Date: Mon, 6 Aug 2018 23:37:38 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Vladimir Kondratyev <vladimir@kondratyev.su> Cc: Johannes Lundberg <johalun0@gmail.com>, freebsd-current <freebsd-current@freebsd.org> Subject: Re: Linux process causes kernel panic Message-ID: <20180806203738.GA6049@kib.kiev.ua> In-Reply-To: <5856e8a6-84a4-6fb4-c2d4-ecd56c5c5a94@kondratyev.su> References: <CAECmPwvAaSTimVyV1n%2B9PNKd_0JP6kLXnXyihoWEB3FHRHqa9w@mail.gmail.com> <20180803204250.GE6049@kib.kiev.ua> <CAECmPwt0kifzPFpgyYWJj7UvnUn2CGjUfQz2tuS5G0BYttTkZQ@mail.gmail.com> <20180804142235.GM6049@kib.kiev.ua> <CAECmPwu9eqH2UJo0LMNDj7nPXu7S1%2B9OWnd1swAabZLXcxo1Dg@mail.gmail.com> <5856e8a6-84a4-6fb4-c2d4-ecd56c5c5a94@kondratyev.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 06, 2018 at 06:24:43PM +0300, Vladimir Kondratyev wrote: > I've got similar panic right after skype start > > Disabling of SMAP via loader tunable workarounded the panic for me. > > Applying of the patch make skype eating 100%CPU in unkillable state. > > tail of ktrace dump > > š 1238 skypeššš CALLš linux_gettid > š 1238 skypeššš RETšš linux_gettid 101123/0x18b03 > š 1238 skypeššš CALLš > linux_sys_futex(0x3301edc,0x84,0x1,0x7fffffff,0x3301ec0,0x2) > š 1238 skypeššš RETšš linux_sys_futex 0 > š 1238 skypeššš CALLš linux_sys_futex(0x33b0fac,0x80,0x1,0,0x33b0f90,0x1) > š 1238 skypeššš CALLš linux_sys_futex(0x3301edc,0x80,0x1,0,0x3301ec0,0x1) > š 1238 skypeššš RETšš linux_sys_futex -1 errno -11 Resource temporarily > unavailable > š 1238 skypeššš CALLš > linux_sys_futex(0x3301ec0,0x81,0x1,0x3301ec0,0x33b02c8,0xffffc168) > š 1238 skypeššš RETšš linux_sys_futex 0 > š 1238 skypeššš CALLš > linux_sys_futex(0x33b0fac,0x85,0x1,0x1,0x33b0fa8,0x4000001) > -- here it stops -- Can you fix your mail client ? > ddb also shows that process is looping somewhere inside linux_sys_futex() There are two bugs. One is that ifuncs handling for relocations against local symbols in elf obj modules was missed. Patch below fixed it for me. Second bug is that futexes seems to not handle accesses to the CoW mappings which are not yet copied. I think that the second bug is irrelevant for your case, since it worked before. Try this patch in addition to the linux/ patches I sent before. diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c index 43f85bd17c9..872cb79f38b 100644 --- a/sys/kern/link_elf_obj.c +++ b/sys/kern/link_elf_obj.c @@ -142,7 +142,7 @@ static int link_elf_each_function_name(linker_file_t, static int link_elf_each_function_nameval(linker_file_t, linker_function_nameval_callback_t, void *); -static int link_elf_reloc_local(linker_file_t); +static int link_elf_reloc_local(linker_file_t, bool); static long link_elf_symtab_get(linker_file_t, const Elf_Sym **); static long link_elf_strtab_get(linker_file_t, caddr_t *); @@ -441,7 +441,10 @@ link_elf_link_preload(linker_class_t cls, const char *filename, } /* Local intra-module relocations */ - error = link_elf_reloc_local(lf); + error = link_elf_reloc_local(lf, false); + if (error != 0) + goto out; + error = link_elf_reloc_local(lf, true); if (error != 0) goto out; @@ -969,7 +972,7 @@ link_elf_load_file(linker_class_t cls, const char *filename, } /* Local intra-module relocations */ - error = link_elf_reloc_local(lf); + error = link_elf_reloc_local(lf, false); if (error != 0) goto out; @@ -985,6 +988,11 @@ link_elf_load_file(linker_class_t cls, const char *filename, if (error) goto out; + /* Now ifuncs. */ + error = link_elf_reloc_local(lf, true); + if (error != 0) + goto out; + /* Notify MD code that a module is being loaded. */ error = elf_cpu_load_file(lf); if (error) @@ -1374,7 +1382,10 @@ elf_obj_lookup(linker_file_t lf, Elf_Size symidx, int deps, Elf_Addr *res) /* Quick answer if there is a definition included. */ if (sym->st_shndx != SHN_UNDEF) { - *res = sym->st_value; + res1 = (Elf_Addr)sym->st_value; + if (ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) + res1 = ((Elf_Addr (*)(void))res1)(); + *res = res1; return (0); } @@ -1470,7 +1481,7 @@ link_elf_fix_link_set(elf_file_t ef) } static int -link_elf_reloc_local(linker_file_t lf) +link_elf_reloc_local(linker_file_t lf, bool ifuncs) { elf_file_t ef = (elf_file_t)lf; const Elf_Rel *rellim; @@ -1505,8 +1516,13 @@ link_elf_reloc_local(linker_file_t lf) /* Only do local relocs */ if (ELF_ST_BIND(sym->st_info) != STB_LOCAL) continue; - elf_reloc_local(lf, base, rel, ELF_RELOC_REL, - elf_obj_lookup); + if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) == + ifuncs) + elf_reloc_local(lf, base, rel, ELF_RELOC_REL, + elf_obj_lookup); + else if (ifuncs) + elf_reloc_ifunc(lf, base, rel, ELF_RELOC_REL, + elf_obj_lookup); } } @@ -1531,8 +1547,13 @@ link_elf_reloc_local(linker_file_t lf) /* Only do local relocs */ if (ELF_ST_BIND(sym->st_info) != STB_LOCAL) continue; - elf_reloc_local(lf, base, rela, ELF_RELOC_RELA, - elf_obj_lookup); + if ((ELF_ST_TYPE(sym->st_info) == STT_GNU_IFUNC) == + ifuncs) + elf_reloc_local(lf, base, rela, ELF_RELOC_RELA, + elf_obj_lookup); + else if (ifuncs) + elf_reloc_ifunc(lf, base, rela, ELF_RELOC_RELA, + elf_obj_lookup); } } return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180806203738.GA6049>