On 3/27/23 12:36?AM, Nicholas Piggin wrote: > On Mon Mar 27, 2023 at 8:15 AM AEST, Jens Axboe wrote: >> Powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which >> from my (arguably very short) checking is not commonly done for other >> archs. This is fine, except when PF_IO_WORKER's have been created and >> the task does something that causes a coredump to be generated. Then we >> get this crash: > > Hey Jens, > > Thanks for the testing and the patch. > > I think your patch would work, but I'd be inclined to give the IO worker > a pt_regs so it looks more like other archs and a regular user thread.
Yep I think that'd be a better idea. No better way to get a good patch than to send out a bad one :-) > Your IO worker bug reminded me to resurrect some copy_thread patches I > had and I think they should do that > > https://lists.ozlabs.org/pipermail/linuxppc-dev/2023-March/256271.html > > I wouldn't ask you to test it until I've at least tried, do you have a > test case that triggers this? I can test them pretty easily. I did write a test case that is 100% reliable for me, attached. Just do: $ gcc -Wall -o ppc-crash ppc-crash.c -luring $ ulimit -c10000000 $ ./ppc-crash and it'll bomb while trying to write that coredump. -- Jens Axboe
#include <stdio.h> #include <fcntl.h> #include <unistd.h> #include <liburing.h> int main(int argc, char *argv[]) { struct io_uring_sqe *sqe; struct io_uring ring; unsigned long *ptr = NULL; char buf[16384]; char fname[32]; int fd[4]; int i; for (i = 0; i < 4; i++) { sprintf(fname, "/dev/shm/test.%d", i); fd[i] = open(fname, O_RDWR | O_CREAT, 0644); if (fd[i] < 0) { perror("open"); return 1; } } io_uring_queue_init(32, &ring, 0); for (i = 0; i < 32; i++) { unsigned long off = 16384 * (i / 4); int index = i & 3; sqe = io_uring_get_sqe(&ring); io_uring_prep_write(sqe, fd[index], buf, sizeof(buf), off); } io_uring_submit(&ring); usleep(1000); *ptr = 0x1234; }