Re: [Bugme-new] [Bug 8957] New: Exported functions and variables should not be reachable by the outside of the module until module_init finishes

Re: [Bugme-new] [Bug 8957] New: Exported functions and variables should not be reachable by the outside of the module until module_init finishes

[Andrew Morton]

On Wed, 29 Aug 2007 11:33:06 -0700 (PDT) bugme-daemon@bugzilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=8957
> 
>            Summary: Exported functions and variables should not be reachable
>                     by the outside of the module until module_init finishes
>            Product: Other
>            Version: 2.5
>      KernelVersion: 2.6.23-rc4
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Modules
>         AssignedTo: other_modules@kernel-bugs.osdl.org
>         ReportedBy: mattilinnanvuori@yahoo.com
> 
> 
> Problem Description: a module's exported functions can be called before before
> they are properly initialized by the module_init function.
> 
> Steps to reproduce: write a module that exports functions that require
> initialization by the module_init function to work correctly.
> 
> E.g. spin lock variables are no longer allowed to be initialized by C
> initializers of the module but only by spin_lock_init that can be called by the
> module_init function. If an exported function calls spin_lock before it is
> initialized, it deadlocks.
> 

ooh, nice bug ;)

Re: [Bugme-new] [Bug 8957] New: Exported functions and variables should not be reachable by the outside of the module until module_init finishes

[Robert Hancock]

Andrew Morton wrote:
> On Wed, 29 Aug 2007 11:33:06 -0700 (PDT) bugme-daemon@bugzilla.kernel.org wrote:
> 
>> http://bugzilla.kernel.org/show_bug.cgi?id=8957
>>
>>            Summary: Exported functions and variables should not be reachable
>>                     by the outside of the module until module_init finishes
>>            Product: Other
>>            Version: 2.5
>>      KernelVersion: 2.6.23-rc4
>>           Platform: All
>>         OS/Version: Linux
>>               Tree: Mainline
>>             Status: NEW
>>           Severity: normal
>>           Priority: P1
>>          Component: Modules
>>         AssignedTo: other_modules@kernel-bugs.osdl.org
>>         ReportedBy: mattilinnanvuori@yahoo.com
>>
>>
>> Problem Description: a module's exported functions can be called before before
>> they are properly initialized by the module_init function.
>>
>> Steps to reproduce: write a module that exports functions that require
>> initialization by the module_init function to work correctly.
>>
>> E.g. spin lock variables are no longer allowed to be initialized by C
>> initializers of the module but only by spin_lock_init that can be called by the
>> module_init function. If an exported function calls spin_lock before it is
>> initialized, it deadlocks.
>>
> 
> ooh, nice bug ;)

Under what circumstances is this actually happening? What are these 
functions that are being called?

Normally things are set up such that this isn't a problem, i.e. if 
module A depends on module B, module A can't load until module B is 
finished loading.

-- 
Robert Hancock      Saskatoon, SK, Canada
To email, remove "nospam" from hancockr@nospamshaw.ca
Home Page: http://www.roberthancock.com/

Re: [Bugme-new] [Bug 8957] New: Exported functions and variables should not be reachable by the outside of the module until module_init finishes

[Andrew Morton]

On Wed, 29 Aug 2007 19:33:48 -0600 Robert Hancock <hancockr@shaw.ca> wrote:

> Andrew Morton wrote:
> > On Wed, 29 Aug 2007 11:33:06 -0700 (PDT) bugme-daemon@bugzilla.kernel.org wrote:
> > 
> >> http://bugzilla.kernel.org/show_bug.cgi?id=8957
> >>
> >>            Summary: Exported functions and variables should not be reachable
> >>                     by the outside of the module until module_init finishes
> >>            Product: Other
> >>            Version: 2.5
> >>      KernelVersion: 2.6.23-rc4
> >>           Platform: All
> >>         OS/Version: Linux
> >>               Tree: Mainline
> >>             Status: NEW
> >>           Severity: normal
> >>           Priority: P1
> >>          Component: Modules
> >>         AssignedTo: other_modules@kernel-bugs.osdl.org
> >>         ReportedBy: mattilinnanvuori@yahoo.com
> >>
> >>
> >> Problem Description: a module's exported functions can be called before before
> >> they are properly initialized by the module_init function.
> >>
> >> Steps to reproduce: write a module that exports functions that require
> >> initialization by the module_init function to work correctly.
> >>
> >> E.g. spin lock variables are no longer allowed to be initialized by C
> >> initializers of the module but only by spin_lock_init that can be called by the
> >> module_init function. If an exported function calls spin_lock before it is
> >> initialized, it deadlocks.
> >>
> > 
> > ooh, nice bug ;)
> 
> Under what circumstances is this actually happening? What are these 
> functions that are being called?
> 
> Normally things are set up such that this isn't a problem, i.e. if 
> module A depends on module B, module A can't load until module B is 
> finished loading.
> 

Good point.

This thus-far-undescribed module could make its internals externally
visible via one of the kernel's many register_foo() interfaces, but it
would be a buggy module if it was doing register_foo(my_foo) before
my_foo() was ready to be called.

Re: [Bugme-new] [Bug 8957] New: Exported functions and variables should not be reachable by the outside of the module until module_init finishes

[Satyam Sharma]

Hi Andrew,


On Wed, 29 Aug 2007, Andrew Morton wrote:

> On Wed, 29 Aug 2007 19:33:48 -0600 Robert Hancock <hancockr@shaw.ca> wrote:
> 
> > Andrew Morton wrote:
> > > On Wed, 29 Aug 2007 11:33:06 -0700 (PDT) bugme-daemon@bugzilla.kernel.org wrote:
> > > 
> > >> http://bugzilla.kernel.org/show_bug.cgi?id=8957
> > >>
> > >>            Summary: Exported functions and variables should not be reachable
> > >>                     by the outside of the module until module_init finishes
> > >>            Product: Other
> > >>            Version: 2.5
> > >>      KernelVersion: 2.6.23-rc4
> > >>           Platform: All
> > >>         OS/Version: Linux
> > >>               Tree: Mainline
> > >>             Status: NEW
> > >>           Severity: normal
> > >>           Priority: P1
> > >>          Component: Modules
> > >>         AssignedTo: other_modules@kernel-bugs.osdl.org
> > >>         ReportedBy: mattilinnanvuori@yahoo.com
> > >>
> > >>
> > >> Problem Description: a module's exported functions can be called before before
> > >> they are properly initialized by the module_init function.
> > >>
> > >> Steps to reproduce: write a module that exports functions that require
> > >> initialization by the module_init function to work correctly.
> > >>
> > >> E.g. spin lock variables are no longer allowed to be initialized by C
> > >> initializers of the module but only by spin_lock_init that can be called by the
> > >> module_init function. If an exported function calls spin_lock before it is
> > >> initialized, it deadlocks.
> > > 
> > > ooh, nice bug ;)
> > 
> > Under what circumstances is this actually happening? What are these 
> > functions that are being called?
> > 
> > Normally things are set up such that this isn't a problem, i.e. if 
> > module A depends on module B, module A can't load until module B is 
> > finished loading.
> 
> Good point.
> 
> This thus-far-undescribed module could make its internals externally
> visible via one of the kernel's many register_foo() interfaces,

What you're saying is a plausible problem, but note that it is quite a
completely different issue to what Matti Linnanvuori suggested in the
original bug report.

The report was about module B (which depends on module A, because it
references symbol exported by module A) being able to call a function
(or access data) /exported/ by module A _without_ the module_init()
function of module A having finished completely (and hence the possibility
of accessing uninitialized data etc). But this is not possible -- see the
last reply to Matti.

You're referring to is a module implementing an (possibly un-exported)
function that refers to module-local data, and registering that function
(say through a notifier_block) _before_ initializing_ the data used by
that function. But ...


> but it
> would be a buggy module if it was doing register_foo(my_foo) before
> my_foo() was ready to be called.

... exactly. That module is the buggy culprit here, nothing wrong with
the kernel's core module code.


[ BTW I suspect there /are/ modules out there that get this register_foo()
  ordering wrong in their module_init functions.

  Even more widespread (as I have noticed) is the sad habit of modules
  to not unregister_foo() their stuff (in the module_exit function) in
  the exact reverse order of the register_foo() calls made during
  module_init. This can clearly lead to oopsen, but the only reason why
  we don't see them frequently is because the module_init and module_exit
  codepaths are rarely ever executed at runtime, and even more rarely
  concurrently with other stuff that's using the module. ]


Satyam

Re: [Bugme-new] [Bug 8957] New: Exported functions and variables should not be reachable by the outside of the module until module_init finishes

[Satyam Sharma]

On Wed, 29 Aug 2007, Robert Hancock wrote:

> Andrew Morton wrote:
> > On Wed, 29 Aug 2007 11:33:06 -0700 (PDT) bugme-daemon@bugzilla.kernel.org
> > wrote:
> > 
> > > http://bugzilla.kernel.org/show_bug.cgi?id=8957
> > > 
> > >            Summary: Exported functions and variables should not be
> > > reachable
> > >                     by the outside of the module until module_init
> > > finishes
> > >            Product: Other
> > >            Version: 2.5
> > >      KernelVersion: 2.6.23-rc4
> > >           Platform: All
> > >         OS/Version: Linux
> > >               Tree: Mainline
> > > >>             Status: NEW
> > >           Severity: normal
> > >           Priority: P1
> > >          Component: Modules
> > >         AssignedTo: other_modules@kernel-bugs.osdl.org
> > >         ReportedBy: mattilinnanvuori@yahoo.com
> > > 
> > > 
> > > Problem Description: a module's exported functions can be called before
> > > before
> > > they are properly initialized by the module_init function.
> > > 
> > > Steps to reproduce: write a module that exports functions that require
> > > initialization by the module_init function to work correctly.
> > > 
> > > E.g. spin lock variables are no longer allowed to be initialized by C
> > > initializers of the module but only by spin_lock_init that can be called
> > > by the
> > > module_init function. If an exported function calls spin_lock before it is
> > > initialized, it deadlocks.

Hmm, can you post some sample code / sample module to reproduce this?

I don't think exported symbols can be resolved till our module finishes
loading + initializing. There's a whole lot of dancing in the libusual
module precisely to cope with this behaviour.


> > ooh, nice bug ;)
> 
> Under what circumstances is this actually happening? What are these functions
> that are being called?
> 
> Normally things are set up such that this isn't a problem, i.e. if module A
> depends on module B, module A can't load until module B is finished loading.

See drivers/usb/storage/libusual.c -- pretty unusual goings on there :-)

It needs to request_module() another module (that will reference our
exported symbols). To cope with the fact that our exported modules
_cannot_ be resolved till we finish loading, it uses semaphore-used-as-
completion-handler kludge to let another "probe" kthread know when our
module_init() function is done, so that it can proceed to request_module()
the other module.

Interestingly, the kthread that request_module()s the other module is
spawned from the struct usb_driver ->probe() function (not an exported
function) and the claim there is that (1) usb_driver ->probe() can be
called out without the module_init() of libusual having finished, and,
(2) the newly requested module's loading will fail because it cannot
resolve libusual's exported symbols till we have finished module_init().


Satyam