From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Andrea Parri <andrea.parri@amarulasolutions.com>,
Oleg Nesterov <oleg@redhat.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Jiri Olsa <jolsa@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Namhyung Kim <namhyung@kernel.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
Stephane Eranian <eranian@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Vince Weaver <vincent.weaver@maine.edu>,
stable@kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.14 14/55] uprobes: Fix handle_swbp() vs. unregister() + register() race once more
Date: Thu, 6 Dec 2018 15:38:48 +0100 [thread overview]
Message-ID: <20181206143002.487787211@linuxfoundation.org> (raw)
In-Reply-To: <20181206143001.749982936@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Parri <andrea.parri@amarulasolutions.com>
commit 09d3f015d1e1b4fee7e9bbdcf54201d239393391 upstream.
Commit:
142b18ddc8143 ("uprobes: Fix handle_swbp() vs unregister() + register() race")
added the UPROBE_COPY_INSN flag, and corresponding smp_wmb() and smp_rmb()
memory barriers, to ensure that handle_swbp() uses fully-initialized
uprobes only.
However, the smp_rmb() is mis-placed: this barrier should be placed
after handle_swbp() has tested for the flag, thus guaranteeing that
(program-order) subsequent loads from the uprobe can see the initial
stores performed by prepare_uprobe().
Move the smp_rmb() accordingly. Also amend the comments associated
to the two memory barriers to indicate their actual locations.
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: stable@kernel.org
Fixes: 142b18ddc8143 ("uprobes: Fix handle_swbp() vs unregister() + register() race")
Link: http://lkml.kernel.org/r/20181122161031.15179-1-andrea.parri@amarulasolutions.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/uprobes.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -616,7 +616,7 @@ static int prepare_uprobe(struct uprobe
BUG_ON((uprobe->offset & ~PAGE_MASK) +
UPROBE_SWBP_INSN_SIZE > PAGE_SIZE);
- smp_wmb(); /* pairs with rmb() in find_active_uprobe() */
+ smp_wmb(); /* pairs with the smp_rmb() in handle_swbp() */
set_bit(UPROBE_COPY_INSN, &uprobe->flags);
out:
@@ -1910,10 +1910,18 @@ static void handle_swbp(struct pt_regs *
* After we hit the bp, _unregister + _register can install the
* new and not-yet-analyzed uprobe at the same address, restart.
*/
- smp_rmb(); /* pairs with wmb() in install_breakpoint() */
if (unlikely(!test_bit(UPROBE_COPY_INSN, &uprobe->flags)))
goto out;
+ /*
+ * Pairs with the smp_wmb() in prepare_uprobe().
+ *
+ * Guarantees that if we see the UPROBE_COPY_INSN bit set, then
+ * we must also see the stores to &uprobe->arch performed by the
+ * prepare_uprobe() call.
+ */
+ smp_rmb();
+
/* Tracing handlers use ->utask to communicate with fetch methods */
if (!get_utask())
goto out;
next prev parent reply other threads:[~2018-12-06 14:41 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-06 14:38 [PATCH 4.14 00/55] 4.14.87-stable review Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 01/55] Kbuild: suppress packed-not-aligned warning for default setting only Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 02/55] disable stringop truncation warnings for now Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 03/55] test_hexdump: use memcpy instead of strncpy Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 04/55] kobject: Replace strncpy with memcpy Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 05/55] ALSA: intel_hdmi: Use strlcpy() instead of strncpy() Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 06/55] unifdef: use memcpy instead of strncpy Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 07/55] kernfs: Replace strncpy with memcpy Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 08/55] ip_tunnel: Fix name string concatenate in __ip_tunnel_create() Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 09/55] drm: gma500: fix logic error Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 10/55] scsi: bfa: convert to strlcpy/strlcat Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 11/55] staging: rts5208: fix gcc-8 logic error warning Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 12/55] kdb: use memmove instead of overlapping memcpy Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 13/55] iser: set sector for ambiguous mr status errors Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman [this message]
2018-12-06 14:38 ` [PATCH 4.14 15/55] MIPS: ralink: Fix mt7620 nd_sd pinmux Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 16/55] mips: fix mips_get_syscall_arg o32 check Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 17/55] IB/mlx5: Avoid load failure due to unknown link width Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 18/55] drm/ast: Fix incorrect free on ioregs Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 19/55] drm: set is_master to 0 upon drm_new_set_master() failure Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 20/55] drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 21/55] drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman
2018-12-06 14:38 ` Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 22/55] userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 23/55] userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 24/55] userfaultfd: shmem: add i_size checks Greg Kroah-Hartman
2018-12-06 14:38 ` [PATCH 4.14 25/55] userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 26/55] scsi: scsi_devinfo: cleanly zero-pad devinfo strings Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 27/55] userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 28/55] ALSA: trident: Suppress gcc string warning Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 29/55] kgdboc: Fix restrict error Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 30/55] kgdboc: Fix warning with module build Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 31/55] svm: Add mutex_lock to protect apic_access_page_done on AMD systems Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 32/55] drm/msm: fix OF child-node lookup Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 33/55] Input: xpad - quirk all PDP Xbox One gamepads Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 34/55] Input: synaptics - add PNP ID for ThinkPad P50 to SMBus Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 35/55] Input: matrix_keypad - check for errors from of_get_named_gpio() Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 36/55] Input: cros_ec_keyb - fix button/switch capability reports Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 37/55] Input: elan_i2c - add ELAN0620 to the ACPI table Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 38/55] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 39/55] Input: elan_i2c - add support for ELAN0621 touchpad Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 40/55] btrfs: tree-checker: Dont check max block group size as current max chunk size limit is unreliable Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 41/55] btrfs: Always try all copies when reading extent buffers Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 42/55] ARC: change defconfig defaults to ARCv2 Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 43/55] arc: [devboards] Add support of NFSv3 ACL Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 44/55] udf: Allow mounting volumes with incorrect identification strings Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 45/55] reset: make device_reset_optional() really optional Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 46/55] reset: remove remaining WARN_ON() in <linux/reset.h> Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 47/55] mm: cleancache: fix corruption on missed inode invalidation Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 48/55] thermal/drivers/hisi: Remove the multiple sensors support Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 49/55] thermal/drivers/hisi: Remove pointless lock Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 50/55] thermal/drivers/hisi: Encapsulate register writes into helpers Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 51/55] thermal/drivers/hisi: Fix configuration register setting Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 52/55] thermal/drivers/hisi: Remove costly sensor inspection Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 53/55] mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 54/55] net: qed: use correct strncpy() size Greg Kroah-Hartman
2018-12-06 14:39 ` [PATCH 4.14 55/55] tipc: use destination length for copy string Greg Kroah-Hartman
2018-12-06 20:12 ` [PATCH 4.14 00/55] 4.14.87-stable review kernelci.org bot
2018-12-06 22:09 ` shuah
2018-12-07 8:39 ` Naresh Kamboju
2018-12-07 9:33 ` Jon Hunter
2018-12-07 9:33 ` Jon Hunter
2018-12-07 20:30 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181206143002.487787211@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=acme@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=andrea.parri@amarulasolutions.com \
--cc=eranian@google.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=oleg@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.