From: Jeff Dike <jdike@ad...> - 2005-01-12 16:34:46
This patch fixes a long-standing problem in skas mode process creation. Chris
Aker has been seeing it at linode, and found a way of reproducing it. Once
I spotted the bug, I found an easier way:
ping flood the UML from the host while running
while true; do ls > /dev/null; done
In 10-15 seconds, UML will simply exit back to the shell with a segfault,
no panic, no output, no nothing.
When UML sets up the kernel stack for a new process, it sends itself a
SA_ONSTACK signal with the signal stack being the new kernel stack. It
calls setjmp there to set up a context that it can longjmp to when the new
process is run for the first time.
The problem was that, while signals were blocked during this, they were
re-enabled before SA_ONSTACK was disabled. Thus, a signal arriving at the
wrong time, between signals being turned on and SA_ONSTACK being disabled,
would cause the signal to be handled on the stack, destroying the context
that had been set up there.
When the new process ran, it would longjmp to this trashed stack, and UML
The fix is obvious:
--- 2.6.10.orig/arch/um/kernel/skas/process.c 2005-01-12 11:17:22.000000000 -0500
+++ 2.6.10/arch/um/kernel/skas/process.c 2005-01-12 11:18:03.000000000 -0500
@@ -323,9 +323,10 @@
if(sigsetjmp(fork_buf, 1) == 0)
void thread_wait(void *sw, void *fb)
On Wednesday 12 January 2005 19:56, Jeff Dike wrote:
> This patch fixes a long-standing problem in skas mode process creation.
So, probably, unless confirmed otherwise, the problem with CONFIG_KMOD (when
the kernel starts modprobe from a kernel thread) could be due to this bug...
however, I'm not so sure, because IIRC that problem give a verbose error
message (I think even a stack trace).
Paolo Giarrusso, aka Blaisorblade
Linux registered user n. 292729