On Tue, May 26, 2020 at 12:55:02PM -0400, Joe Korty wrote:
> On Tue, May 26, 2020 at 06:44:49PM +0200, Sebastian Andrzej Siewior wrote:
> > On 2020-05-20 17:33:25 [+0200], John Ogness wrote:
> > > On 2020-05-20, Joe Korty <joe.korty@xxxxxxxxxxxxxxxxx> wrote:
> > > > [5.4-rt] kdb: push 'bt' command output to console immediately.
> > > >
> > > > The rt patch for 5.4 and 5.2 broke kdb slightly. The kdb
> > > > 'bt' command now prints a single line then returns to the
> > > > kdb prompt. There is no stack trace being shown.
> > > ...
> > > >
> > > > I have attached a small patch that Seems To Work. It
> > > > taps earlier into printk than the official tap does.
> > >
> > > On LKML a similar patch was recently posted[0]. It would probably be
> > > better to follow that (patching vprintk_func and using
> > > KDB_MSGSRC_PRINTK).
> >
> > Should I do here anything?
>
> Hi John,
> Probably not.
>
> Since the bug is in mainline, not rt, ideally rt should
> just wait for the fix you so graciously found for me to
> enter mainline and propagate down to the various stable
> trees.
...
Hi Sebastian,
Oops, my mistake .. the bug is in rt, not mainline. The
status of the long-term rt's w.r.t. this patch is:
5.6-rt -- already has fix
5.4-rt -- needs fix
4.19-rt -- needs fix
4.14-rt -- needs fix
4.9-rt -- needs fix
4.4-rt -- needs fix
For your convenience, I've attached the needed patch.
Regards,
Joe
> From: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
> To: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
> Cc: linux-rt@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx,
> Daniel Wagner <wagi@xxxxxxxxx>,
> Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
>Subject: [PATCH RT] signal: Prevent double-free of user struct
>Date: Tue, 7 Apr 2020 10:54:13 +0100
The way user struct reference counting works changed significantly with,
fda31c50292a ("signal: avoid double atomic counter increments for user accounting")
Now user structs are only freed once the last pending signal is
dequeued. Make sigqueue_free_current() follow this new convention to
avoid freeing the user struct multiple times and triggering this
warning:
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 6794 at lib/refcount.c:288 refcount_dec_not_one+0x45/0x50
Call Trace:
refcount_dec_and_lock_irqsave+0x16/0x60
free_uid+0x31/0xa0
? schedule_hrtimeout_range_clock+0x104/0x110
__dequeue_signal+0x17c/0x190
dequeue_signal+0x5a/0x1b0
do_sigtimedwait+0x208/0x250
__x64_sys_rt_sigtimedwait+0x6f/0xd0
do_syscall_64+0x72/0x200
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
Reported-by: Daniel Wagner <wagi@xxxxxxxxx>
Index: b/kernel/signal.c
===================================================================
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -494,8 +494,8 @@ static void sigqueue_free_current(struct
up = q->user;
if (rt_prio(current->normal_prio) && !put_task_cache(current, q)) {
- atomic_dec(&up->sigpending);
- free_uid(up);
+ if (atomic_dec_and_test(&up->sigpending))
+ free_uid(up);
} else
__sigqueue_free(q);
}
