linux-mips
[Top] [All Lists]

Re: futex_wake_op deadlock?

To: Ralf Baechle <ralf@linux-mips.org>
Subject: Re: futex_wake_op deadlock?
From: David Daney <ddaney@avtrex.com>
Date: Tue, 20 Nov 2007 10:29:47 -0800
Cc: Kaz Kylheku <kaz@zeugmasystems.com>, linux-mips@linux-mips.org
In-reply-to: <20071120112051.GB30675@linux-mips.org>
Original-recipient: rfc822;linux-mips@linux-mips.org
References: <20071119184837.GA12287@linux-mips.org> <DDFD17CC94A9BD49A82147DDF7D545C54DCDE2@exchange.ZeugmaSystems.local> <20071120112051.GB30675@linux-mips.org>
Sender: linux-mips-bounce@linux-mips.org
User-agent: Thunderbird 1.5.0.12 (X11/20071019)
Ralf Baechle wrote:


Notice the branch at the end of the fixup code, it goes back to the
SC instruction.  The SC instruction took an exception so it will not have
changed $1 so the loop will continue endless unless by coincidence the
value to be stored from $1 happened to be zero.

Obviously this one was MIPS specific and may hit all supported ABIs.  So
my initial suspicion this might be the issue David Miller recently
discovered in the binary compat code isn't true.  And it's a local DoS
probably for all of 2.6.16 and up.


I mostly similar code is in 2.6.15, so I think it is effected as well. 2.6.12 on the other hand doesn't seem to have futex.h

David Daney

<Prev in Thread] Current Thread [Next in Thread>