From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org
Cc: Ingo Molnar <mingo@elte.hu>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
Jason Baron <jbaron@redhat.com>
Subject: [PATCH 1/7] jump label: Fix module __init section race
Date: Fri, 29 Oct 2010 15:00:51 -0400 [thread overview]
Message-ID: <20101029190134.747310610@goodmis.org> (raw)
In-Reply-To: 20101029190050.674141729@goodmis.org
[-- Attachment #1: 0001-jump-label-Fix-module-__init-section-race.patch --]
[-- Type: text/plain, Size: 3257 bytes --]
From: Jason Baron <jbaron@redhat.com>
Jump label uses is_module_text_address() to ensure that the module
__init sections are valid before updating them. However, between the
check for a valid module __init section and the subsequent jump
label update, the module's __init section could be freed out from under
us.
We fix this potential race by adding a notifier callback to the
MODULE_STATE_LIVE state. This notifier is called *after* the __init
section has been run but before it is going to be freed. In the
callback, the jump label code zeros the key value for any __init jump
code within the module, and we add a check for a non-zero key value when
we update jump labels. In this way we require no additional data
structures.
Thanks to Mathieu Desnoyers for pointing out this race condition.
Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
LKML-Reference: <c6f037b7598777668025ceedd9294212fd95fa34.1285965957.git.jbaron@redhat.com>
[ Renamed remove_module_init() to remove_jump_label_module_init()
as suggested by Masami Hiramatsu. ]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
kernel/jump_label.c | 41 ++++++++++++++++++++++++++++++++++++++++-
1 files changed, 40 insertions(+), 1 deletions(-)
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index 7be868b..be9e105 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -168,7 +168,8 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
count = e_module->nr_entries;
iter = e_module->table;
while (count--) {
- if (kernel_text_address(iter->code))
+ if (iter->key &&
+ kernel_text_address(iter->code))
arch_jump_label_transform(iter, type);
iter++;
}
@@ -366,6 +367,39 @@ static void remove_jump_label_module(struct module *mod)
}
}
+static void remove_jump_label_module_init(struct module *mod)
+{
+ struct hlist_head *head;
+ struct hlist_node *node, *node_next, *module_node, *module_node_next;
+ struct jump_label_entry *e;
+ struct jump_label_module_entry *e_module;
+ struct jump_entry *iter;
+ int i, count;
+
+ /* if the module doesn't have jump label entries, just return */
+ if (!mod->num_jump_entries)
+ return;
+
+ for (i = 0; i < JUMP_LABEL_TABLE_SIZE; i++) {
+ head = &jump_label_table[i];
+ hlist_for_each_entry_safe(e, node, node_next, head, hlist) {
+ hlist_for_each_entry_safe(e_module, module_node,
+ module_node_next,
+ &(e->modules), hlist) {
+ if (e_module->mod != mod)
+ continue;
+ count = e_module->nr_entries;
+ iter = e_module->table;
+ while (count--) {
+ if (within_module_init(iter->code, mod))
+ iter->key = 0;
+ iter++;
+ }
+ }
+ }
+ }
+}
+
static int
jump_label_module_notify(struct notifier_block *self, unsigned long val,
void *data)
@@ -386,6 +420,11 @@ jump_label_module_notify(struct notifier_block *self, unsigned long val,
remove_jump_label_module(mod);
mutex_unlock(&jump_label_mutex);
break;
+ case MODULE_STATE_LIVE:
+ mutex_lock(&jump_label_mutex);
+ remove_jump_label_module_init(mod);
+ mutex_unlock(&jump_label_mutex);
+ break;
}
return ret;
}
--
1.7.1
next prev parent reply other threads:[~2010-10-29 19:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-29 19:00 [PATCH 0/7] [GIT PULL] jump label: fixes and work arounds Steven Rostedt
2010-10-29 19:00 ` Steven Rostedt [this message]
2010-10-29 19:00 ` [PATCH 2/7] jump label: Fix deadlock b/w jump_label_mutex vs. text_mutex Steven Rostedt
2010-10-29 19:00 ` [PATCH 3/7] jump label: Fix error with preempt disable holding mutex Steven Rostedt
2010-10-29 19:00 ` [PATCH 4/7] jump label: Make arch_jump_label_text_poke_early() optional Steven Rostedt
2010-10-29 19:00 ` [PATCH 5/7] jump_label: Fix unaligned traps on sparc Steven Rostedt
2010-10-29 19:00 ` [PATCH 6/7] x86, ftrace: Use safe noops, drop trap test Steven Rostedt
2010-10-29 20:03 ` Mathieu Desnoyers
2010-10-29 19:00 ` [PATCH 7/7] jump label: Add work around to i386 gcc asm goto bug Steven Rostedt
2010-10-29 20:02 ` Mathieu Desnoyers
2010-10-30 19:24 ` [PATCH 0/7] [GIT PULL] jump label: fixes and work arounds Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101029190134.747310610@goodmis.org \
--to=rostedt@goodmis.org \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=jbaron@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=masami.hiramatsu.pt@hitachi.com \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.