2021-02-22 11:00:47

by Zheng Yejian

[permalink] [raw]
Subject: [PATCH 4.9.257 0/1] Bugfix for 781691c797de ("futex: Avoid violating the 10th rule of futex")

This patch may fix the following bug:

Link:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/kernel/futex.c?h=linux-4.9.y&id=282aeb477a10d09cc5c4d73c54bb996964723f96

> static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
> struct task_struct *argowner)
> {
> struct futex_pi_state *pi_state = q->pi_state;
> struct task_struct *oldowner, *newowner;
> u32 uval, curval, newval, newtid;
> int err = 0;
>
> oldowner = pi_state->owner;
>
> /* Owner died? */
> if (!pi_state->owner)
> newtid |= FUTEX_OWNER_DIED;
Variable "newtid" is used without initialized.

Peter Zijlstra (1):
futex: Fix OWNER_DEAD fixup

kernel/futex.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

--
2.25.4


2021-02-22 11:03:09

by Zheng Yejian

[permalink] [raw]
Subject: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup

From: Peter Zijlstra <[email protected]>

commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.

Both Geert and DaveJ reported that the recent futex commit:

c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")

introduced a problem with setting OWNER_DEAD. We set the bit on an
uninitialized variable and then entirely optimize it away as a
dead-store.

Move the setting of the bit to where it is more useful.

Reported-by: Geert Uytterhoeven <[email protected]>
Reported-by: Dave Jones <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Paul E. McKenney <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Zheng Yejian <[email protected]>
---
kernel/futex.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index 83db5787c67e..7cb2baa9446a 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2283,10 +2283,6 @@ static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,

oldowner = pi_state->owner;

- /* Owner died? */
- if (!pi_state->owner)
- newtid |= FUTEX_OWNER_DIED;
-
/*
* We are here because either:
*
@@ -2344,6 +2340,9 @@ static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
}

newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
+ /* Owner died? */
+ if (!pi_state->owner)
+ newtid |= FUTEX_OWNER_DIED;

if (get_futex_value_locked(&uval, uaddr))
goto handle_fault;
--
2.25.4

2021-02-22 11:57:22

by Lee Jones

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup

On Mon, 22 Feb 2021, Zheng Yejian wrote:

> From: Peter Zijlstra <[email protected]>
>
> commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
>
> Both Geert and DaveJ reported that the recent futex commit:
>
> c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>
> introduced a problem with setting OWNER_DEAD. We set the bit on an
> uninitialized variable and then entirely optimize it away as a
> dead-store.
>
> Move the setting of the bit to where it is more useful.
>
> Reported-by: Geert Uytterhoeven <[email protected]>
> Reported-by: Dave Jones <[email protected]>
> Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: Linus Torvalds <[email protected]>
> Cc: Paul E. McKenney <[email protected]>
> Cc: Peter Zijlstra <[email protected]>
> Cc: Thomas Gleixner <[email protected]>
> Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> Link: http://lkml.kernel.org/r/[email protected]
> Signed-off-by: Ingo Molnar <[email protected]>
> Signed-off-by: Zheng Yejian <[email protected]>
> ---
> kernel/futex.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)

Reviewed-by: Lee Jones <[email protected]>

--
Lee Jones [李琼斯]
Senior Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog

2021-02-22 12:10:12

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup

On Mon, Feb 22, 2021 at 11:54:24AM +0000, Lee Jones wrote:
> On Mon, 22 Feb 2021, Zheng Yejian wrote:
>
> > From: Peter Zijlstra <[email protected]>
> >
> > commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
> >
> > Both Geert and DaveJ reported that the recent futex commit:
> >
> > c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> >
> > introduced a problem with setting OWNER_DEAD. We set the bit on an
> > uninitialized variable and then entirely optimize it away as a
> > dead-store.
> >
> > Move the setting of the bit to where it is more useful.
> >
> > Reported-by: Geert Uytterhoeven <[email protected]>
> > Reported-by: Dave Jones <[email protected]>
> > Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
> > Cc: Andrew Morton <[email protected]>
> > Cc: Linus Torvalds <[email protected]>
> > Cc: Paul E. McKenney <[email protected]>
> > Cc: Peter Zijlstra <[email protected]>
> > Cc: Thomas Gleixner <[email protected]>
> > Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> > Link: http://lkml.kernel.org/r/[email protected]
> > Signed-off-by: Ingo Molnar <[email protected]>
> > Signed-off-by: Zheng Yejian <[email protected]>
> > ---
> > kernel/futex.c | 7 +++----
> > 1 file changed, 3 insertions(+), 4 deletions(-)
>
> Reviewed-by: Lee Jones <[email protected]>

This does not apply to the 4.9.y tree at all right now, are you all sure
you got the backport correct?

confused,

greg k-h

2021-02-22 12:58:27

by Zheng Yejian

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup



On 2021/2/22 20:07, Greg KH wrote:
> On Mon, Feb 22, 2021 at 11:54:24AM +0000, Lee Jones wrote:
>> On Mon, 22 Feb 2021, Zheng Yejian wrote:
>>
>>> From: Peter Zijlstra <[email protected]>
>>>
>>> commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
>>>
>>> Both Geert and DaveJ reported that the recent futex commit:
>>>
>>> c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>>>
>>> introduced a problem with setting OWNER_DEAD. We set the bit on an
>>> uninitialized variable and then entirely optimize it away as a
>>> dead-store.
>>>
>>> Move the setting of the bit to where it is more useful.
>>>
>>> Reported-by: Geert Uytterhoeven <[email protected]>
>>> Reported-by: Dave Jones <[email protected]>
>>> Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
>>> Cc: Andrew Morton <[email protected]>
>>> Cc: Linus Torvalds <[email protected]>
>>> Cc: Paul E. McKenney <[email protected]>
>>> Cc: Peter Zijlstra <[email protected]>
>>> Cc: Thomas Gleixner <[email protected]>
>>> Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>>> Link: http://lkml.kernel.org/r/[email protected]
>>> Signed-off-by: Ingo Molnar <[email protected]>
>>> Signed-off-by: Zheng Yejian <[email protected]>
>>> ---
>>> kernel/futex.c | 7 +++----
>>> 1 file changed, 3 insertions(+), 4 deletions(-)
>>
>> Reviewed-by: Lee Jones <[email protected]>
>
> This does not apply to the 4.9.y tree at all right now, are you all sure
> you got the backport correct?
>
> confused,
>
> greg k-h
> .
>
I make the patch basing on 282aeb477a10 ("Linux 4.9.257").
Should I base on f0cf73f13b39 ("Linux 4.9.258-rc1")?

2021-02-22 13:02:27

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup

On Mon, Feb 22, 2021 at 08:20:38PM +0800, Zhengyejian (Zetta) wrote:
>
>
> On 2021/2/22 20:07, Greg KH wrote:
> > On Mon, Feb 22, 2021 at 11:54:24AM +0000, Lee Jones wrote:
> > > On Mon, 22 Feb 2021, Zheng Yejian wrote:
> > >
> > > > From: Peter Zijlstra <[email protected]>
> > > >
> > > > commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
> > > >
> > > > Both Geert and DaveJ reported that the recent futex commit:
> > > >
> > > > c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> > > >
> > > > introduced a problem with setting OWNER_DEAD. We set the bit on an
> > > > uninitialized variable and then entirely optimize it away as a
> > > > dead-store.
> > > >
> > > > Move the setting of the bit to where it is more useful.
> > > >
> > > > Reported-by: Geert Uytterhoeven <[email protected]>
> > > > Reported-by: Dave Jones <[email protected]>
> > > > Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
> > > > Cc: Andrew Morton <[email protected]>
> > > > Cc: Linus Torvalds <[email protected]>
> > > > Cc: Paul E. McKenney <[email protected]>
> > > > Cc: Peter Zijlstra <[email protected]>
> > > > Cc: Thomas Gleixner <[email protected]>
> > > > Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> > > > Link: http://lkml.kernel.org/r/[email protected]
> > > > Signed-off-by: Ingo Molnar <[email protected]>
> > > > Signed-off-by: Zheng Yejian <[email protected]>
> > > > ---
> > > > kernel/futex.c | 7 +++----
> > > > 1 file changed, 3 insertions(+), 4 deletions(-)
> > >
> > > Reviewed-by: Lee Jones <[email protected]>
> >
> > This does not apply to the 4.9.y tree at all right now, are you all sure
> > you got the backport correct?
> >
> > confused,
> >
> > greg k-h
> > .
> >
> I make the patch basing on 282aeb477a10 ("Linux 4.9.257").
> Should I base on f0cf73f13b39 ("Linux 4.9.258-rc1")?

Yes please as I think this is already there.

How about just waiting for the next release to come out, I will push out
the 4.4 and 4.9 -rc releases right now as well to give everyone a chance
to sync up properly.

thanks,

greg k-h

2021-02-22 14:07:36

by Zheng Yejian

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup



On 2021/2/22 20:36, Greg KH wrote:
> On Mon, Feb 22, 2021 at 08:20:38PM +0800, Zhengyejian (Zetta) wrote:
>>
>>
>> On 2021/2/22 20:07, Greg KH wrote:
>>> On Mon, Feb 22, 2021 at 11:54:24AM +0000, Lee Jones wrote:
>>>> On Mon, 22 Feb 2021, Zheng Yejian wrote:
>>>>
>>>>> From: Peter Zijlstra <[email protected]>
>>>>>
>>>>> commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
>>>>>
>>>>> Both Geert and DaveJ reported that the recent futex commit:
>>>>>
>>>>> c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>>>>>
>>>>> introduced a problem with setting OWNER_DEAD. We set the bit on an
>>>>> uninitialized variable and then entirely optimize it away as a
>>>>> dead-store.
>>>>>
>>>>> Move the setting of the bit to where it is more useful.
>>>>>
>>>>> Reported-by: Geert Uytterhoeven <[email protected]>
>>>>> Reported-by: Dave Jones <[email protected]>
>>>>> Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
>>>>> Cc: Andrew Morton <[email protected]>
>>>>> Cc: Linus Torvalds <[email protected]>
>>>>> Cc: Paul E. McKenney <[email protected]>
>>>>> Cc: Peter Zijlstra <[email protected]>
>>>>> Cc: Thomas Gleixner <[email protected]>
>>>>> Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>>>>> Link: http://lkml.kernel.org/r/[email protected]
>>>>> Signed-off-by: Ingo Molnar <[email protected]>
>>>>> Signed-off-by: Zheng Yejian <[email protected]>
>>>>> ---
>>>>> kernel/futex.c | 7 +++----
>>>>> 1 file changed, 3 insertions(+), 4 deletions(-)
>>>>
>>>> Reviewed-by: Lee Jones <[email protected]>
>>>
>>> This does not apply to the 4.9.y tree at all right now, are you all sure
>>> you got the backport correct?
>>>
>>> confused,
>>>
>>> greg k-h
>>> .
>>>
>> I make the patch basing on 282aeb477a10 ("Linux 4.9.257").
>> Should I base on f0cf73f13b39 ("Linux 4.9.258-rc1")?
>
> Yes please as I think this is already there.
>
> How about just waiting for the next release to come out, I will push out
> the 4.4 and 4.9 -rc releases right now as well to give everyone a chance
> to sync up properly.
Ok, I will rebase this patch then.
Thanks for your suggestion.

>
> thanks,
>
> greg k-h
> .
>

2021-02-23 14:27:39

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup

On Mon, Feb 22, 2021 at 09:11:43PM +0800, Zhengyejian (Zetta) wrote:
>
>
> On 2021/2/22 20:36, Greg KH wrote:
> > On Mon, Feb 22, 2021 at 08:20:38PM +0800, Zhengyejian (Zetta) wrote:
> > >
> > >
> > > On 2021/2/22 20:07, Greg KH wrote:
> > > > On Mon, Feb 22, 2021 at 11:54:24AM +0000, Lee Jones wrote:
> > > > > On Mon, 22 Feb 2021, Zheng Yejian wrote:
> > > > >
> > > > > > From: Peter Zijlstra <[email protected]>
> > > > > >
> > > > > > commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
> > > > > >
> > > > > > Both Geert and DaveJ reported that the recent futex commit:
> > > > > >
> > > > > > c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> > > > > >
> > > > > > introduced a problem with setting OWNER_DEAD. We set the bit on an
> > > > > > uninitialized variable and then entirely optimize it away as a
> > > > > > dead-store.
> > > > > >
> > > > > > Move the setting of the bit to where it is more useful.
> > > > > >
> > > > > > Reported-by: Geert Uytterhoeven <[email protected]>
> > > > > > Reported-by: Dave Jones <[email protected]>
> > > > > > Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
> > > > > > Cc: Andrew Morton <[email protected]>
> > > > > > Cc: Linus Torvalds <[email protected]>
> > > > > > Cc: Paul E. McKenney <[email protected]>
> > > > > > Cc: Peter Zijlstra <[email protected]>
> > > > > > Cc: Thomas Gleixner <[email protected]>
> > > > > > Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
> > > > > > Link: http://lkml.kernel.org/r/[email protected]
> > > > > > Signed-off-by: Ingo Molnar <[email protected]>
> > > > > > Signed-off-by: Zheng Yejian <[email protected]>
> > > > > > ---
> > > > > > kernel/futex.c | 7 +++----
> > > > > > 1 file changed, 3 insertions(+), 4 deletions(-)
> > > > >
> > > > > Reviewed-by: Lee Jones <[email protected]>
> > > >
> > > > This does not apply to the 4.9.y tree at all right now, are you all sure
> > > > you got the backport correct?
> > > >
> > > > confused,
> > > >
> > > > greg k-h
> > > > .
> > > >
> > > I make the patch basing on 282aeb477a10 ("Linux 4.9.257").
> > > Should I base on f0cf73f13b39 ("Linux 4.9.258-rc1")?
> >
> > Yes please as I think this is already there.
> >
> > How about just waiting for the next release to come out, I will push out
> > the 4.4 and 4.9 -rc releases right now as well to give everyone a chance
> > to sync up properly.
> Ok, I will rebase this patch then.

Great, can you try 4.9.258?

thanks,

greg k-h

2021-02-23 14:58:50

by Zheng Yejian

[permalink] [raw]
Subject: Re: [PATCH 4.9.257 1/1] futex: Fix OWNER_DEAD fixup



On 2021/2/23 21:00, Greg KH wrote:
> On Mon, Feb 22, 2021 at 09:11:43PM +0800, Zhengyejian (Zetta) wrote:
>>
>>
>> On 2021/2/22 20:36, Greg KH wrote:
>>> On Mon, Feb 22, 2021 at 08:20:38PM +0800, Zhengyejian (Zetta) wrote:
>>>>
>>>>
>>>> On 2021/2/22 20:07, Greg KH wrote:
>>>>> On Mon, Feb 22, 2021 at 11:54:24AM +0000, Lee Jones wrote:
>>>>>> On Mon, 22 Feb 2021, Zheng Yejian wrote:
>>>>>>
>>>>>>> From: Peter Zijlstra <[email protected]>
>>>>>>>
>>>>>>> commit a97cb0e7b3f4c6297fd857055ae8e895f402f501 upstream.
>>>>>>>
>>>>>>> Both Geert and DaveJ reported that the recent futex commit:
>>>>>>>
>>>>>>> c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>>>>>>>
>>>>>>> introduced a problem with setting OWNER_DEAD. We set the bit on an
>>>>>>> uninitialized variable and then entirely optimize it away as a
>>>>>>> dead-store.
>>>>>>>
>>>>>>> Move the setting of the bit to where it is more useful.
>>>>>>>
>>>>>>> Reported-by: Geert Uytterhoeven <[email protected]>
>>>>>>> Reported-by: Dave Jones <[email protected]>
>>>>>>> Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
>>>>>>> Cc: Andrew Morton <[email protected]>
>>>>>>> Cc: Linus Torvalds <[email protected]>
>>>>>>> Cc: Paul E. McKenney <[email protected]>
>>>>>>> Cc: Peter Zijlstra <[email protected]>
>>>>>>> Cc: Thomas Gleixner <[email protected]>
>>>>>>> Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
>>>>>>> Link: http://lkml.kernel.org/r/[email protected]
>>>>>>> Signed-off-by: Ingo Molnar <[email protected]>
>>>>>>> Signed-off-by: Zheng Yejian <[email protected]>
>>>>>>> ---
>>>>>>> kernel/futex.c | 7 +++----
>>>>>>> 1 file changed, 3 insertions(+), 4 deletions(-)
>>>>>>
>>>>>> Reviewed-by: Lee Jones <[email protected]>
>>>>>
>>>>> This does not apply to the 4.9.y tree at all right now, are you all sure
>>>>> you got the backport correct?
>>>>>
>>>>> confused,
>>>>>
>>>>> greg k-h
>>>>> .
>>>>>
>>>> I make the patch basing on 282aeb477a10 ("Linux 4.9.257").
>>>> Should I base on f0cf73f13b39 ("Linux 4.9.258-rc1")?
>>>
>>> Yes please as I think this is already there.
>>>
>>> How about just waiting for the next release to come out, I will push out
>>> the 4.4 and 4.9 -rc releases right now as well to give everyone a chance
>>> to sync up properly.
>> Ok, I will rebase this patch then.
>
> Great, can you try 4.9.258?

I'm very glad to.
Rebased patch is ready:

https://lore.kernel.org/lkml/[email protected]/

Zheng Yejian