[Bug 218987] [patch][linux] panic in linux_sys_futex() with FUTEX_WAKE_OP
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 1 09:36:44 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218987
Bug ID: 218987
Summary: [patch][linux] panic in linux_sys_futex() with
FUTEX_WAKE_OP
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: luke.tw at gmail.com
Keywords: patch
Created attachment 182207
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182207&action=edit
patch for linux_sys_futex()
In linux compat layer, the syscall futex does not handle FUTEX_WAKE_OP well
when using the same address for arguments uaddr and uaddr2.
The following linux program can result in kernel panic.
#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/mman.h>
#include <sys/syscall.h>
#include <linux/futex.h>
#include <sys/time.h>
static int
futex(int *uaddr, int futex_op, int val,
int val2, int *uaddr2, int val3)
{
return syscall(SYS_futex, uaddr, futex_op, val,
val2, uaddr, val3);
}
int main(void){
int ret;
int addr;
ret = futex(&addr, FUTEX_WAKE_OP, 1, 1, &addr, 2);
printf("ret: %d\n", ret);
}
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list