From: Alexey Dobriyan <adobriyan@sw.ru>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Ingo Molnar <mingo@elte.hu>,
akpm@osdl.org, linux-kernel@vger.kernel.org, devel@openvz.org,
tglx@linutronix.de, viro@zeniv.linux.org.uk,
pmarques@grupopie.com
Subject: Re: [PATCH RESEND 2/2] Fix some kallsyms_lookup() vs rmmod races
Date: Mon, 19 Mar 2007 13:21:07 +0300 [thread overview]
Message-ID: <20070319102107.GA6811@localhost.sw.ru> (raw)
In-Reply-To: <1174124239.8897.41.camel@localhost.localdomain>
On Sat, Mar 17, 2007 at 08:37:18PM +1100, Rusty Russell wrote:
> On Fri, 2007-03-16 at 12:51 +0100, Ingo Molnar wrote:
> > * Alexey Dobriyan <adobriyan@sw.ru> wrote:
> >
> > > [cc'ing folks whose proc files are affected]
> > >
> > > kallsyms_lookup() can call module_address_lookup() which iterates over
> > > modules list without module_mutex taken. Comment at the top of
> > > module_address_lookup() says it's for oops resolution so races are
> > > irrelevant, but in some cases it's reachable from regular code:
> >
> > looking at the problem from another angle: wouldnt this be something
> > that would benefit from freeze_processes()/unfreeze_processes(), and
> > hence no locking would be required?
>
> Actually, the list manipulation is done with stop_machine for this
> reason.
mmm, my changelog is slightly narrow than it should be.
Non-emergency code is traversing modules list.
It finds "struct module *".
module is removed.
"struct module *" is now meaningless, but still dereferenced.
How would all this refrigerator stuff would help? It wouldn't,
Non-emergency code is traversing modules list.
It finds "struct module *".
Everything is freezed.
Module is removed.
Everything is unfreezed.
"struct module *" is now meaningless, but still dereferenced.
> Alexey, is preempt enabled in your kernel?
Yes. FWIW,
CONFIG_PREEMPT=y
CONFIG_PREEMPT_BKL=y
CONFIG_DEBUG_PREEMPT=y
I very much agree with proto-patch which _copies_ all relevant
information into caller-supplied structure, keeping module_mutex private.
Time to split it sanely.
next prev parent reply other threads:[~2007-03-19 10:14 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-16 11:44 [PATCH RESEND 2/2] Fix some kallsyms_lookup() vs rmmod races Alexey Dobriyan
2007-03-16 11:51 ` Ingo Molnar
2007-03-16 16:16 ` Paulo Marques
2007-03-16 16:18 ` Ingo Molnar
2007-03-16 17:16 ` Paulo Marques
2007-03-16 18:15 ` Andrew Morton
2007-03-16 20:27 ` Paulo Marques
2007-03-16 20:49 ` Andrew Morton
2007-03-17 10:36 ` Rusty Russell
2007-03-19 9:56 ` Alexey Dobriyan
2007-03-17 9:37 ` Rusty Russell
2007-03-19 10:21 ` Alexey Dobriyan [this message]
2007-03-19 15:17 ` Paulo Marques
2007-03-19 23:23 ` Rusty Russell
2007-03-17 9:32 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070319102107.GA6811@localhost.sw.ru \
--to=adobriyan@sw.ru \
--cc=akpm@osdl.org \
--cc=devel@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pmarques@grupopie.com \
--cc=rusty@rustcorp.com.au \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.