Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp293989yba; Wed, 3 Apr 2019 08:51:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqyQysT5rzh9qgj3JqpB0OobFnhbPZsjQ2uIZlaewp6slaEXaysAI6qxaLmDF4xnOnV1gxyo X-Received: by 2002:a17:902:2:: with SMTP id 2mr670315pla.61.1554306714895; Wed, 03 Apr 2019 08:51:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554306714; cv=none; d=google.com; s=arc-20160816; b=vJre9udrsJz4C+S94kf0yGpcvKvQlF9trVN9HxGc/sl+W3ZpD03pdOs1kjJEkWXBMx rD2Emvi6+G5xY4583z0UKfH49bW01nBD3Coj5Ks1eEY19U9lQDfxKUuQ/jf9bfc2hFzr XeONcy2dpK/X3RrQ4SAzoG6wrWz/fNz2IVdQ4H/Prke+EZQHAzhBG39B7NCsgElAmJcY DRAHudyo/nnLEvuetdgUpTDYCLxxm6ev6HJ7nl8w/7YlUD0RvXPGId26ErfBOsytWSzp FK4R/+Guc4lbpKDZgtgTY7ZvBZt1gIJD3QHcRYhrO/bGTxdS/aG+5AYeOhS34topHHDG 7jOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=KWI4fJHQL2QSz4sr4kwSNmGWDSRU8k+31D007QAJkzM=; b=DuBVuygPprM6ss1ol1YuW1J1BH3WkFUFTEexXUGfFlXKtJFFTNRimL2Hh8FmASsxxb NpXeMNzh2xIi+m/YX96JTjkmDE3F88jAptJONAoE8RPyv6guWnkL0YwSJFFFs0QvSNmP 9pXXY4g+ZrM/o53I9TPAFujLjDZnFd64dv4wvtJHrTD8Q6l38Nrb02E1KvJrrXXO8EZS tapqWosuvlZs9ymPArTAsvYwyakC3GFmEkhrZQ5O+mHvtUp/jwqorrHEnMTtiC1hU+ra j2MiTncFEVKau9+PeuNn1e/w+nnWZ4S+Ah4/CtFonVArgiAoLOpvMADD1rlaMewhn3zm /1IA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h26si14423504pgl.21.2019.04.03.08.51.39; Wed, 03 Apr 2019 08:51:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727097AbfDCPtO (ORCPT + 99 others); Wed, 3 Apr 2019 11:49:14 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:43510 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726183AbfDCPtL (ORCPT ); Wed, 3 Apr 2019 11:49:11 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AFD1380D; Wed, 3 Apr 2019 08:49:10 -0700 (PDT) Received: from fuggles.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F1BC33F68F; Wed, 3 Apr 2019 08:49:04 -0700 (PDT) Date: Wed, 3 Apr 2019 16:49:02 +0100 From: Will Deacon To: Jens Axboe Cc: Michael Ellerman , Arnd Bergmann , Andrew Morton , Richard Henderson , Ivan Kokshaysky , Matt Turner , Russell King , Catalin Marinas , Tony Luck , Fenghua Yu , Geert Uytterhoeven , Michal Simek , Ralf Baechle , Paul Burton , James Hogan , "James E . J . Bottomley" , Helge Deller , Benjamin Herrenschmidt , Paul Mackerras , Martin Schwidefsky , Heiko Carstens , Rich Felker , "David S . Miller" , Max Filippov , Firoz Khan , linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org Subject: Re: [PATCH 2/2] arch: add pidfd and io_uring syscalls everywhere Message-ID: <20190403154902.GB16866@fuggles.cambridge.arm.com> References: <20190325143521.34928-1-arnd@arndb.de> <20190325144737.703921-1-arnd@arndb.de> <87tvff24a1.fsf@concordia.ellerman.id.au> <20190403111134.GA7159@fuggles.cambridge.arm.com> <9d673dfd-0051-3676-653e-6376430d73dd@kernel.dk> <20190403151932.GA16866@fuggles.cambridge.arm.com> <032faa2f-6317-75b6-8514-076ef1a244e8@kernel.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <032faa2f-6317-75b6-8514-076ef1a244e8@kernel.dk> User-Agent: Mutt/1.11.1+86 (6f28e57d73f2) () Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 03, 2019 at 09:39:52AM -0600, Jens Axboe wrote: > On 4/3/19 9:19 AM, Will Deacon wrote: > > On Wed, Apr 03, 2019 at 07:49:26AM -0600, Jens Axboe wrote: > >> On 4/3/19 5:11 AM, Will Deacon wrote: > >>> will@autoplooker:~/liburing/test$ ./io_uring_register > >>> RELIMIT_MEMLOCK: 67108864 (67108864) > >>> [ 35.477875] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 > >>> [ 35.478969] Mem abort info: > >>> [ 35.479296] ESR = 0x96000004 > >>> [ 35.479785] Exception class = DABT (current EL), IL = 32 bits > >>> [ 35.480528] SET = 0, FnV = 0 > >>> [ 35.480980] EA = 0, S1PTW = 0 > >>> [ 35.481345] Data abort info: > >>> [ 35.481680] ISV = 0, ISS = 0x00000004 > >>> [ 35.482267] CM = 0, WnR = 0 > >>> [ 35.482618] user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____) > >>> [ 35.483486] [0000000000000070] pgd=0000000000000000 > >>> [ 35.484041] Internal error: Oops: 96000004 [#1] PREEMPT SMP > >>> [ 35.484788] Modules linked in: > >>> [ 35.485311] CPU: 113 PID: 3973 Comm: io_uring_regist Not tainted 5.1.0-rc3-00012-g40b114779944 #1 > >>> [ 35.486712] Hardware name: linux,dummy-virt (DT) > >>> [ 35.487450] pstate: 20400005 (nzCv daif +PAN -UAO) > >>> [ 35.488228] pc : link_pwq+0x10/0x60 > >>> [ 35.488794] lr : apply_wqattrs_commit+0xe0/0x118 > >>> [ 35.489550] sp : ffff000017e2bbc0 > >> > >> Huh, this looks odd, it's crashing inside the wq setup. > > > > Enabling KASAN seems to indicate a double-free, which may well be related. > > Does this help? Yes, thanks for the quick patch. Feel free to add: Reported-by: Will Deacon Tested-by: Will Deacon if you spin a proper patch. Will > diff --git a/fs/io_uring.c b/fs/io_uring.c > index bbdbd56cf2ac..07d6ef195d05 100644 > --- a/fs/io_uring.c > +++ b/fs/io_uring.c > @@ -2215,6 +2215,7 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg, > fput(ctx->user_files[i]); > > kfree(ctx->user_files); > + ctx->user_files = NULL; > ctx->nr_user_files = 0; > return ret; > } > > -- > Jens Axboe >