Hi,
PaX Team has sent me this patch for inclusion. Basically, during early
boot on x86, the exception handler does not make a special case for
exceptions which push an error code onto the stack, leading to a return
to a wrong address. Two patches were proposed, one which would add a
special case for all exceptions using the return code, and this one. The
former was of no use in its form because the return from the exception
handler would get back to the faulting exception, causing it to loop.
This one should be better as it effectively hangs the system using HLT
to prevent CPU from burning.
If nobody has any objections, I will merge it. In this case, I would also
like someone to check if 2.6 needs it and to port it in this case.
Thanks,
Willy
--
fix the longest existing kernel bug ever (since 0.01 ;-). basically,
the dummy interrupt handler installed for the early boot period does
not work for exceptions that push an error code as well, effectively
making the iret at the end of the handler to trigger another exception,
ad infinitum, or rather, until the kernel stack runs over, trashes all
memory below and eventually causes a CPU reset or a hang. without this
fix the early printk facility in 2.6 is also rather useless.
diff -Nurp linux-2.4.33/arch/i386/kernel/head.S linux-2.4.33-early-
inthandler/arch/i386/kernel/head.S
--- linux-2.4.33/arch/i386/kernel/head.S 2003-11-28 19:26:19.000000000 +0100
+++ linux-2.4.33-early-inthandler/arch/i386/kernel/head.S 2006-08-29
14:19:55.000000000 +0200
@@ -325,27 +325,21 @@ ENTRY(stack_start)
/* This is the default interrupt "handler" :-) */
int_msg:
- .asciz "Unknown interrupt\n"
+ .asciz "Unknown interrupt, stack: %p %p %p %p\n"
ALIGN
ignore_int:
cld
- pushl %eax
- pushl %ecx
- pushl %edx
- pushl %es
- pushl %ds
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
+ pushl 12(%esp)
+ pushl 12(%esp)
+ pushl 12(%esp)
+ pushl 12(%esp)
pushl $int_msg
call SYMBOL_NAME(printk)
- popl %eax
- popl %ds
- popl %es
- popl %edx
- popl %ecx
- popl %eax
- iret
+1: hlt
+ jmp 1b
/*
* The interrupt descriptor table has room for 256 idt's,
Willy Tarreau <[email protected]> writes:
> Hi,
>
> PaX Team has sent me this patch for inclusion. Basically, during early
> boot on x86, the exception handler does not make a special case for
> exceptions which push an error code onto the stack, leading to a return
> to a wrong address. Two patches were proposed, one which would add a
> special case for all exceptions using the return code, and this one. The
> former was of no use in its form because the return from the exception
> handler would get back to the faulting exception, causing it to loop.
>
> This one should be better as it effectively hangs the system using HLT
> to prevent CPU from burning.
Looks good.
[I'm glad this particular ward in x86 was fixed in x86-64 ...]
>
> If nobody has any objections, I will merge it. In this case, I would also
> like someone to check if 2.6 needs it and to port it in this case.
I don't think you should merge anything like this before 2.6 does. Otherwise
we just end up with the mad situation again that an old release has
more bugs fixed or more features than the new release.
-Andi
On Wed, Aug 30, 2006 at 11:51:39AM +0200, Andi Kleen wrote:
> Willy Tarreau <[email protected]> writes:
>
> > Hi,
> >
> > PaX Team has sent me this patch for inclusion. Basically, during early
> > boot on x86, the exception handler does not make a special case for
> > exceptions which push an error code onto the stack, leading to a return
> > to a wrong address. Two patches were proposed, one which would add a
> > special case for all exceptions using the return code, and this one. The
> > former was of no use in its form because the return from the exception
> > handler would get back to the faulting exception, causing it to loop.
> >
> > This one should be better as it effectively hangs the system using HLT
> > to prevent CPU from burning.
>
> Looks good.
>
> [I'm glad this particular ward in x86 was fixed in x86-64 ...]
good.
> > If nobody has any objections, I will merge it. In this case, I would also
> > like someone to check if 2.6 needs it and to port it in this case.
>
> I don't think you should merge anything like this before 2.6 does. Otherwise
> we just end up with the mad situation again that an old release has
> more bugs fixed or more features than the new release.
Unfortunately, this situation is even more difficult for me, because it's
getting very hard to track patches that get applied, rejected, modified or
obsoleted, which is even more true when people don't always think about
sending an ACK after the patch finally gets in. I already have a few pending
patches in my queue waiting for an ACK that will have to be tracked if the
persons do not respond, say, within one week. Otherwise I might simply lose
them.
I think that the good method would be to :
- announce the patch
- find a volunteer to port it
- apply it once the volunteer agrees to handle it
This way, no code gets lost because there's always someone to track it.
> -Andi
Regards,
Willy
> Unfortunately, this situation is even more difficult for me, because it's
> getting very hard to track patches that get applied, rejected, modified or
> obsoleted, which is even more true when people don't always think about
> sending an ACK after the patch finally gets in. I already have a few pending
> patches in my queue waiting for an ACK that will have to be tracked if the
> persons do not respond, say, within one week. Otherwise I might simply lose
> them.
It shouldn't be that hard to check gitweb or git output occasionally
for the patches. You can probably even automate that.
> I think that the good method would be to :
> - announce the patch
> - find a volunteer to port it
> - apply it once the volunteer agrees to handle it
> This way, no code gets lost because there's always someone to track it.
I can put that one into my tree for .19
-Andi
On Wed, Aug 30, 2006 at 02:59:14PM +0200, Andi Kleen wrote:
>
> > Unfortunately, this situation is even more difficult for me, because it's
> > getting very hard to track patches that get applied, rejected, modified or
> > obsoleted, which is even more true when people don't always think about
> > sending an ACK after the patch finally gets in. I already have a few pending
> > patches in my queue waiting for an ACK that will have to be tracked if the
> > persons do not respond, say, within one week. Otherwise I might simply lose
> > them.
>
> It shouldn't be that hard to check gitweb or git output occasionally
> for the patches. You can probably even automate that.
That's already what I'm doing, and yes, it is *that* hard. We're literally
speaking about *thousands* of patches. It's as difficult to find one patch
within 2.6 git changes as it is to find a useful mail in the middle of 99%
spam. This is not because of GIT but because of the number of changes.
> > I think that the good method would be to :
> > - announce the patch
> > - find a volunteer to port it
> > - apply it once the volunteer agrees to handle it
> > This way, no code gets lost because there's always someone to track it.
>
> I can put that one into my tree for .19
Thanks for this andi,
Willy
On Wed, 30 Aug 2006 15:16:12 +0200
Willy Tarreau <[email protected]> wrote:
> That's already what I'm doing, and yes, it is *that* hard. We're literally
> speaking about *thousands* of patches. It's as difficult to find one patch
> within 2.6 git changes as it is to find a useful mail in the middle of 99%
> spam. This is not because of GIT but because of the number of changes.
Willy,
The git-cherry command might be useful for you in this situation. It will
show you all the patches in one branch that have been merged in an upstream
branch, and those that haven't. Not sure if it's perfect for your situation,
but may be worth a look.
Sean
On Wed, Aug 30, 2006 at 10:00:15AM -0400, Sean wrote:
> On Wed, 30 Aug 2006 15:16:12 +0200
> Willy Tarreau <[email protected]> wrote:
>
> > That's already what I'm doing, and yes, it is *that* hard. We're literally
> > speaking about *thousands* of patches. It's as difficult to find one patch
> > within 2.6 git changes as it is to find a useful mail in the middle of 99%
> > spam. This is not because of GIT but because of the number of changes.
>
> Willy,
>
> The git-cherry command might be useful for you in this situation. It will
> show you all the patches in one branch that have been merged in an upstream
> branch, and those that haven't. Not sure if it's perfect for your situation,
> but may be worth a look.
I've already used it (it's what I was using when to maintain the 2.4-hf
tree in parallel to Marcelo's mainline). But it's useful when you have
*a few* patches. I'm really speaking about *thousands* of patches that
get merged into 2.6 every few months and this is what makes the job difficult.
Not to mention that they also get merged in 2.6-mm in advance, or that
sometimes they are obsoleted and/or replaced by something else.
Clearly, I'm not going to track all 2.6 patch by patch to maintain 2.4 !
The most scalable workflow is distributed, and should be oriented towards
push and not pull. We just have to ensure that *someone* takes care of
each patch and tracks it up to its merge.
> Sean
Cheers,
Willy
On Wednesday 30 August 2006 18:25, [email protected] wrote:
> On 30 Aug 2006 at 14:59, Andi Kleen wrote:
> > > I think that the good method would be to :
> > > - announce the patch
> > > - find a volunteer to port it
> > > - apply it once the volunteer agrees to handle it
> > > This way, no code gets lost because there's always someone to track it.
> >
> > I can put that one into my tree for .19
>
> here's my quick attempt:
It would be better to separate exceptions from interrupts here.
A spurious interrupt is not necessarily fatal, just an exception is.
But I went with the simpler patch with some changes now
(added PANIC to the message etc.)
>
> --- linux-2.6.18-rc5/arch/i386/kernel/head.S 2006-08-28 11:37:31.000000000
> +0200
> +++ linux-2.6.18-rc5-fix/arch/i386/kernel/head.S 2006-08-30
> 18:22:15.000000000 +0200
> @@ -382,34 +382,25 @@ rp_sidt:
> /* This is the default interrupt "handler" :-) */
> ALIGN
> ignore_int:
> - cld
> #ifdef CONFIG_PRINTK
> - pushl %eax
> - pushl %ecx
> - pushl %edx
> - pushl %es
> - pushl %ds
> + cld
> movl $(__KERNEL_DS),%eax
> movl %eax,%ds
> movl %eax,%es
> - pushl 16(%esp)
> - pushl 24(%esp)
> - pushl 32(%esp)
> - pushl 40(%esp)
> + pushl 12(%esp)
> + pushl 12(%esp)
> + pushl 12(%esp)
> + pushl 12(%esp)
> pushl $int_msg
> #ifdef CONFIG_EARLY_PRINTK
> call early_printk
> #else
> call printk
> #endif
> - addl $(5*4),%esp
> - popl %ds
> - popl %es
> - popl %edx
> - popl %ecx
> - popl %eax
> #endif
> - iret
> +1: hlt
This is wrong because i386 still supports some CPUs that don't support
HLT.
-Andi