Re: [PATCH bpf] bpf: Take module reference for ip in module code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jiri Olsa <jolsa@redhat.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andriin@fb.com>,
	netdev@vger.kernel.org, bpf@vger.kernel.org,
	Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
	Yonghong Song <yhs@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@chromium.org>,
	Steven Rostedt <rostedt@goodmis.org>
Subject: Re: [PATCH bpf] bpf: Take module reference for ip in module code
Date: Wed, 24 Mar 2021 14:47:40 +0100	[thread overview]
Message-ID: <YFtC/O399QhHZtpb@krava> (raw)
In-Reply-To: <YFsjGkIwpXm5IYdR@krava>

On Wed, Mar 24, 2021 at 12:31:42PM +0100, Jiri Olsa wrote:
> On Tue, Mar 23, 2021 at 06:22:37PM -0700, Alexei Starovoitov wrote:
> > On Tue, Mar 23, 2021 at 10:15:33PM +0100, Jiri Olsa wrote:
> > > Currently module can be unloaded even if there's a trampoline
> > > register in it. It's easily reproduced by running in parallel:
> > > 
> > >   # while :; do ./test_progs -t module_attach; done
> > >   # while :; do ./test_progs -t fentry_test; done
> > > 
> > > Taking the module reference in case the trampoline's ip is
> > > within the module code. Releasing it when the trampoline's
> > > ip is unregistered.
> > > 
> > > Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> > > ---
> > >  kernel/bpf/trampoline.c | 32 ++++++++++++++++++++++++++++++++
> > >  1 file changed, 32 insertions(+)
> > > 
> > > diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
> > > index 1f3a4be4b175..f6cb179842b2 100644
> > > --- a/kernel/bpf/trampoline.c
> > > +++ b/kernel/bpf/trampoline.c
> > > @@ -87,6 +87,27 @@ static struct bpf_trampoline *bpf_trampoline_lookup(u64 key)
> > >  	return tr;
> > >  }
> > >  
> > > +static struct module *ip_module_get(unsigned long ip)
> > > +{
> > > +	struct module *mod;
> > > +	int err = 0;
> > > +
> > > +	preempt_disable();
> > > +	mod = __module_text_address(ip);
> > > +	if (mod && !try_module_get(mod))
> > > +		err = -ENOENT;
> > > +	preempt_enable();
> > > +	return err ? ERR_PTR(err) : mod;
> > > +}
> > > +
> > > +static void ip_module_put(unsigned long ip)
> > > +{
> > > +	struct module *mod = __module_text_address(ip);
> > 
> > Conceptually looks correct, but how did you test it?!
> > Just doing your reproducer:
> > while :; do ./test_progs -t module_attach; done & while :; do ./test_progs -t fentry_test; done
> > 
> > I immediately hit:
> > [   19.461162] WARNING: CPU: 1 PID: 232 at kernel/module.c:264 module_assert_mutex_or_preempt+0x2e/0x40
> > [   19.477126] Call Trace:
> > [   19.477464]  __module_address+0x28/0xf0
> > [   19.477865]  ? __bpf_trace_bpf_testmod_test_write_bare+0x10/0x10 [bpf_testmod]
> > [   19.478711]  __module_text_address+0xe/0x60
> > [   19.479156]  bpf_trampoline_update+0x2ff/0x470
> 
> I don't have lockdep enabled.. ah the module_mutex is held
> during module init, that's why all the code I was using as
> a reference did not take it.. sorry, will fix

ah it's the missing preempt_disable ;-) ok

jirka

> 
> > 
> > Which points to an obvious bug above.
> > 
> > How did you debug it to this module going away issue?
> > Why does test_progs -t fentry_test help to repro?
> > Or does it?
> > It doesn't touch anything in modules.
> 
> test_prog also loads/unloads that module, but it could be
> just insmod/rmmod instead, will change
> 
> jirka

     prev parent reply	other threads:[~2021-03-24 13:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-23 21:15 [PATCH bpf] bpf: Take module reference for ip in module code Jiri Olsa
2021-03-24  1:22 ` Alexei Starovoitov
2021-03-24 11:31   ` Jiri Olsa
2021-03-24 13:47     ` Jiri Olsa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YFtC/O399QhHZtpb@krava \
    --to=jolsa@redhat.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andriin@fb.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kafai@fb.com \
    --cc=kpsingh@chromium.org \
    --cc=netdev@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=songliubraving@fb.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.