From: Rusty Russell <rusty@rustcorp.com.au>
To: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Brandon Philips <brandon@ifup.org>,
Jon Masters <jonathan@jonmasters.org>,
Tejun Heo <htejun@gmail.com>,
Masami Hiramatsu <mhiramat@redhat.com>
Subject: Re: [Regression] Crash in load_module() while freeing args
Date: Thu, 27 May 2010 14:56:18 +0930 [thread overview]
Message-ID: <201005271456.20003.rusty@rustcorp.com.au> (raw)
In-Reply-To: <201005270056.25748.rjw@sisk.pl>
On Thu, 27 May 2010 08:26:25 am Rafael J. Wysocki wrote:
> On Wednesday 26 May 2010, Rusty Russell wrote:
> > I suspect that the increased parallelism enabled by this patch uncovered this
> > bug. Does this fix it?
>
> Since the commit has been reverted, do you still want me to test this patch?
> Quite frankly I'd prefer to test a complete replacement for that commit on top
> of current -git.
OK, combo meal deal below, against Linus' latest. I'd really appreciate
a report, since AFAIK you're the only one hitting it, and only when that
other (now reverted) patch was applied.
As an side to Brandon: I can see how my patch fixed an explicit request_module
inside module_init (that's how I tested it). I can't see how we have a
problem with an implicit dependency such as bne2x->crc32. Modules go into
the live state without retaking the lock. If you can still reproduce that
now Linus has reverted, I'm afraid we need to dig deeper...
Thanks,
Rusty.
diff --git a/kernel/module.c b/kernel/module.c
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -563,33 +563,26 @@ int use_module(struct module *a, struct
struct module_use *use;
int no_warn, err;
- if (b == NULL || already_uses(a, b)) return 1;
+ if (b == NULL || already_uses(a, b))
+ return 0;
/* If we're interrupted or time out, we fail. */
- if (wait_event_interruptible_timeout(
- module_wq, (err = strong_try_module_get(b)) != -EBUSY,
- 30 * HZ) <= 0) {
- printk("%s: gave up waiting for init of module %s.\n",
- a->name, b->name);
- return 0;
- }
-
- /* If strong_try_module_get() returned a different error, we fail. */
+ err = strong_try_module_get(b);
if (err)
- return 0;
+ return err;
DEBUGP("Allocating new usage for %s.\n", a->name);
use = kmalloc(sizeof(*use), GFP_ATOMIC);
if (!use) {
printk("%s: out of memory loading\n", a->name);
module_put(b);
- return 0;
+ return -ENOMEM;
}
use->module_which_uses = a;
list_add(&use->list, &b->modules_which_use_me);
no_warn = sysfs_create_link(b->holders_dir, &a->mkobj.kobj, a->name);
- return 1;
+ return 0;
}
EXPORT_SYMBOL_GPL(use_module);
@@ -882,7 +875,7 @@ static inline void module_unload_free(st
int use_module(struct module *a, struct module *b)
{
- return strong_try_module_get(b) == 0;
+ return strong_try_module_get(b);
}
EXPORT_SYMBOL_GPL(use_module);
@@ -1053,17 +1046,39 @@ static const struct kernel_symbol *resol
struct module *owner;
const struct kernel_symbol *sym;
const unsigned long *crc;
-
+ DEFINE_WAIT(wait);
+ int err;
+ long timeleft = 30 * HZ;
+
+again:
sym = find_symbol(name, &owner, &crc,
!(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true);
- /* use_module can fail due to OOM,
- or module initialization or unloading */
- if (sym) {
- if (!check_version(sechdrs, versindex, name, mod, crc, owner)
- || !use_module(mod, owner))
- sym = NULL;
+ if (!sym)
+ return NULL;
+
+ if (!check_version(sechdrs, versindex, name, mod, crc, owner))
+ return NULL;
+
+ prepare_to_wait(&module_wq, &wait, TASK_INTERRUPTIBLE);
+ err = use_module(mod, owner);
+ if (likely(!err) || err != -EBUSY || signal_pending(current)) {
+ finish_wait(&module_wq, &wait);
+ return err ? NULL : sym;
}
- return sym;
+
+ /* Module is still loading. Drop lock and wait. */
+ mutex_unlock(&module_mutex);
+ timeleft = schedule_timeout(timeleft);
+ mutex_lock(&module_mutex);
+ finish_wait(&module_wq, &wait);
+
+ /* Module might be gone entirely, or replaced. Re-lookup. */
+ if (timeleft)
+ goto again;
+
+ printk(KERN_WARNING "%s: gave up waiting for init of module %s.\n",
+ mod->name, owner->name);
+ return NULL;
}
/*
@@ -2014,6 +2029,7 @@ static noinline struct module *load_modu
long err = 0;
void *ptr = NULL; /* Stops spurious gcc warning */
unsigned long symoffs, stroffs, *strmap;
+ void __percpu *percpu;
mm_segment_t old_fs;
@@ -2158,6 +2174,8 @@ static noinline struct module *load_modu
goto free_mod;
sechdrs[pcpuindex].sh_flags &= ~(unsigned long)SHF_ALLOC;
}
+ /* Keep this around for failure path. */
+ percpu = mod_percpu(mod);
/* Determine total sizes, and put offsets in sh_entsize. For now
this is done generically; there doesn't appear to be any
@@ -2463,7 +2481,7 @@ static noinline struct module *load_modu
module_free(mod, mod->module_core);
/* mod will be freed with core. Don't access it beyond this line! */
free_percpu:
- percpu_modfree(mod);
+ free_percpu(percpu);
free_mod:
kfree(args);
kfree(strmap);
next prev parent reply other threads:[~2010-05-27 5:26 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-25 21:00 [Regression] Crash in load_module() while freeing args Rafael J. Wysocki
2010-05-25 22:54 ` Rafael J. Wysocki
2010-05-25 23:47 ` Linus Torvalds
2010-05-26 8:00 ` Rusty Russell
2010-05-26 11:57 ` Rusty Russell
2010-05-26 22:56 ` Rafael J. Wysocki
2010-05-26 23:07 ` Linus Torvalds
2010-05-27 5:26 ` Rusty Russell [this message]
2010-05-27 18:46 ` Brandon Philips
2010-05-31 9:40 ` Rusty Russell
2010-05-31 12:00 ` [PATCH 0/2] kernel/module.c locking changes Rusty Russell
2010-05-31 12:01 ` [PATCH 1/2] module: make locking more fine-grained Rusty Russell
2010-05-31 12:02 ` [PATCH 2/2] module: fix bne2 "gave up waiting for init of module libcrc32c" Rusty Russell
2010-05-31 16:48 ` Andrew Morton
2010-05-31 18:19 ` Linus Torvalds
2010-05-31 20:15 ` Linus Torvalds
2010-05-31 20:16 ` [PATCH 1/2] Make the module 'usage' lists be two-way Linus Torvalds
2010-05-31 20:17 ` [PATCH 2/2] module: wait for other modules after dropping the module_mutex Linus Torvalds
2010-06-01 1:37 ` [PATCH 1/2] Make the module 'usage' lists be two-way Rusty Russell
2010-06-01 3:42 ` Rusty Russell
2010-06-01 4:00 ` Linus Torvalds
2010-06-01 4:05 ` Linus Torvalds
2010-06-01 2:44 ` Américo Wang
2010-06-01 3:51 ` Linus Torvalds
2010-06-01 1:57 ` [PATCH 2/2] module: fix bne2 "gave up waiting for init of module libcrc32c" Rusty Russell
2010-06-01 3:40 ` Linus Torvalds
2010-06-01 4:27 ` Linus Torvalds
2010-06-01 5:19 ` Rusty Russell
2010-06-02 3:15 ` Rusty Russell
2010-06-01 1:21 ` Rusty Russell
2010-06-01 3:24 ` Linus Torvalds
2010-06-01 5:22 ` Rusty Russell
2010-06-01 14:58 ` Linus Torvalds
2010-06-01 17:53 ` Linus Torvalds
2010-06-01 23:24 ` Brandon Philips
2010-06-01 23:51 ` Linus Torvalds
2010-06-02 2:10 ` Brandon Philips
2010-06-02 3:03 ` Rusty Russell
2010-06-02 4:35 ` Linus Torvalds
2010-06-02 4:44 ` Linus Torvalds
2010-06-02 6:35 ` Rusty Russell
2010-06-02 7:45 ` Linus Torvalds
2010-06-02 8:12 ` Linus Torvalds
2010-06-02 9:07 ` Rusty Russell
2010-06-02 5:52 ` Rusty Russell
2010-06-02 7:21 ` Linus Torvalds
2010-06-02 14:06 ` Rusty Russell
2010-06-02 14:50 ` Linus Torvalds
2010-06-03 13:06 ` Rusty Russell
2010-06-02 16:53 ` Brandon Philips
2010-06-02 18:01 ` Linus Torvalds
2010-06-03 5:20 ` Rusty Russell
2010-06-03 16:24 ` Linus Torvalds
2010-06-04 1:02 ` Rusty Russell
2010-06-04 1:55 ` Linus Torvalds
2010-06-04 5:20 ` Rusty Russell
2010-06-04 22:48 ` Linus Torvalds
2010-06-05 1:49 ` Rusty Russell
2010-06-02 3:09 ` Rusty Russell
2010-06-02 4:32 ` Linus Torvalds
2010-06-02 4:56 ` Linus Torvalds
2010-06-02 5:52 ` Rusty Russell
2010-06-02 6:59 ` Linus Torvalds
2010-06-01 1:04 ` Rusty Russell
2010-06-01 5:38 ` [PATCH 1/2] module: make locking more fine-grained Américo Wang
2010-06-01 5:55 ` Rusty Russell
2010-05-27 21:57 ` [Regression] Crash in load_module() while freeing args Rafael J. Wysocki
2010-05-31 7:54 ` Rusty Russell
2010-05-31 10:23 ` [PATCH] module: fix reference to mod->percpu after freeing module Rusty Russell
2010-05-31 10:25 ` Tejun Heo
2010-05-26 15:41 ` [Regression] Crash in load_module() while freeing args Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201005271456.20003.rusty@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=akpm@linux-foundation.org \
--cc=brandon@ifup.org \
--cc=htejun@gmail.com \
--cc=jonathan@jonmasters.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@redhat.com \
--cc=rjw@sisk.pl \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.