Bug#476285: linux-image-2.6.24-1-parisc: panics on boot in cmpxchg_futex_value_locked
Package: linux-image-2.6.24-1-parisc
Version: 2.6.24-5
Severity: critical
Tags: patch
Justification: breaks the whole system
This actually isn't just a bug in debian, it affects every distro which
uses the stable tree as a base
for instance, the gentoo bug is here:
http://bugs.gentoo.org/show_bug.cgi?id=217030
The panic is:
backtrace:
[<10587970>] init+0x20/0xc4
[<105807e0>] kernel_init+0xf4/0x328
[<10109c5c>] ret_from_kernel_thread+0x1c/0x24
Kernel Fault: Code=26 regs=8fc241c0 (Addr=00000000)
YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
PSW: 00000000000001001111111100001111 Not tainted
r00-03 0004ff0f 104fc140 10587970 f0412000
r04-07 00000000 105b57c0 00000000 00000000
r08-11 00000000 1059b810 105b5810 104c3810
r12-15 10568810 1059b810 8fc24088 3b9aca00
r16-19 f00008c4 f000017c f0000174 00000000
r20-23 00004000 000007ff 10587950 00000001
r24-27 00000000 00000000 00000000 104c6010
r28-31 8fc24000 c99f4bdd 8fc241c0 105807e0
sr00-03 00000000 00000000 00000000 00000000
sr04-07 00000000 00000000 00000000 00000000
IASQ: 00000000 00000000 IAOQ: 101433b8 101433bc
IIR: 0f401089 ISR: 00000000 IOR: 00000000
CPU: 0 CR30: 8fc24000 CR31: 11111111
ORIG_R28: 55555555
IAOQ[0]: cmpxchg_futex_value_locked+0x28/0x9c
IAOQ[1]: cmpxchg_futex_value_locked+0x2c/0x9c
RP(r2): init+0x20/0xc4
Kernel panic - not syncing: Kernel Fault
The root cause is a backport of this commit:
commit a0c1e9073ef7428a14309cba010633a6cd6719ea
Author: Thomas Gleixner <tglx@linutronix.de>
Date: Sat Feb 23 15:23:57 2008 -0800
futex: runtime enable pi and robust functionality
To the stable tree (went in for 2.6.24.4). This breaks parisc because
we weren't set up to process NULL as a futex cmpxchg address. We
found and fixed the bug upstream as:
commit c20a84c91048c76c1379011c96b1a5cee5c7d9a0
Author: Kyle McMartin <kyle@shortfin.cabal.ca>
Date: Sat Mar 1 10:25:52 2008 -0800
[PARISC] futex: special case cmpxchg NULL in kernel space
but, because we didn't know tglx had requested a backport, the fix
wasn't backported to stable.
I'll send the necessary patch into stable, but to get parisc working
again on debian it has to be applied on top of the current kernel.
NOTE: This bug was introduced into 2.6.24.4; 2.6.24.3 doesn't have it.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (650, 'testing')
Architecture: hppa (parisc)
Kernel: Linux 2.6.22-3-parisc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages linux-image-2.6.24-1-parisc depends on:
ii debconf [debconf-2.0] 1.5.20 Debian configuration management sy
ii initramfs-tools [linux-initr 0.91e tools for generating an initramfs
ii module-init-tools 3.3-pre11-4 tools for managing Linux kernel mo
linux-image-2.6.24-1-parisc recommends no packages.
-- debconf information excluded
*** parisc-cmpxchg-fix.diff
>From c8d402df60b3aad85b30cfe7df20f829ef6eb895 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@shortfin.cabal.ca>
Date: Sat, 1 Mar 2008 10:25:52 -0800
Subject: [PARISC] futex: special case cmpxchg NULL in kernel space
Commit a0c1e9073ef7428a14309cba010633a6cd6719ea added code to futex.c
to detect whether futex_atomic_cmpxchg_inatomic was implemented at run
time:
+ curval = cmpxchg_futex_value_locked(NULL, 0, 0);
+ if (curval == -EFAULT)
+ futex_cmpxchg_enabled = 1;
This is bogus on parisc, since page zero in kernel virtual space is the
gateway page for syscall entry, and should not be read from the kernel.
(That, and we really don't like the kernel faulting on its own address
space...)
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
---
include/asm-parisc/futex.h | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/asm-parisc/futex.h b/include/asm-parisc/futex.h
index dbee6e6..fdc6d05 100644
--- a/include/asm-parisc/futex.h
+++ b/include/asm-parisc/futex.h
@@ -56,6 +56,12 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
int err = 0;
int uval;
+ /* futex.c wants to do a cmpxchg_inatomic on kernel NULL, which is
+ * our gateway page, and causes no end of trouble...
+ */
+ if (segment_eq(KERNEL_DS, get_fs()) && !uaddr)
+ return -EFAULT;
+
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
return -EFAULT;
@@ -67,5 +73,5 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
return uval;
}
-#endif
-#endif
+#endif /*__KERNEL__*/
+#endif /*_ASM_PARISC_FUTEX_H*/
--
1.5.3.8
Reply to: