| To: | Ralf Baechle <ralf@linux-mips.org> |
|---|---|
| Subject: | Re: futex_wake_op deadlock? |
| From: | David Daney <ddaney@avtrex.com> |
| Date: | Tue, 20 Nov 2007 10:29:47 -0800 |
| Cc: | Kaz Kylheku <kaz@zeugmasystems.com>, linux-mips@linux-mips.org |
| In-reply-to: | <20071120112051.GB30675@linux-mips.org> |
| Original-recipient: | rfc822;linux-mips@linux-mips.org |
| References: | <20071119184837.GA12287@linux-mips.org> <DDFD17CC94A9BD49A82147DDF7D545C54DCDE2@exchange.ZeugmaSystems.local> <20071120112051.GB30675@linux-mips.org> |
| Sender: | linux-mips-bounce@linux-mips.org |
| User-agent: | Thunderbird 1.5.0.12 (X11/20071019) |
Ralf Baechle wrote: Notice the branch at the end of the fixup code, it goes back to the SC instruction. The SC instruction took an exception so it will not have changed $1 so the loop will continue endless unless by coincidence the value to be stored from $1 happened to be zero. Obviously this one was MIPS specific and may hit all supported ABIs. So my initial suspicion this might be the issue David Miller recently discovered in the binary compat code isn't true. And it's a local DoS probably for all of 2.6.16 and up. I mostly similar code is in 2.6.15, so I think it is effected as well. 2.6.12 on the other hand doesn't seem to have futex.h David Daney |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: futex_wake_op deadlock?, Kaz Kylheku |
|---|---|
| Next by Date: | Re: futex_wake_op deadlock?, Ralf Baechle |
| Previous by Thread: | RE: futex_wake_op deadlock?, Kaz Kylheku |
| Next by Thread: | Re: futex_wake_op deadlock?, Ralf Baechle |
| Indexes: | [Date] [Thread] [Top] [All Lists] |