[PATCH] Kprobes: Fix deadlock in function-return probes

When two function-return probes are inserted on kfree()[1] and the second
on say, sys_link()[2], and later [2] is unregistered, we have a deadlock as
kfree is called with the kretprobe_lock held and the function-return probe
on kfree will also try to grab the same lock.

However, we can move the kfree() during unregistration to outside the
spinlock as we are sure that no instances from the free list will be used
after synchronized_sched() returns during the unregistration process.
Thanks to Masami Hiramatsu for spotting this.

Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 95ad7f8db3d6..fef1af8a73ce 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -631,12 +631,12 @@ void __kprobes unregister_kretprobe(struct kretprobe *rp)
         unregister_kprobe(&rp->kp);
         /* No race here */
         spin_lock_irqsave(&kretprobe_lock, flags);
-        free_rp_inst(rp);
         while ((ri = get_used_rp_inst(rp)) != NULL) {
                 ri->rp = NULL;
                 hlist_del(&ri->uflist);
         }
         spin_unlock_irqrestore(&kretprobe_lock, flags);
+        free_rp_inst(rp);
 }
 
 static int __init init_kprobes(void)