| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170414142300.z2risazpvpmjkmfp@hirez.programming.kicks-ass.net>
Date: Fri, 14 Apr 2017 16:23:00 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Tony Lindgren <tony@...mide.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org,
juri.lelli@....com, bigeasy@...utronix.de, xlpang@...hat.com,
rostedt@...dmis.org, mathieu.desnoyers@...icios.com,
jdesfossez@...icios.com, dvhart@...radead.org, bristot@...hat.com
Subject: Re: [PATCH] futex: Fix hrtimer oops in futex_lock_pi()
On Fri, Apr 14, 2017 at 07:08:19AM -0700, Tony Lindgren wrote:
> Commit cfafcd117da0 ("futex: Rework futex_lock_pi() to use
> rt_mutex_*_proxy_lock()") caused a regression where things would
> occasionally randomly oops when restarting X:
>
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> ...
> Internal error: Oops: 80000005 [#1] SMP ARM
> ...
> PC is at 0x0
> LR is at __hrtimer_run_queues+0x138/0x58c
> pc : [<00000000>] lr : [<c01c7884>] psr: 20000193
> ...
> [<c01c7884>] (__hrtimer_run_queues) from [<c01c7f4c>]
> (hrtimer_interrupt+0xbc/0x210)
> [<c01c7f4c>] (hrtimer_interrupt) from [<c010fcfc>]
> ...
>
> When this happens, the hrtimer is not properly initialized and it's
> function is NULL. This happens because we now call hrtimer_start_expires()
> in futex_lock_pi() for the timer initialized with hrtimer_init_on_stack().
>
> To fix it, let's pair the hrtimer_start_expires() with hrtimer_cancel()
> in the same function.
Already fixed:
https://lkml.kernel.org/r/tip-97181f9bd57405b879403763284537e27d46963d@git.kernel.org
Thanks for the patch though.
Powered by blists - more mailing lists