404]  #0:  (&buffer->mutex){--..}, at: [<ffffffff802c638c>] sysfs_write_file+0x36/0x10c
[13794.192417]  #1:  (cpu_add_remove_lock){--..}, at: [<ffffffff80253479>] cpu_down+0x12/0x32
[13794.192427]  #2:  (&cpu_hotplug.lock){--..}, at: [<ffffffff80253024>] cpu_hotplug_begin+0x36/0xa6
[13794.192435]  #3:  (smp_alt){--..}, at: [<ffffffff8021182f>] alternatives_smp_switch+0x63/0x1a5
[13794.192446] Pid: 11413, comm: bash Not tainted 2.6.25-64-05976-ge31a94e-dirty #68
[13794.192449]
[13794.192450] Call Trace:
[13794.192681]  [<ffffffff80280f61>] __kmalloc+0x29/0x7d
[13794.192695]  [<ffffffff80276415>] __get_vm_area_node+0x9a/0x1b1
[13794.192703]  [<ffffffff80209391>] clear_ti_thread_flag+0xc/0x12
[13794.192709]  [<ffffffff80276585>] get_vm_area_caller+0x2b/0x2e
[13794.192715]  [<ffffffff8021159d>] text_poke+0xdd/0x156
[13794.192719]  [<ffffffff80276cc5>] vmap+0x2d/0x5a
[13794.192727]  [<ffffffff8021159d>] text_poke+0xdd/0x156
[13794.192736]  [<ffffffff80446f1b>] _etext+0x0/0x5
[13794.192742]  [<ffffffff80211666>] alternatives_smp_unlock+0x50/0x65
[13794.192752]  [<ffffffff80211934>] alternatives_smp_switch+0x168/0x1a5
[13794.192758]  [<ffffffff80219439>] __cpus_weight+0x3f/0x41
[13794.192767]  [<ffffffff802532b4>] _cpu_down+0x18f/0x264
[13794.192796]  [<ffffffff8025348b>] cpu_down+0x24/0x32
[13794.192805]  [<ffffffff8043259d>] store_online+0x29/0x67
[13794.192812]  [<ffffffff802c642b>] sysfs_write_file+0xd5/0x10c
[13794.192824]  [<ffffffff80283cba>] vfs_write+0xa5/0xde
[13794.192832]  [<ffffffff80283da5>] sys_write+0x45/0x6b
[13794.192842]  [<ffffffff80221ed2>] ia32_sysret+0x0/0xa
[13794.192857]
[13794.208799] CPU0 attaching NULL sched-domain.

...and up:

[13803.369635] lockdep: fixing up alternatives.
[13803.369640] SMP alternatives: switching to SMP code
[13803.369645] BUG: sleeping function called from invalid context at /home/kronos/src/linux-2.6.git/mm/slab.c:3049
[13803.369648] in_atomic():1, irqs_disabled():0
[13803.369651] 4 locks held by bash/11413:
[13803.369654]  #0:  (&buffer->mutex){--..}, at: [<ffffffff802c638c>] sysfs_write_file+0x36/0x10c
[13803.369666]  #1:  (cpu_add_remove_lock){--..}, at: [<ffffffff8044115e>] cpu_up+0x40/0x64
[13803.369676]  #2:  (&cpu_hotplug.lock){--..}, at: [<ffffffff80253024>] cpu_hotplug_begin+0x36/0xa6
[13803.369686]  #3:  (smp_alt){--..}, at: [<ffffffff8021182f>] alternatives_smp_switch+0x63/0x1a5
[13803.369697] Pid: 11413, comm: bash Not tainted 2.6.25-64-05976-ge31a94e-dirty #68
[13803.369700]
[13803.369701] Call Trace:
[13803.369712]  [<ffffffff80280f61>] __kmalloc+0x29/0x7d
[13803.369721]  [<ffffffff80276415>] __get_vm_area_node+0x9a/0x1b1
[13803.369731]  [<ffffffff80209391>] clear_ti_thread_flag+0xc/0x12
[13803.369738]  [<ffffffff80446f1b>] _etext+0x0/0x5
[13803.369743]  [<ffffffff80276585>] get_vm_area_caller+0x2b/0x2e
[13803.369749]  [<ffffffff8021159d>] text_poke+0xdd/0x156
[13803.369753]  [<ffffffff80276cc5>] vmap+0x2d/0x5a
[13803.369763]  [<ffffffff8021159d>] text_poke+0xdd/0x156
[13803.369773]  [<ffffffff802118c5>] alternatives_smp_switch+0xf9/0x1a5
[13803.369795]  [<ffffffff8043f29e>] native_cpu_up+0x224/0x7fc
[13803.369804]  [<ffffffff8043ee95>] do_fork_idle+0x0/0x20
[13803.369833]  [<ffffffff80441098>] _cpu_up+0x91/0x117
[13803.369842]  [<ffffffff80441175>] cpu_up+0x57/0x64
[13803.369849]  [<ffffffff804325b7>] store_online+0x43/0x67
[13803.369856]  [<ffffffff802c642b>] sysfs_write_file+0xd5/0x10c
[13803.369867]  [<ffffffff80283cba>] vfs_write+0xa5/0xde
[13803.369875]  [<ffffffff80283da5>] sys_write+0x45/0x6b
[13803.369886]  [<ffffffff80221ed2>] ia32_sysret+0x0/0xa
[13803.369898]
[13803.380408] Booting processor 1/1 ip 6000
[13803.389154] Initializing CPU#1
[13803.389154] masked ExtINT on CPU#1

The bug has been introduced (assuming that I'm using git blame correctly) by this commit:

commit e587cadd8f47e202a30712e2906a65a0606d5865
Author: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>
Date:   Thu Mar 6 08:48:49 2008 -0500

    x86: enhance DEBUG_RODATA support - alternatives


In both code paths - cpu_up() and cpud_down() - alternatives_smp_switch ends up
calling text_poke() (via alternatives_smp_{,un}lock) with smp_alt held;
then text_poke does a vmap which might sleep!

Luca
-- 
Windows NT crashed.
I'm the Blue Screen of Death.
No one hears your screams.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ