modules: Fix module_bug_list list corruption race

With all the recent module loading cleanups, we've minimized the code that sits under module_mutex, fixing various deadlocks and making it possible to do most of the module loading in parallel. However, that whole conversion totally missed the rather obscure code that adds a new module to the list for BUG() handling. That code was doubly obscure because (a) the code itself lives in lib/bugs.c (for dubious reasons) and (b) it gets called from the architecture-specific "module_finalize()" rather than from generic code. Calling it from arch-specific code makes no sense what-so-ever to begin with, and is now actively wrong since that code isn't protected by the module loading lock any more. So this commit moves the "module_bug_{finalize,cleanup}()" calls away from the arch-specific code, and into the generic code - and in the process protects it with the module_mutex so that the list operations are now safe. Future fixups: - move the module list handling code into kernel/module.c where it belongs. - get rid of 'module_bug_list' and just use the regular list of modules (called 'modules' - imagine that) that we already create and maintain for other reasons. Reported-and-tested-by: Thomas Gleixner <tglx@linutronix.de> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Adrian Bunk <bunk@kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-05 14:29:27 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-05 14:29:27 -0400
commit: 5336377d6225959624146629ce3fc88ee8ecda3d (patch)
tree: 571b9db75d1ba50faa1e399509563f367fd5694f
parent: 2f6b3aa7a563d05453c4d73ccf88191aee84333f (diff)
11 files changed, 14 insertions, 26 deletions
diff --git a/arch/avr32/kernel/module.c b/arch/avr32/kernel/module.c
index 98f94d041d9..a727f54d64d 100644
--- a/arch/avr32/kernel/module.c
+++ b/arch/avr32/kernel/module.c
@@ -314,10 +314,9 @@ int module_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
        vfree(module->arch.syminfo);
        module->arch.syminfo = NULL;
-        return module_bug_finalize(hdr, sechdrs, module);
+        return 0;
 }
 void module_arch_cleanup(struct module *module)
 {
-        module_bug_cleanup(module);
 }
diff --git a/arch/h8300/kernel/module.c b/arch/h8300/kernel/module.c
index 0865e291c20..db4953dc4e1 100644
--- a/arch/h8300/kernel/module.c
+++ b/arch/h8300/kernel/module.c
@@ -112,10 +112,9 @@ int module_finalize(const Elf_Ehdr *hdr,
                    const Elf_Shdr *sechdrs,
                    struct module *me)
 {
-        return module_bug_finalize(hdr, sechdrs, me);
+        return 0;
 }
 void module_arch_cleanup(struct module *mod)
 {
-        module_bug_cleanup(mod);
 }
diff --git a/arch/mn10300/kernel/module.c b/arch/mn10300/kernel/module.c
index 6aea7fd7699..196a111e2e2 100644
--- a/arch/mn10300/kernel/module.c
+++ b/arch/mn10300/kernel/module.c
@@ -206,7 +206,7 @@ int module_finalize(const Elf_Ehdr *hdr,
                    const Elf_Shdr *sechdrs,
                    struct module *me)
 {
-        return module_bug_finalize(hdr, sechdrs, me);
+        return 0;
 }
 /*
@@ -214,5 +214,4 @@ int module_finalize(const Elf_Ehdr *hdr,
 */
 void module_arch_cleanup(struct module *mod)
 {
-        module_bug_cleanup(mod);
 }
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
index 159a2b81e90..6e81bb596e5 100644
--- a/arch/parisc/kernel/module.c
+++ b/arch/parisc/kernel/module.c
@@ -941,11 +941,10 @@ int module_finalize(const Elf_Ehdr *hdr,
        nsyms = newptr - (Elf_Sym *)symhdr->sh_addr;
        DEBUGP("NEW num_symtab %lu\n", nsyms);
        symhdr->sh_size = nsyms * sizeof(Elf_Sym);
-        return module_bug_finalize(hdr, sechdrs, me);
+        return 0;
 }
 void module_arch_cleanup(struct module *mod)
 {
        deregister_unwind_table(mod);
-        module_bug_cleanup(mod);
 }
diff --git a/arch/powerpc/kernel/module.c b/arch/powerpc/kernel/module.c
index 477c663e014..4ef93ae2235 100644
--- a/arch/powerpc/kernel/module.c
+++ b/arch/powerpc/kernel/module.c
@@ -65,10 +65,6 @@ int module_finalize(const Elf_Ehdr *hdr,
        const Elf_Shdr *sect;
        int err;
-        err = module_bug_finalize(hdr, sechdrs, me);
-        if (err)
-                return err;
        /* Apply feature fixups */
        sect = find_section(hdr, sechdrs, "__ftr_fixup");
        if (sect != NULL)
@@ -101,5 +97,4 @@ int module_finalize(const Elf_Ehdr *hdr,
 void module_arch_cleanup(struct module *mod)
 {
-        module_bug_cleanup(mod);
 }
diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
index 22cfd634c35..f7167ee4604 100644
--- a/arch/s390/kernel/module.c
+++ b/arch/s390/kernel/module.c
@@ -407,10 +407,9 @@ int module_finalize(const Elf_Ehdr *hdr,
 {
        vfree(me->arch.syminfo);
        me->arch.syminfo = NULL;
-        return module_bug_finalize(hdr, sechdrs, me);
+        return 0;
 }
 void module_arch_cleanup(struct module *mod)
 {
-        module_bug_cleanup(mod);
 }
diff --git a/arch/sh/kernel/module.c b/arch/sh/kernel/module.c
index 43adddfe4c0..ae0be697a89 100644
--- a/arch/sh/kernel/module.c
+++ b/arch/sh/kernel/module.c
@@ -149,13 +149,11 @@ int module_finalize(const Elf_Ehdr *hdr,
        int ret = 0;
        ret |= module_dwarf_finalize(hdr, sechdrs, me);
-        ret |= module_bug_finalize(hdr, sechdrs, me);
        return ret;
 }
 void module_arch_cleanup(struct module *mod)
 {
-        module_bug_cleanup(mod);
        module_dwarf_cleanup(mod);
 }
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
index e0bc186d750..1c355c55096 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -239,11 +239,10 @@ int module_finalize(const Elf_Ehdr *hdr,
                apply_paravirt(pseg, pseg + para->sh_size);
        }
-        return module_bug_finalize(hdr, sechdrs, me);
+        return 0;
 }
 void module_arch_cleanup(struct module *mod)
 {
        alternatives_smp_module_del(mod);
-        module_bug_cleanup(mod);
 }
diff --git a/include/linux/module.h b/include/linux/module.h
index 8a6b9fdc7ff..aace066bad8 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -686,17 +686,16 @@ extern int module_sysfs_initialized;
 #ifdef CONFIG_GENERIC_BUG
-int  module_bug_finalize(const Elf_Ehdr *, const Elf_Shdr *,
+void module_bug_finalize(const Elf_Ehdr *, const Elf_Shdr *,
                         struct module *);
 void module_bug_cleanup(struct module *);
 #else   /* !CONFIG_GENERIC_BUG */
-static inline int  module_bug_finalize(const Elf_Ehdr *hdr,
+static inline void module_bug_finalize(const Elf_Ehdr *hdr,
                                        const Elf_Shdr *sechdrs,
                                        struct module *mod)
 {
-        return 0;
 }
 static inline void module_bug_cleanup(struct module *mod) {}
 #endif  /* CONFIG_GENERIC_BUG */
diff --git a/kernel/module.c b/kernel/module.c
index d0b5f8db11b..ccd64199184 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1537,6 +1537,7 @@ static int __unlink_module(void *_mod)
 {
        struct module *mod = _mod;
        list_del(&mod->list);
+        module_bug_cleanup(mod);
        return 0;
 }
@@ -2625,6 +2626,7 @@ static struct module *load_module(void __user *umod,
        if (err < 0)
                goto ddebug;
+        module_bug_finalize(info.hdr, info.sechdrs, mod);
        list_add_rcu(&mod->list, &modules);
        mutex_unlock(&module_mutex);
@@ -2650,6 +2652,8 @@ static struct module *load_module(void __user *umod,
        mutex_lock(&module_mutex);
        /* Unlink carefully: kallsyms could be walking list. */
        list_del_rcu(&mod->list);
+        module_bug_cleanup(mod);
 ddebug:
        if (!mod->taints)
                dynamic_debug_remove(info.debug);
diff --git a/lib/bug.c b/lib/bug.c
index 7cdfad88128..19552096d16 100644
--- a/lib/bug.c
+++ b/lib/bug.c
@@ -72,8 +72,8 @@ static const struct bug_entry *module_find_bug(unsigned long bugaddr)
        return NULL;
 }
-int module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
+void module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
-                        struct module *mod)
+                         struct module *mod)
 {
        char *secstrings;
        unsigned int i;
@@ -97,8 +97,6 @@ int module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
         * could potentially lead to deadlock and thus be counter-productive.
         */
        list_add(&mod->bug_list, &module_bug_list);
-        return 0;
 }
 void module_bug_cleanup(struct module *mod)
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-05 14:29:27 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-05 14:29:27 -0400
commit	5336377d6225959624146629ce3fc88ee8ecda3d (patch)
tree	571b9db75d1ba50faa1e399509563f367fd5694f
parent	2f6b3aa7a563d05453c4d73ccf88191aee84333f (diff)