Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp596325ybk; Fri, 15 May 2020 08:38:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkSDfAMdyR85a0PRNfthoqmACXwr3sEAmWbC1Yw63XHYnTat61pTc1M+SthRoE2pXln8Ka X-Received: by 2002:a17:906:4a8c:: with SMTP id x12mr3098905eju.279.1589557131806; Fri, 15 May 2020 08:38:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589557131; cv=none; d=google.com; s=arc-20160816; b=Pe4UntTpc+QbSSnrC8Fsei1BNqwbHVP1KTCsbLxwlwLlovM0nNekUV556UqTZMGz5i LONVjtHFZtgtgNTn0bXhdMvDgOV8PyVpD9sGPX1iRMaZkd73HFLddWcHDPkzMjDC/AA9 4dcgBUrHZsXTMmkSmjheNiDoIa3y6n9tutN2p13PToZ51cSfR3GzfjXTJen+f+T5EZZG Z/cyDgueEKXrs/sXz1svKZggQIdRbd1ZTyGz5ePDD+AOB7ucQ+dZa/AS97msQYQgZbKs SUL2vXCaMHlY+AQ8fbDZVRGdjpUWJtsgZuunc7WiLedOhPfkXmzwXTF/SFpnHpM46uhZ tAXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:message-id:date:cc:to:from:subject:dkim-signature; bh=6FY4knOleMpXky40W+HxLYfM4E1Bv3vZkreAoWAGMIg=; b=rV1UuNn8ct/TmovYGDgNB3Z9KW1Ur47xUkeWysrax2cx8hIH0QLWONekGCJTd0do3h JtUNQGWkiOtek3LmMEBKDy33R2V9vf7H9a8Nv0wCLw0Q4rbw8GOfrL78bhN+StBFrKMD aytga+uNmfIOoOFP0TBIPEzac7h3y0BnxQu2rLYb0a/3dkkAu2bA5oDzarFKCGgXy9Gq aTHwFMMc8RXsgcleSorEFuU86HLW/W26/O4OnZkIK8AVVdFmOe3AEICMyU1qj1cvob+I RjaBiNEt1hpEzLzBiZYEJtjVl7KY7HnxUi+/LDE6UyUpDANdHNXuadGgcwMPTsP1NHBd MLOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yandex-team.ru header.s=default header.b=Ot7oERu5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex-team.ru Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n4si1503070eje.295.2020.05.15.08.38.28; Fri, 15 May 2020 08:38:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@yandex-team.ru header.s=default header.b=Ot7oERu5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex-team.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726254AbgEOPg5 (ORCPT + 99 others); Fri, 15 May 2020 11:36:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726183AbgEOPg4 (ORCPT ); Fri, 15 May 2020 11:36:56 -0400 Received: from forwardcorp1j.mail.yandex.net (forwardcorp1j.mail.yandex.net [IPv6:2a02:6b8:0:1619::183]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12A97C061A0C for ; Fri, 15 May 2020 08:36:56 -0700 (PDT) Received: from mxbackcorp2j.mail.yandex.net (mxbackcorp2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::119]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id 231D22E14BF; Fri, 15 May 2020 18:36:52 +0300 (MSK) Received: from sas2-32987e004045.qloud-c.yandex.net (sas2-32987e004045.qloud-c.yandex.net [2a02:6b8:c08:b889:0:640:3298:7e00]) by mxbackcorp2j.mail.yandex.net (mxbackcorp/Yandex) with ESMTP id aabq3ATbRs-ampGXsHa; Fri, 15 May 2020 18:36:52 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1589557012; bh=6FY4knOleMpXky40W+HxLYfM4E1Bv3vZkreAoWAGMIg=; h=Message-ID:Date:To:From:Subject:Cc; b=Ot7oERu5ZSm7ZAxFFmwsShAPsbb4nYYg45KcoBQOtFvIJoaVOJgelxbt29bl2pKlP c5+M3xibGZgBBAJT6mFZgDypjrFcNn3W4FOdGYETJYu/T1cmpS1yNPJ/yv1uNjYLQ3 VOjnnK6tZOIjkxuV7APba9/nTEfjGSBDTaVijeoQ= Authentication-Results: mxbackcorp2j.mail.yandex.net; dkim=pass header.i=@yandex-team.ru Received: from dynamic-vpn.dhcp.yndx.net (dynamic-vpn.dhcp.yndx.net [2a02:6b8:b081:8::1:9]) by sas2-32987e004045.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id v3Wo6qoLe5-amWCAVNL; Fri, 15 May 2020 18:36:48 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: [PATCH] futex: send SIGBUS if argument is not aligned on a four-byte boundary From: Konstantin Khlebnikov To: linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Darren Hart Cc: Maxim Samoylov , Linus Torvalds , linux-api@vger.kernel.org Date: Fri, 15 May 2020 18:36:47 +0300 Message-ID: <158955700764.647498.18025770126733698386.stgit@buzz> User-Agent: StGit/0.22-39-gd257 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Userspace implementations of mutexes (including glibc) in some cases retries operation without checking error code from syscall futex. This is good for performance because most errors are impossible when locking code trusts itself. Some errors which could came from outer code are handled automatically, for example invalid address triggers SIGSEGV on atomic fast path. But one case turns into nasty busy-loop: when address is unaligned. futex(FUTEX_WAIT) returns EINVAL immediately and loop goes to retry. Example which loops inside second call rather than hung peacefully: #include #include int main(int argc, char **argv) { char buf[sizeof(pthread_mutex_t) + 1]; pthread_mutex_t *mutex = (pthread_mutex_t *)(buf + 1); pthread_mutex_init(mutex, NULL); pthread_mutex_lock(mutex); pthread_mutex_lock(mutex); } It seems there is no practical usage for calling syscall futex for unaligned address. This may be only bug in user space. Let's help and handle this gracefully without adding extra code on fast path. This patch sends SIGBUS signal to slay task and break busy-loop. Signed-off-by: Konstantin Khlebnikov Reported-by: Maxim Samoylov --- kernel/futex.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/kernel/futex.c b/kernel/futex.c index b59532862bc0..8a6d35fa56bc 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -508,10 +508,21 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, enum futex_a /* * The futex address must be "naturally" aligned. + * Also send signal to break busy-loop if user-space ignore error. + * EFAULT case should trigger SIGSEGV at access from user-space. */ key->both.offset = address % PAGE_SIZE; - if (unlikely((address % sizeof(u32)) != 0)) + if (unlikely((address % sizeof(u32)) != 0)) { + struct kernel_siginfo info; + + clear_siginfo(&info); + info.si_signo = SIGBUS; + info.si_code = BUS_ADRALN; + info.si_addr = uaddr; + force_sig_info(&info); + return -EINVAL; + } address -= key->both.offset; if (unlikely(!access_ok(uaddr, sizeof(u32))))