From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755169AbcILHSw (ORCPT ); Mon, 12 Sep 2016 03:18:52 -0400 Received: from szxga03-in.huawei.com ([119.145.14.66]:44256 "EHLO szxga03-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751623AbcILHSv (ORCPT ); Mon, 12 Sep 2016 03:18:51 -0400 To: Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , CC: From: Rui Xiang Subject: [PATCH] x86/alternatives: add missing mutex lock in,alternatives_text_reserved Message-ID: <57D656B5.2010308@huawei.com> Date: Mon, 12 Sep 2016 15:18:13 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.22.70] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.57D656CD.019D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 632bbd7f6d3d021397e7010c25e502cf Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A race between alternatives_text_reserved and alternatives_smp_module_del occured when traversing the global list smp_alt_modules in 3.4 kernel. It would casue a panic while reading smp_alt_modules->mod in alternatives_text_reserved func. [ 14.016190] general protection fault: 0000 [#1] SMP [ 14.016988] CPU 0 [ 14.017287] Modules linked in: mlx4_ib(O+) mlx4_en(O+) xb_sa(O) [ 14.020005] [ 14.020005] Pid: 1979, comm: modprobe Tainted: G O [ 14.020005] RIP: 0010:[] [] alternatives_text_reserved+0x20/0x80 [ 14.020005] RSP: 0018:ffff880ea355bcb8 EFLAGS: 00010283 [ 14.020005] RAX: dead000000000100 RBX: ffffffffa02af720 RCX: dead0000000000d0 [ 14.020005] RDX: ffffffffa02f0588 RSI: ffffffffa02d2fc0 RDI: ffffffffa02d2fc0 [ 14.020005] RBP: ffff880ea355bcb8 R08: ffffffffa02f3b68 R09: 00017f4ae12d2fc0 [ 14.020005] R10: 00000000000000e8 R11: ffffffffa02bb9d7 R12: 0000000000000000 [ 14.020005] R13: ffffffffa02af720 R14: ffffffffa0307140 R15: ffffffffa02af730 [ 14.020005] FS: 00007f26c6acc700(0000) GS:ffff880fff200000(0000) knlGS:0000000000000000 [ 14.020005] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 14.020005] CR2: 00007fd4adc3b000 CR3: 0000000ea40ea000 CR4: 00000000001407f0 [ 14.020005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 14.020005] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 14.020005] Process modprobe (pid: 1979, threadinfo ffff880ea355a000, task ffff880e9eb9e600) [ 14.020005] Stack: [ 14.020005] ffff880ea355bcd8 ffffffff8145b148 ffffffffa02af720 ffffffffa02af720 [ 14.020005] ffff880ea355bd18 ffffffff8145ed38 0000000000000000 0000000000000000 [ 14.041015] ffff880ea355bd90 ffffffffa02af720 0000000000000001 ffff880ea355bd90 [ 14.041015] Call Trace: [ 14.041015] [] arch_prepare_kprobe+0x18/0x80 [ 14.042982] [] register_kprobe+0x338/0x4c0 [ 14.042982] [] register_jprobes+0x98/0xc0 [ 14.042982] [] register_jprobe+0x1a/0x20 It also seems to exist in mainline. This patch adds the mutex lock smp_alt to fix it. Cc: stable@vger.kernel.org Signed-off-by: Rui Xiang --- arch/x86/kernel/alternative.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 5cb272a..7cec0cc 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -563,6 +563,7 @@ int alternatives_text_reserved(void *start, void *end) u8 *text_start = start; u8 *text_end = end; + mutex_lock(&smp_alt); list_for_each_entry(mod, &smp_alt_modules, next) { if (mod->text > text_end || mod->text_end < text_start) continue; @@ -573,6 +574,7 @@ int alternatives_text_reserved(void *start, void *end) return 1; } } + mutex_unlock(&smp_alt); return 0; } -- 1.8.2.2