Re: futex: race in lock and unlock&exit for robust futex with PI?
From: Michal Hocko
Date: Mon Jun 28 2010 - 11:32:26 EST
On Mon 28-06-10 16:42:46, Michal Hocko wrote:
> Hi Darren,
Hmm, I think that I've found the reason. I have used one additional
tracing patch (bellow) and we are getting ESRCH because cread and pcred
don't match:
version = 6
CPU 0 is empty
cpus=2
field->offset = 16 size=4
<...>-22260 [001] 139.669672: bprint: do_futex : futex_lock_pi start
<...>-22260 [001] 139.669678: bprint: do_futex : futex_lock_pi done ret=0
<...>-22281 [001] 139.693690: bprint: do_futex : futex_lock_pi start
<...>-22281 [001] 139.693696: bprint: lookup_pi_state : cred(1004,1004) != pcred(1003,1003)
<...>-22281 [001] 139.693697: bprint: lookup_pi_state : futex_find_get_task failed with -3
<...>-22281 [001] 139.693697: bprint: futex_lock_pi_atomic : lookup_pi_state: -ESRCH for pid=22280
<...>-22281 [001] 139.693698: bprint: futex_lock_pi_atomic : ownerdied not detected, returning -ESRCH
<...>-22281 [001] 139.693698: bprint: futex_lock_pi_atomic : lookup_pi_state: -3
<...>-22281 [001] 139.693699: bprint: futex_lock_pi : returning -ESRCH to userspace
<...>-22281 [001] 139.693700: bprint: do_futex : futex_lock_pi done ret=-3
<...>-22280 [001] 139.694033: bprint: do_futex : futex_unlock_pi start
<...>-22280 [001] 139.694035: bprint: do_futex : futex_unlock_pi: TID->0 transition 2147505928
<...>-22280 [001] 139.694036: bprint: do_futex : futex_unlock_pi: no waiters, unlock the futex ret=0 uval=-2147461368
<...>-22280 [001] 139.694036: bprint: do_futex : futex_unlock_pi done ret=0
<...>-22488 [001] 139.874967: bprint: do_futex : futex_lock_pi start
<...>-22488 [001] 139.874972: bprint: do_futex : futex_lock_pi done ret=0
This would answer why we cannot reproduce with a single user.
Btw. I guess that there is a typo in the condition and it should be
like this:
if (cred->euid != pcred->euid &&
- cred->euid != pcred->uid)
+ cred->uid != pcred->uid)
--