[PATCH] utilization of kprobe_mutex is incorrect on x86_64

The up()/down() orders are incorrect in arch/x86_64/kprobes.c file.
kprobe_mutext is used to protect the free kprobe instruction slot list.
arch_prepare_kprobe applies for a slot from the free list, and
arch_remove_kprobe returns a slot to the free list.  The incorrect up()/down()
orders to operate on kprobe_mutex fail to protect the free list.  If 2 threads
try to get/return kprobe instruction slot at the same time, the free slot list
might be broken, or a free slot might be applied by 2 threads.

Signed-off-by: Zhang Yanmin <Yanmin.zhang@intel.com>
Cc: Andi Kleen <ak@muc.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 4 insertions, 4 deletions

diff --git a/arch/x86_64/kernel/kprobes.c b/arch/x86_64/kernel/kprobes.c
index df08c43276a0..76a28b007be9 100644
--- a/arch/x86_64/kernel/kprobes.c
+++ b/arch/x86_64/kernel/kprobes.c
@@ -77,9 +77,9 @@ static inline int is_IF_modifier(kprobe_opcode_t *insn)
 int __kprobes arch_prepare_kprobe(struct kprobe *p)
 {
         /* insn: must be on special executable page on x86_64. */
-        up(&kprobe_mutex);
-        p->ainsn.insn = get_insn_slot();
         down(&kprobe_mutex);
+        p->ainsn.insn = get_insn_slot();
+        up(&kprobe_mutex);
         if (!p->ainsn.insn) {
                 return -ENOMEM;
         }
@@ -231,9 +231,9 @@ void __kprobes arch_disarm_kprobe(struct kprobe *p)
 
 void __kprobes arch_remove_kprobe(struct kprobe *p)
 {
-        up(&kprobe_mutex);
-        free_insn_slot(p->ainsn.insn);
         down(&kprobe_mutex);
+        free_insn_slot(p->ainsn.insn);
+        up(&kprobe_mutex);
 }
 
 static inline void save_previous_kprobe(void)