On 3/27/23 12:36?AM, Nicholas Piggin wrote:
> On Mon Mar 27, 2023 at 8:15 AM AEST, Jens Axboe wrote:
>> Powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which
>> from my (arguably very short) checking is not commonly done for other
>> archs. This is fine, except when PF_IO_WORKER's have been created and
>> the task does something that causes a coredump to be generated. Then we
>> get this crash:
>
> Hey Jens,
>
> Thanks for the testing and the patch.
>
> I think your patch would work, but I'd be inclined to give the IO worker
> a pt_regs so it looks more like other archs and a regular user thread.
Yep I think that'd be a better idea. No better way to get a good patch
than to send out a bad one :-)
> Your IO worker bug reminded me to resurrect some copy_thread patches I
> had and I think they should do that
>
> https://lists.ozlabs.org/pipermail/linuxppc-dev/2023-March/256271.html
>
> I wouldn't ask you to test it until I've at least tried, do you have a
> test case that triggers this?
I can test them pretty easily. I did write a test case that is 100%
reliable for me, attached. Just do:
$ gcc -Wall -o ppc-crash ppc-crash.c -luring
$ ulimit -c10000000
$ ./ppc-crash
and it'll bomb while trying to write that coredump.
--
Jens Axboe
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <liburing.h>
int main(int argc, char *argv[])
{
struct io_uring_sqe *sqe;
struct io_uring ring;
unsigned long *ptr = NULL;
char buf[16384];
char fname[32];
int fd[4];
int i;
for (i = 0; i < 4; i++) {
sprintf(fname, "/dev/shm/test.%d", i);
fd[i] = open(fname, O_RDWR | O_CREAT, 0644);
if (fd[i] < 0) {
perror("open");
return 1;
}
}
io_uring_queue_init(32, &ring, 0);
for (i = 0; i < 32; i++) {
unsigned long off = 16384 * (i / 4);
int index = i & 3;
sqe = io_uring_get_sqe(&ring);
io_uring_prep_write(sqe, fd[index], buf, sizeof(buf), off);
}
io_uring_submit(&ring);
usleep(1000);
*ptr = 0x1234;
}
