[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#476285: linux-image-2.6.24-1-parisc: panics on boot in cmpxchg_futex_value_locked

Package: linux-image-2.6.24-1-parisc
Version: 2.6.24-5
Severity: critical
Tags: patch
Justification: breaks the whole system


This actually isn't just a bug in debian, it affects every distro which
uses the stable tree as a base

for instance, the gentoo bug is here:

http://bugs.gentoo.org/show_bug.cgi?id=217030

The panic is:

backtrace:
 [<10587970>] init+0x20/0xc4
 [<105807e0>] kernel_init+0xf4/0x328
 [<10109c5c>] ret_from_kernel_thread+0x1c/0x24


Kernel Fault: Code=26 regs=8fc241c0 (Addr=00000000)

     YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
PSW: 00000000000001001111111100001111 Not tainted
r00-03  0004ff0f 104fc140 10587970 f0412000
r04-07  00000000 105b57c0 00000000 00000000
r08-11  00000000 1059b810 105b5810 104c3810
r12-15  10568810 1059b810 8fc24088 3b9aca00
r16-19  f00008c4 f000017c f0000174 00000000
r20-23  00004000 000007ff 10587950 00000001
r24-27  00000000 00000000 00000000 104c6010
r28-31  8fc24000 c99f4bdd 8fc241c0 105807e0
sr00-03  00000000 00000000 00000000 00000000                                    
sr04-07  00000000 00000000 00000000 00000000                                    

IASQ: 00000000 00000000 IAOQ: 101433b8 101433bc                                 
 IIR: 0f401089    ISR: 00000000  IOR: 00000000                                  
 CPU:        0   CR30: 8fc24000 CR31: 11111111                                  
 ORIG_R28: 55555555                                                             
 IAOQ[0]: cmpxchg_futex_value_locked+0x28/0x9c                                  
 IAOQ[1]: cmpxchg_futex_value_locked+0x2c/0x9c                                  
 RP(r2): init+0x20/0xc4                                                         
Kernel panic - not syncing: Kernel Fault   


The root cause is a backport of this commit:

commit a0c1e9073ef7428a14309cba010633a6cd6719ea
Author: Thomas Gleixner <tglx@linutronix.de>
Date:   Sat Feb 23 15:23:57 2008 -0800

    futex: runtime enable pi and robust functionality

To the stable tree (went in for 2.6.24.4).  This breaks parisc because
we weren't set up to process NULL as a futex cmpxchg address.  We
found and fixed the bug upstream as:

commit c20a84c91048c76c1379011c96b1a5cee5c7d9a0
Author: Kyle McMartin <kyle@shortfin.cabal.ca>
Date:   Sat Mar 1 10:25:52 2008 -0800

    [PARISC] futex: special case cmpxchg NULL in kernel space

but, because we didn't know tglx had requested a backport, the fix
wasn't backported to stable.

I'll send the necessary patch into stable, but to get parisc working
again on debian it has to be applied on top of the current kernel.

NOTE: This bug was introduced into 2.6.24.4; 2.6.24.3 doesn't have it.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (650, 'testing')
Architecture: hppa (parisc)

Kernel: Linux 2.6.22-3-parisc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages linux-image-2.6.24-1-parisc depends on:
ii  debconf [debconf-2.0]        1.5.20      Debian configuration management sy
ii  initramfs-tools [linux-initr 0.91e       tools for generating an initramfs
ii  module-init-tools            3.3-pre11-4 tools for managing Linux kernel mo

linux-image-2.6.24-1-parisc recommends no packages.

-- debconf information excluded

*** parisc-cmpxchg-fix.diff
>From c8d402df60b3aad85b30cfe7df20f829ef6eb895 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@shortfin.cabal.ca>
Date: Sat, 1 Mar 2008 10:25:52 -0800
Subject: [PARISC] futex: special case cmpxchg NULL in kernel space

Commit a0c1e9073ef7428a14309cba010633a6cd6719ea added code to futex.c
to detect whether futex_atomic_cmpxchg_inatomic was implemented at run
time:

+       curval = cmpxchg_futex_value_locked(NULL, 0, 0);
+       if (curval == -EFAULT)
+               futex_cmpxchg_enabled = 1;

This is bogus on parisc, since page zero in kernel virtual space is the
gateway page for syscall entry, and should not be read from the kernel.
(That, and we really don't like the kernel faulting on its own address
 space...)

Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
---
 include/asm-parisc/futex.h |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/include/asm-parisc/futex.h b/include/asm-parisc/futex.h
index dbee6e6..fdc6d05 100644
--- a/include/asm-parisc/futex.h
+++ b/include/asm-parisc/futex.h
@@ -56,6 +56,12 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
 	int err = 0;
 	int uval;
 
+	/* futex.c wants to do a cmpxchg_inatomic on kernel NULL, which is
+	 * our gateway page, and causes no end of trouble...
+	 */
+	if (segment_eq(KERNEL_DS, get_fs()) && !uaddr)
+		return -EFAULT;
+
 	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
 		return -EFAULT;
 
@@ -67,5 +73,5 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
 	return uval;
 }
 
-#endif
-#endif
+#endif /*__KERNEL__*/
+#endif /*_ASM_PARISC_FUTEX_H*/
-- 
1.5.3.8
Reply to: