From owner-freebsd-current@freebsd.org Mon Aug 6 20:41:59 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48E841064D24 for ; Mon, 6 Aug 2018 20:41:59 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C8D178A21E for ; Mon, 6 Aug 2018 20:41:58 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id w76Kfmpi090910 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 6 Aug 2018 23:41:51 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua w76Kfmpi090910 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id w76KfmbC090909; Mon, 6 Aug 2018 23:41:48 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 6 Aug 2018 23:41:48 +0300 From: Konstantin Belousov To: Vladimir Kondratyev Cc: Johannes Lundberg , freebsd-current Subject: Re: Linux process causes kernel panic Message-ID: <20180806204148.GB6049@kib.kiev.ua> References: <20180803204250.GE6049@kib.kiev.ua> <20180804142235.GM6049@kib.kiev.ua> <5856e8a6-84a4-6fb4-c2d4-ecd56c5c5a94@kondratyev.su> <20180806203738.GA6049@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180806203738.GA6049@kib.kiev.ua> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 20:41:59 -0000 On Mon, Aug 06, 2018 at 11:37:38PM +0300, Konstantin Belousov wrote: > On Mon, Aug 06, 2018 at 06:24:43PM +0300, Vladimir Kondratyev wrote: > > I've got similar panic right after skype start > > > > Disabling of SMAP via loader tunable workarounded the panic for me. > > > > Applying of the patch make skype eating 100%CPU in unkillable state. > > > > tail of ktrace dump > > > > š 1238 skypeššš CALLš linux_gettid > > š 1238 skypeššš RETšš linux_gettid 101123/0x18b03 > > š 1238 skypeššš CALLš > > linux_sys_futex(0x3301edc,0x84,0x1,0x7fffffff,0x3301ec0,0x2) > > š 1238 skypeššš RETšš linux_sys_futex 0 > > š 1238 skypeššš CALLš linux_sys_futex(0x33b0fac,0x80,0x1,0,0x33b0f90,0x1) > > š 1238 skypeššš CALLš linux_sys_futex(0x3301edc,0x80,0x1,0,0x3301ec0,0x1) > > š 1238 skypeššš RETšš linux_sys_futex -1 errno -11 Resource temporarily > > unavailable > > š 1238 skypeššš CALLš > > linux_sys_futex(0x3301ec0,0x81,0x1,0x3301ec0,0x33b02c8,0xffffc168) > > š 1238 skypeššš RETšš linux_sys_futex 0 > > š 1238 skypeššš CALLš > > linux_sys_futex(0x33b0fac,0x85,0x1,0x1,0x33b0fa8,0x4000001) > > -- here it stops -- > Can you fix your mail client ? > > > ddb also shows that process is looping somewhere inside linux_sys_futex() > > There are two bugs. One is that ifuncs handling for relocations against > local symbols in elf obj modules was missed. Patch below fixed it for me. > > Second bug is that futexes seems to not handle accesses to the CoW > mappings which are not yet copied. I think that the second bug is > irrelevant for your case, since it worked before. > > Try this patch in addition to the linux/ patches I sent before. Wrong patch, I forgot to commit part of the changes. diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c index 43f85bd17c9..94d29769142 100644 --- a/sys/kern/link_elf_obj.c +++ b/sys/kern/link_elf_obj.c @@ -142,7 +142,7 @@ static int link_elf_each_function_name(linker_file_t, static int link_elf_each_function_nameval(linker_file_t, linker_function_nameval_callback_t, void *); -static int link_elf_reloc_local(linker_file_t); +static int link_elf_reloc_local(linker_file_t, bool); static long link_elf_symtab_get(linker_file_t, const Elf_Sym **); static long link_elf_strtab_get(linker_file_t, caddr_t *); @@ -441,10 +441,9 @@ link_elf_link_preload(linker_class_t cls, const char *filename, } /* Local intra-module relocations */ - error = link_elf_reloc_local(lf); + error = link_elf_reloc_local(lf, false); if (error != 0) goto out; - *result = lf; return (0); @@ -479,13 +478,18 @@ link_elf_link_preload_finish(linker_file_t lf) ef = (elf_file_t)lf; error = relocate_file(ef); if (error) - return error; + return (error); /* Notify MD code that a module is being loaded. */ error = elf_cpu_load_file(lf); if (error) return (error); + /* Now ifuncs. */ + error = link_elf_reloc_local(lf, true); + if (error != 0) + return (error); + /* Invoke .ctors */ link_elf_invoke_ctors(lf->ctors_addr, lf->ctors_size); return (0); @@ -969,7 +973,7 @@ link_elf_load_file(linker_class_t cls, const char *filename, } /* Local intra-module relocations */ - error = link_elf_reloc_local(lf); + error = link_elf_reloc_local(lf, false); if (error != 0) goto out; @@ -990,6 +994,11 @@ link_elf_load_file(linker_class_t cls, const char *filename, if (error) goto out; + /* Now ifuncs. */ + error = link_elf_reloc_local(lf, true); + if (error != 0) + goto out; + /* Invoke .ctors */ link_elf_invoke_ctors(lf->ctors_addr, lf->ctors_size); @@ -1374,7 +1383,10 @@ elf_obj_lookup(linker_file_t lf, Elf_Size symidx, int deps, Elf_Addr *res) /* Quick answer if there is a definition included. */ if (sym->st_shndx != SHN_UNDEF) { - *res = sym->st_value; + res1 = (Elf_Addr)sym->st_value; + if (ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) + res1 = ((Elf_Addr (*)(void))res1)(); + *res = res1; return (0); } @@ -1470,7 +1482,7 @@ link_elf_fix_link_set(elf_file_t ef) } static int -link_elf_reloc_local(linker_file_t lf) +link_elf_reloc_local(linker_file_t lf, bool ifuncs) { elf_file_t ef = (elf_file_t)lf; const Elf_Rel *rellim; @@ -1505,8 +1517,13 @@ link_elf_reloc_local(linker_file_t lf) /* Only do local relocs */ if (ELF_ST_BIND(sym->st_info) != STB_LOCAL) continue; - elf_reloc_local(lf, base, rel, ELF_RELOC_REL, - elf_obj_lookup); + if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) == + ifuncs) + elf_reloc_local(lf, base, rel, ELF_RELOC_REL, + elf_obj_lookup); + else if (ifuncs) + elf_reloc_ifunc(lf, base, rel, ELF_RELOC_REL, + elf_obj_lookup); } } @@ -1531,8 +1548,13 @@ link_elf_reloc_local(linker_file_t lf) /* Only do local relocs */ if (ELF_ST_BIND(sym->st_info) != STB_LOCAL) continue; - elf_reloc_local(lf, base, rela, ELF_RELOC_RELA, - elf_obj_lookup); + if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) == + ifuncs) + elf_reloc_local(lf, base, rela, ELF_RELOC_RELA, + elf_obj_lookup); + else if (ifuncs) + elf_reloc_ifunc(lf, base, rela, ELF_RELOC_RELA, + elf_obj_lookup); } } return (0);