diff options
| author | Peter Zijlstra <peterz@infradead.org> | 2015-02-26 10:23:11 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2015-03-23 05:49:07 -0400 |
| commit | 35a9393c95b31870a74f51a3e7455f33f5657b6f (patch) | |
| tree | 9a0e913b3d2dc02956c03a24b535a3604bb2dfa7 /kernel/module.c | |
| parent | bc465aa9d045feb0e13b4a8f32cc33c1943f62d6 (diff) | |
lockdep: Fix the module unload key range freeing logic
Module unload calls lockdep_free_key_range(), which removes entries
from the data structures. Most of the lockdep code OTOH assumes the
data structures are append only; in specific see the comments in
add_lock_to_list() and look_up_lock_class().
Clearly this has only worked by accident; make it work proper. The
actual scenario to make it go boom would involve the memory freed by
the module unlock being re-allocated and re-used for a lock inside of
a rcu-sched grace period. This is a very unlikely scenario, still
better plug the hole.
Use RCU list iteration in all places and ammend the comments.
Change lockdep_free_key_range() to issue a sync_sched() between
removal from the lists and returning -- which results in the memory
being freed. Further ensure the callers are placed correctly and
comment the requirements.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Tsyvarev <tsyvarev@ispras.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'kernel/module.c')
| -rw-r--r-- | kernel/module.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/module.c b/kernel/module.c index b3d634ed06c9..99fdf94efce8 100644 --- a/kernel/module.c +++ b/kernel/module.c | |||
| @@ -1865,7 +1865,7 @@ static void free_module(struct module *mod) | |||
| 1865 | kfree(mod->args); | 1865 | kfree(mod->args); |
| 1866 | percpu_modfree(mod); | 1866 | percpu_modfree(mod); |
| 1867 | 1867 | ||
| 1868 | /* Free lock-classes: */ | 1868 | /* Free lock-classes; relies on the preceding sync_rcu(). */ |
| 1869 | lockdep_free_key_range(mod->module_core, mod->core_size); | 1869 | lockdep_free_key_range(mod->module_core, mod->core_size); |
| 1870 | 1870 | ||
| 1871 | /* Finally, free the core (containing the module structure) */ | 1871 | /* Finally, free the core (containing the module structure) */ |
| @@ -3349,9 +3349,6 @@ static int load_module(struct load_info *info, const char __user *uargs, | |||
| 3349 | module_bug_cleanup(mod); | 3349 | module_bug_cleanup(mod); |
| 3350 | mutex_unlock(&module_mutex); | 3350 | mutex_unlock(&module_mutex); |
| 3351 | 3351 | ||
| 3352 | /* Free lock-classes: */ | ||
| 3353 | lockdep_free_key_range(mod->module_core, mod->core_size); | ||
| 3354 | |||
| 3355 | /* we can't deallocate the module until we clear memory protection */ | 3352 | /* we can't deallocate the module until we clear memory protection */ |
| 3356 | unset_module_init_ro_nx(mod); | 3353 | unset_module_init_ro_nx(mod); |
| 3357 | unset_module_core_ro_nx(mod); | 3354 | unset_module_core_ro_nx(mod); |
| @@ -3375,6 +3372,9 @@ static int load_module(struct load_info *info, const char __user *uargs, | |||
| 3375 | synchronize_rcu(); | 3372 | synchronize_rcu(); |
| 3376 | mutex_unlock(&module_mutex); | 3373 | mutex_unlock(&module_mutex); |
| 3377 | free_module: | 3374 | free_module: |
| 3375 | /* Free lock-classes; relies on the preceding sync_rcu() */ | ||
| 3376 | lockdep_free_key_range(mod->module_core, mod->core_size); | ||
| 3377 | |||
| 3378 | module_deallocate(mod, info); | 3378 | module_deallocate(mod, info); |
| 3379 | free_copy: | 3379 | free_copy: |
| 3380 | free_copy(info); | 3380 | free_copy(info); |