From owner-freebsd-current@freebsd.org  Mon Aug  6 20:37:50 2018
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1FC510649EE
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Mon,  6 Aug 2018 20:37:49 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7547F89D2A
 for <freebsd-current@freebsd.org>; Mon,  6 Aug 2018 20:37:49 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from tom.home (kib@localhost [127.0.0.1])
 by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id w76Kbclc089748
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Mon, 6 Aug 2018 23:37:41 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua w76Kbclc089748
Received: (from kostik@localhost)
 by tom.home (8.15.2/8.15.2/Submit) id w76KbcPQ089747;
 Mon, 6 Aug 2018 23:37:38 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Mon, 6 Aug 2018 23:37:38 +0300
From: Konstantin Belousov <kostikbel@gmail.com>
To: Vladimir Kondratyev <vladimir@kondratyev.su>
Cc: Johannes Lundberg <johalun0@gmail.com>,
 freebsd-current <freebsd-current@freebsd.org>
Subject: Re: Linux process causes kernel panic
Message-ID: <20180806203738.GA6049@kib.kiev.ua>
References: <CAECmPwvAaSTimVyV1n+9PNKd_0JP6kLXnXyihoWEB3FHRHqa9w@mail.gmail.com>
 <20180803204250.GE6049@kib.kiev.ua>
 <CAECmPwt0kifzPFpgyYWJj7UvnUn2CGjUfQz2tuS5G0BYttTkZQ@mail.gmail.com>
 <20180804142235.GM6049@kib.kiev.ua>
 <CAECmPwu9eqH2UJo0LMNDj7nPXu7S1+9OWnd1swAabZLXcxo1Dg@mail.gmail.com>
 <5856e8a6-84a4-6fb4-c2d4-ecd56c5c5a94@kondratyev.su>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <5856e8a6-84a4-6fb4-c2d4-ecd56c5c5a94@kondratyev.su>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 20:37:50 -0000

On Mon, Aug 06, 2018 at 06:24:43PM +0300, Vladimir Kondratyev wrote:
> I've got similar panic right after skype start
> 
> Disabling of SMAP via loader tunable workarounded the panic for me.
> 
> Applying of the patch make skype eating 100%CPU in unkillable state.
> 
> tail of ktrace dump
> 
> š 1238 skypeššš CALLš linux_gettid
> š 1238 skypeššš RETšš linux_gettid 101123/0x18b03
> š 1238 skypeššš CALLš
> linux_sys_futex(0x3301edc,0x84,0x1,0x7fffffff,0x3301ec0,0x2)
> š 1238 skypeššš RETšš linux_sys_futex 0
> š 1238 skypeššš CALLš linux_sys_futex(0x33b0fac,0x80,0x1,0,0x33b0f90,0x1)
> š 1238 skypeššš CALLš linux_sys_futex(0x3301edc,0x80,0x1,0,0x3301ec0,0x1)
> š 1238 skypeššš RETšš linux_sys_futex -1 errno -11 Resource temporarily
> unavailable
> š 1238 skypeššš CALLš
> linux_sys_futex(0x3301ec0,0x81,0x1,0x3301ec0,0x33b02c8,0xffffc168)
> š 1238 skypeššš RETšš linux_sys_futex 0
> š 1238 skypeššš CALLš
> linux_sys_futex(0x33b0fac,0x85,0x1,0x1,0x33b0fa8,0x4000001)
> -- here it stops --
Can you fix your mail client ?

> ddb also shows that process is looping somewhere inside linux_sys_futex()

There are two bugs.  One is that ifuncs handling for relocations against
local symbols in elf obj modules was missed.  Patch below fixed it for me.

Second bug is that futexes seems to not handle accesses to the CoW
mappings which are not yet copied.  I think that the second bug is
irrelevant for your case, since it worked before.

Try this patch in addition to the linux/ patches I sent before.

diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c
index 43f85bd17c9..872cb79f38b 100644
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@@ -142,7 +142,7 @@ static int	link_elf_each_function_name(linker_file_t,
 static int	link_elf_each_function_nameval(linker_file_t,
 				linker_function_nameval_callback_t,
 				void *);
-static int	link_elf_reloc_local(linker_file_t);
+static int	link_elf_reloc_local(linker_file_t, bool);
 static long	link_elf_symtab_get(linker_file_t, const Elf_Sym **);
 static long	link_elf_strtab_get(linker_file_t, caddr_t *);
 
@@ -441,7 +441,10 @@ link_elf_link_preload(linker_class_t cls, const char *filename,
 	}
 
 	/* Local intra-module relocations */
-	error = link_elf_reloc_local(lf);
+	error = link_elf_reloc_local(lf, false);
+	if (error != 0)
+		goto out;
+	error = link_elf_reloc_local(lf, true);
 	if (error != 0)
 		goto out;
 
@@ -969,7 +972,7 @@ link_elf_load_file(linker_class_t cls, const char *filename,
 	}
 
 	/* Local intra-module relocations */
-	error = link_elf_reloc_local(lf);
+	error = link_elf_reloc_local(lf, false);
 	if (error != 0)
 		goto out;
 
@@ -985,6 +988,11 @@ link_elf_load_file(linker_class_t cls, const char *filename,
 	if (error)
 		goto out;
 
+	/* Now ifuncs. */
+	error = link_elf_reloc_local(lf, true);
+	if (error != 0)
+		goto out;
+
 	/* Notify MD code that a module is being loaded. */
 	error = elf_cpu_load_file(lf);
 	if (error)
@@ -1374,7 +1382,10 @@ elf_obj_lookup(linker_file_t lf, Elf_Size symidx, int deps, Elf_Addr *res)
 
 	/* Quick answer if there is a definition included. */
 	if (sym->st_shndx != SHN_UNDEF) {
-		*res = sym->st_value;
+		res1 = (Elf_Addr)sym->st_value;
+		if (ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC)
+			res1 = ((Elf_Addr (*)(void))res1)();
+		*res = res1;
 		return (0);
 	}
 
@@ -1470,7 +1481,7 @@ link_elf_fix_link_set(elf_file_t ef)
 }
 
 static int
-link_elf_reloc_local(linker_file_t lf)
+link_elf_reloc_local(linker_file_t lf, bool ifuncs)
 {
 	elf_file_t ef = (elf_file_t)lf;
 	const Elf_Rel *rellim;
@@ -1505,8 +1516,13 @@ link_elf_reloc_local(linker_file_t lf)
 			/* Only do local relocs */
 			if (ELF_ST_BIND(sym->st_info) != STB_LOCAL)
 				continue;
-			elf_reloc_local(lf, base, rel, ELF_RELOC_REL,
-			    elf_obj_lookup);
+			if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) ==
+			    ifuncs)
+				elf_reloc_local(lf, base, rel, ELF_RELOC_REL,
+				    elf_obj_lookup);
+			else if (ifuncs)
+				elf_reloc_ifunc(lf, base, rel, ELF_RELOC_REL,
+				    elf_obj_lookup);
 		}
 	}
 
@@ -1531,8 +1547,13 @@ link_elf_reloc_local(linker_file_t lf)
 			/* Only do local relocs */
 			if (ELF_ST_BIND(sym->st_info) != STB_LOCAL)
 				continue;
-			elf_reloc_local(lf, base, rela, ELF_RELOC_RELA,
-			    elf_obj_lookup);
+			if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) ==
+			    ifuncs)
+				elf_reloc_local(lf, base, rela, ELF_RELOC_RELA,
+				    elf_obj_lookup);
+			else if (ifuncs)
+				elf_reloc_ifunc(lf, base, rela, ELF_RELOC_RELA,
+				    elf_obj_lookup);
 		}
 	}
 	return (0);