Encountered this bug when using the virt64 config where so3 would suddenly crash when starting a new process.
After some digging, I found that the crash happens when we try to lock a mutex. Basically, whenever the new process would call printf, that causes a mutex lock which in turn tries to lock a spinlock that is misaligned :
In user space:
printf -> vprintf -> FLOCK -> __lockfile -> mutex_lock -> sys_mutex_lock(1)
When we get to kernel space:
do_mutex_lock -> mutex_lock -> spin_lock_irqsave -> spin_trylock
And then so3 would crash:
Taking a look at what ESR 0x96000061 :
We see that the problem is with the alignment of a memory write which must mean the call "stxr %w0, %2, [%1]\n" here:
|
static inline int spin_trylock(spinlock_t *lock) |
|
{ |
|
uint32_t tmp; |
|
|
|
__asm__ __volatile__(" ldaxr %w0, [%1]\n" |
|
" tbnz %w0, #0, 1f\n" |
|
" stxr %w0, %2, [%1]\n" |
|
"1:" |
|
: "=&r"(tmp) |
|
: "r"(&lock->lock), "r"(1) |
|
: "cc"); |
|
|
So after adding a test to check the memory alignment of the spinlock inside the mutex_init function i found this :
So basically, there's a memory misalignment with the new spinlocks created when creating a new process. I stopped investigating here and i'm still not sure why this is happening considering the fact that we're telling the compiler to align the spinlocks:
|
/* |
|
* On Aarch64, the field has to be 64-bit aligned apparently. |
|
*/ |
|
typedef struct { |
|
__attribute__((aligned(8))) volatile uint32_t lock; |
|
} spinlock_t; |
Encountered this bug when using the
virt64config where so3 would suddenly crash when starting a new process.After some digging, I found that the crash happens when we try to lock a
mutex. Basically, whenever the new process would callprintf, that causes a mutex lock which in turn tries to lock a spinlock that is misaligned :In user space:
printf -> vprintf -> FLOCK -> __lockfile -> mutex_lock -> sys_mutex_lock(1)
When we get to kernel space:
do_mutex_lock -> mutex_lock -> spin_lock_irqsave -> spin_trylock
And then so3 would crash:
Taking a look at what ESR
0x96000061:We see that the problem is with the alignment of a memory write which must mean the call
"stxr %w0, %2, [%1]\n"here:so3/so3/arch/arm64/include/asm/spinlock.h
Lines 36 to 47 in 9fd2100
So after adding a test to check the memory alignment of the spinlock inside the
mutex_initfunction i found this :So basically, there's a memory misalignment with the new spinlocks created when creating a new process. I stopped investigating here and i'm still not sure why this is happening considering the fact that we're telling the compiler to align the spinlocks:
so3/so3/include/spinlock.h
Lines 24 to 29 in 9fd2100