diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-05 14:29:27 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-05 14:29:27 -0400 |
| commit | 5336377d6225959624146629ce3fc88ee8ecda3d (patch) | |
| tree | 571b9db75d1ba50faa1e399509563f367fd5694f /kernel | |
| parent | 2f6b3aa7a563d05453c4d73ccf88191aee84333f (diff) | |
modules: Fix module_bug_list list corruption race
With all the recent module loading cleanups, we've minimized the code
that sits under module_mutex, fixing various deadlocks and making it
possible to do most of the module loading in parallel.
However, that whole conversion totally missed the rather obscure code
that adds a new module to the list for BUG() handling. That code was
doubly obscure because (a) the code itself lives in lib/bugs.c (for
dubious reasons) and (b) it gets called from the architecture-specific
"module_finalize()" rather than from generic code.
Calling it from arch-specific code makes no sense what-so-ever to begin
with, and is now actively wrong since that code isn't protected by the
module loading lock any more.
So this commit moves the "module_bug_{finalize,cleanup}()" calls away
from the arch-specific code, and into the generic code - and in the
process protects it with the module_mutex so that the list operations
are now safe.
Future fixups:
- move the module list handling code into kernel/module.c where it
belongs.
- get rid of 'module_bug_list' and just use the regular list of modules
(called 'modules' - imagine that) that we already create and maintain
for other reasons.
Reported-and-tested-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Adrian Bunk <bunk@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/module.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/kernel/module.c b/kernel/module.c index d0b5f8db11b4..ccd641991842 100644 --- a/kernel/module.c +++ b/kernel/module.c | |||
| @@ -1537,6 +1537,7 @@ static int __unlink_module(void *_mod) | |||
| 1537 | { | 1537 | { |
| 1538 | struct module *mod = _mod; | 1538 | struct module *mod = _mod; |
| 1539 | list_del(&mod->list); | 1539 | list_del(&mod->list); |
| 1540 | module_bug_cleanup(mod); | ||
| 1540 | return 0; | 1541 | return 0; |
| 1541 | } | 1542 | } |
| 1542 | 1543 | ||
| @@ -2625,6 +2626,7 @@ static struct module *load_module(void __user *umod, | |||
| 2625 | if (err < 0) | 2626 | if (err < 0) |
| 2626 | goto ddebug; | 2627 | goto ddebug; |
| 2627 | 2628 | ||
| 2629 | module_bug_finalize(info.hdr, info.sechdrs, mod); | ||
| 2628 | list_add_rcu(&mod->list, &modules); | 2630 | list_add_rcu(&mod->list, &modules); |
| 2629 | mutex_unlock(&module_mutex); | 2631 | mutex_unlock(&module_mutex); |
| 2630 | 2632 | ||
| @@ -2650,6 +2652,8 @@ static struct module *load_module(void __user *umod, | |||
| 2650 | mutex_lock(&module_mutex); | 2652 | mutex_lock(&module_mutex); |
| 2651 | /* Unlink carefully: kallsyms could be walking list. */ | 2653 | /* Unlink carefully: kallsyms could be walking list. */ |
| 2652 | list_del_rcu(&mod->list); | 2654 | list_del_rcu(&mod->list); |
| 2655 | module_bug_cleanup(mod); | ||
| 2656 | |||
| 2653 | ddebug: | 2657 | ddebug: |
| 2654 | if (!mod->taints) | 2658 | if (!mod->taints) |
| 2655 | dynamic_debug_remove(info.debug); | 2659 | dynamic_debug_remove(info.debug); |