Date: Mon, 6 Aug 2018 23:41:48 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Vladimir Kondratyev <vladimir@kondratyev.su> Cc: Johannes Lundberg <johalun0@gmail.com>, freebsd-current <freebsd-current@freebsd.org> Subject: Re: Linux process causes kernel panic Message-ID: <20180806204148.GB6049@kib.kiev.ua> In-Reply-To: <20180806203738.GA6049@kib.kiev.ua> References: <CAECmPwvAaSTimVyV1n%2B9PNKd_0JP6kLXnXyihoWEB3FHRHqa9w@mail.gmail.com> <20180803204250.GE6049@kib.kiev.ua> <CAECmPwt0kifzPFpgyYWJj7UvnUn2CGjUfQz2tuS5G0BYttTkZQ@mail.gmail.com> <20180804142235.GM6049@kib.kiev.ua> <CAECmPwu9eqH2UJo0LMNDj7nPXu7S1%2B9OWnd1swAabZLXcxo1Dg@mail.gmail.com> <5856e8a6-84a4-6fb4-c2d4-ecd56c5c5a94@kondratyev.su> <20180806203738.GA6049@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 06, 2018 at 11:37:38PM +0300, Konstantin Belousov wrote:
> On Mon, Aug 06, 2018 at 06:24:43PM +0300, Vladimir Kondratyev wrote:
> > I've got similar panic right after skype start
> >
> > Disabling of SMAP via loader tunable workarounded the panic for me.
> >
> > Applying of the patch make skype eating 100%CPU in unkillable state.
> >
> > tail of ktrace dump
> >
> > š 1238 skypeššš CALLš linux_gettid
> > š 1238 skypeššš RETšš linux_gettid 101123/0x18b03
> > š 1238 skypeššš CALLš
> > linux_sys_futex(0x3301edc,0x84,0x1,0x7fffffff,0x3301ec0,0x2)
> > š 1238 skypeššš RETšš linux_sys_futex 0
> > š 1238 skypeššš CALLš linux_sys_futex(0x33b0fac,0x80,0x1,0,0x33b0f90,0x1)
> > š 1238 skypeššš CALLš linux_sys_futex(0x3301edc,0x80,0x1,0,0x3301ec0,0x1)
> > š 1238 skypeššš RETšš linux_sys_futex -1 errno -11 Resource temporarily
> > unavailable
> > š 1238 skypeššš CALLš
> > linux_sys_futex(0x3301ec0,0x81,0x1,0x3301ec0,0x33b02c8,0xffffc168)
> > š 1238 skypeššš RETšš linux_sys_futex 0
> > š 1238 skypeššš CALLš
> > linux_sys_futex(0x33b0fac,0x85,0x1,0x1,0x33b0fa8,0x4000001)
> > -- here it stops --
> Can you fix your mail client ?
>
> > ddb also shows that process is looping somewhere inside linux_sys_futex()
>
> There are two bugs. One is that ifuncs handling for relocations against
> local symbols in elf obj modules was missed. Patch below fixed it for me.
>
> Second bug is that futexes seems to not handle accesses to the CoW
> mappings which are not yet copied. I think that the second bug is
> irrelevant for your case, since it worked before.
>
> Try this patch in addition to the linux/ patches I sent before.
Wrong patch, I forgot to commit part of the changes.
diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c
index 43f85bd17c9..94d29769142 100644
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@@ -142,7 +142,7 @@ static int link_elf_each_function_name(linker_file_t,
static int link_elf_each_function_nameval(linker_file_t,
linker_function_nameval_callback_t,
void *);
-static int link_elf_reloc_local(linker_file_t);
+static int link_elf_reloc_local(linker_file_t, bool);
static long link_elf_symtab_get(linker_file_t, const Elf_Sym **);
static long link_elf_strtab_get(linker_file_t, caddr_t *);
@@ -441,10 +441,9 @@ link_elf_link_preload(linker_class_t cls, const char *filename,
}
/* Local intra-module relocations */
- error = link_elf_reloc_local(lf);
+ error = link_elf_reloc_local(lf, false);
if (error != 0)
goto out;
-
*result = lf;
return (0);
@@ -479,13 +478,18 @@ link_elf_link_preload_finish(linker_file_t lf)
ef = (elf_file_t)lf;
error = relocate_file(ef);
if (error)
- return error;
+ return (error);
/* Notify MD code that a module is being loaded. */
error = elf_cpu_load_file(lf);
if (error)
return (error);
+ /* Now ifuncs. */
+ error = link_elf_reloc_local(lf, true);
+ if (error != 0)
+ return (error);
+
/* Invoke .ctors */
link_elf_invoke_ctors(lf->ctors_addr, lf->ctors_size);
return (0);
@@ -969,7 +973,7 @@ link_elf_load_file(linker_class_t cls, const char *filename,
}
/* Local intra-module relocations */
- error = link_elf_reloc_local(lf);
+ error = link_elf_reloc_local(lf, false);
if (error != 0)
goto out;
@@ -990,6 +994,11 @@ link_elf_load_file(linker_class_t cls, const char *filename,
if (error)
goto out;
+ /* Now ifuncs. */
+ error = link_elf_reloc_local(lf, true);
+ if (error != 0)
+ goto out;
+
/* Invoke .ctors */
link_elf_invoke_ctors(lf->ctors_addr, lf->ctors_size);
@@ -1374,7 +1383,10 @@ elf_obj_lookup(linker_file_t lf, Elf_Size symidx, int deps, Elf_Addr *res)
/* Quick answer if there is a definition included. */
if (sym->st_shndx != SHN_UNDEF) {
- *res = sym->st_value;
+ res1 = (Elf_Addr)sym->st_value;
+ if (ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC)
+ res1 = ((Elf_Addr (*)(void))res1)();
+ *res = res1;
return (0);
}
@@ -1470,7 +1482,7 @@ link_elf_fix_link_set(elf_file_t ef)
}
static int
-link_elf_reloc_local(linker_file_t lf)
+link_elf_reloc_local(linker_file_t lf, bool ifuncs)
{
elf_file_t ef = (elf_file_t)lf;
const Elf_Rel *rellim;
@@ -1505,8 +1517,13 @@ link_elf_reloc_local(linker_file_t lf)
/* Only do local relocs */
if (ELF_ST_BIND(sym->st_info) != STB_LOCAL)
continue;
- elf_reloc_local(lf, base, rel, ELF_RELOC_REL,
- elf_obj_lookup);
+ if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) ==
+ ifuncs)
+ elf_reloc_local(lf, base, rel, ELF_RELOC_REL,
+ elf_obj_lookup);
+ else if (ifuncs)
+ elf_reloc_ifunc(lf, base, rel, ELF_RELOC_REL,
+ elf_obj_lookup);
}
}
@@ -1531,8 +1548,13 @@ link_elf_reloc_local(linker_file_t lf)
/* Only do local relocs */
if (ELF_ST_BIND(sym->st_info) != STB_LOCAL)
continue;
- elf_reloc_local(lf, base, rela, ELF_RELOC_RELA,
- elf_obj_lookup);
+ if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) ==
+ ifuncs)
+ elf_reloc_local(lf, base, rela, ELF_RELOC_RELA,
+ elf_obj_lookup);
+ else if (ifuncs)
+ elf_reloc_ifunc(lf, base, rela, ELF_RELOC_RELA,
+ elf_obj_lookup);
}
}
return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180806204148.GB6049>