mirror of
https://gitee.com/bianbu-linux/linux-6.6
synced 2025-04-24 14:07:52 -04:00
modules: Fix module_bug_list list corruption race
With all the recent module loading cleanups, we've minimized the code
that sits under module_mutex, fixing various deadlocks and making it
possible to do most of the module loading in parallel.
However, that whole conversion totally missed the rather obscure code
that adds a new module to the list for BUG() handling. That code was
doubly obscure because (a) the code itself lives in lib/bugs.c (for
dubious reasons) and (b) it gets called from the architecture-specific
"module_finalize()" rather than from generic code.
Calling it from arch-specific code makes no sense what-so-ever to begin
with, and is now actively wrong since that code isn't protected by the
module loading lock any more.
So this commit moves the "module_bug_{finalize,cleanup}()" calls away
from the arch-specific code, and into the generic code - and in the
process protects it with the module_mutex so that the list operations
are now safe.
Future fixups:
- move the module list handling code into kernel/module.c where it
belongs.
- get rid of 'module_bug_list' and just use the regular list of modules
(called 'modules' - imagine that) that we already create and maintain
for other reasons.
Reported-and-tested-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Adrian Bunk <bunk@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Linus Torvalds
parent
2f6b3aa7a5
commit
5336377d62
11 changed files with 14 additions and 26 deletions
|
|
@ -314,10 +314,9 @@ int module_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
|
||||||
vfree(module->arch.syminfo);
|
vfree(module->arch.syminfo);
|
||||||
module->arch.syminfo = NULL;
|
module->arch.syminfo = NULL;
|
||||||
|
|
||||||
return module_bug_finalize(hdr, sechdrs, module);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *module)
|
void module_arch_cleanup(struct module *module)
|
||||||
{
|
{
|
||||||
module_bug_cleanup(module);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -112,10 +112,9 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
const Elf_Shdr *sechdrs,
|
const Elf_Shdr *sechdrs,
|
||||||
struct module *me)
|
struct module *me)
|
||||||
{
|
{
|
||||||
return module_bug_finalize(hdr, sechdrs, me);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
module_bug_cleanup(mod);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -206,7 +206,7 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
const Elf_Shdr *sechdrs,
|
const Elf_Shdr *sechdrs,
|
||||||
struct module *me)
|
struct module *me)
|
||||||
{
|
{
|
||||||
return module_bug_finalize(hdr, sechdrs, me);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -214,5 +214,4 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
*/
|
*/
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
module_bug_cleanup(mod);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -941,11 +941,10 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
nsyms = newptr - (Elf_Sym *)symhdr->sh_addr;
|
nsyms = newptr - (Elf_Sym *)symhdr->sh_addr;
|
||||||
DEBUGP("NEW num_symtab %lu\n", nsyms);
|
DEBUGP("NEW num_symtab %lu\n", nsyms);
|
||||||
symhdr->sh_size = nsyms * sizeof(Elf_Sym);
|
symhdr->sh_size = nsyms * sizeof(Elf_Sym);
|
||||||
return module_bug_finalize(hdr, sechdrs, me);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
deregister_unwind_table(mod);
|
deregister_unwind_table(mod);
|
||||||
module_bug_cleanup(mod);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -65,10 +65,6 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
const Elf_Shdr *sect;
|
const Elf_Shdr *sect;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
err = module_bug_finalize(hdr, sechdrs, me);
|
|
||||||
if (err)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
/* Apply feature fixups */
|
/* Apply feature fixups */
|
||||||
sect = find_section(hdr, sechdrs, "__ftr_fixup");
|
sect = find_section(hdr, sechdrs, "__ftr_fixup");
|
||||||
if (sect != NULL)
|
if (sect != NULL)
|
||||||
|
|
@ -101,5 +97,4 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
module_bug_cleanup(mod);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -407,10 +407,9 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
{
|
{
|
||||||
vfree(me->arch.syminfo);
|
vfree(me->arch.syminfo);
|
||||||
me->arch.syminfo = NULL;
|
me->arch.syminfo = NULL;
|
||||||
return module_bug_finalize(hdr, sechdrs, me);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
module_bug_cleanup(mod);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -149,13 +149,11 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
ret |= module_dwarf_finalize(hdr, sechdrs, me);
|
ret |= module_dwarf_finalize(hdr, sechdrs, me);
|
||||||
ret |= module_bug_finalize(hdr, sechdrs, me);
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
module_bug_cleanup(mod);
|
|
||||||
module_dwarf_cleanup(mod);
|
module_dwarf_cleanup(mod);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -239,11 +239,10 @@ int module_finalize(const Elf_Ehdr *hdr,
|
||||||
apply_paravirt(pseg, pseg + para->sh_size);
|
apply_paravirt(pseg, pseg + para->sh_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
return module_bug_finalize(hdr, sechdrs, me);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_arch_cleanup(struct module *mod)
|
void module_arch_cleanup(struct module *mod)
|
||||||
{
|
{
|
||||||
alternatives_smp_module_del(mod);
|
alternatives_smp_module_del(mod);
|
||||||
module_bug_cleanup(mod);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -686,17 +686,16 @@ extern int module_sysfs_initialized;
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_GENERIC_BUG
|
#ifdef CONFIG_GENERIC_BUG
|
||||||
int module_bug_finalize(const Elf_Ehdr *, const Elf_Shdr *,
|
void module_bug_finalize(const Elf_Ehdr *, const Elf_Shdr *,
|
||||||
struct module *);
|
struct module *);
|
||||||
void module_bug_cleanup(struct module *);
|
void module_bug_cleanup(struct module *);
|
||||||
|
|
||||||
#else /* !CONFIG_GENERIC_BUG */
|
#else /* !CONFIG_GENERIC_BUG */
|
||||||
|
|
||||||
static inline int module_bug_finalize(const Elf_Ehdr *hdr,
|
static inline void module_bug_finalize(const Elf_Ehdr *hdr,
|
||||||
const Elf_Shdr *sechdrs,
|
const Elf_Shdr *sechdrs,
|
||||||
struct module *mod)
|
struct module *mod)
|
||||||
{
|
{
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
static inline void module_bug_cleanup(struct module *mod) {}
|
static inline void module_bug_cleanup(struct module *mod) {}
|
||||||
#endif /* CONFIG_GENERIC_BUG */
|
#endif /* CONFIG_GENERIC_BUG */
|
||||||
|
|
|
||||||
|
|
@ -1537,6 +1537,7 @@ static int __unlink_module(void *_mod)
|
||||||
{
|
{
|
||||||
struct module *mod = _mod;
|
struct module *mod = _mod;
|
||||||
list_del(&mod->list);
|
list_del(&mod->list);
|
||||||
|
module_bug_cleanup(mod);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2625,6 +2626,7 @@ static struct module *load_module(void __user *umod,
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto ddebug;
|
goto ddebug;
|
||||||
|
|
||||||
|
module_bug_finalize(info.hdr, info.sechdrs, mod);
|
||||||
list_add_rcu(&mod->list, &modules);
|
list_add_rcu(&mod->list, &modules);
|
||||||
mutex_unlock(&module_mutex);
|
mutex_unlock(&module_mutex);
|
||||||
|
|
||||||
|
|
@ -2650,6 +2652,8 @@ static struct module *load_module(void __user *umod,
|
||||||
mutex_lock(&module_mutex);
|
mutex_lock(&module_mutex);
|
||||||
/* Unlink carefully: kallsyms could be walking list. */
|
/* Unlink carefully: kallsyms could be walking list. */
|
||||||
list_del_rcu(&mod->list);
|
list_del_rcu(&mod->list);
|
||||||
|
module_bug_cleanup(mod);
|
||||||
|
|
||||||
ddebug:
|
ddebug:
|
||||||
if (!mod->taints)
|
if (!mod->taints)
|
||||||
dynamic_debug_remove(info.debug);
|
dynamic_debug_remove(info.debug);
|
||||||
|
|
|
||||||
|
|
@ -72,8 +72,8 @@ static const struct bug_entry *module_find_bug(unsigned long bugaddr)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
int module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
|
void module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
|
||||||
struct module *mod)
|
struct module *mod)
|
||||||
{
|
{
|
||||||
char *secstrings;
|
char *secstrings;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
@ -97,8 +97,6 @@ int module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
|
||||||
* could potentially lead to deadlock and thus be counter-productive.
|
* could potentially lead to deadlock and thus be counter-productive.
|
||||||
*/
|
*/
|
||||||
list_add(&mod->bug_list, &module_bug_list);
|
list_add(&mod->bug_list, &module_bug_list);
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void module_bug_cleanup(struct module *mod)
|
void module_bug_cleanup(struct module *mod)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue