aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/module.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/module.c')
-rw-r--r--kernel/module.c281
1 files changed, 166 insertions, 115 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 88cec1ddb1e3..d856e96a3cce 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -42,7 +42,6 @@
42#include <linux/vermagic.h> 42#include <linux/vermagic.h>
43#include <linux/notifier.h> 43#include <linux/notifier.h>
44#include <linux/sched.h> 44#include <linux/sched.h>
45#include <linux/stop_machine.h>
46#include <linux/device.h> 45#include <linux/device.h>
47#include <linux/string.h> 46#include <linux/string.h>
48#include <linux/mutex.h> 47#include <linux/mutex.h>
@@ -98,7 +97,7 @@
98 * 1) List of modules (also safely readable with preempt_disable), 97 * 1) List of modules (also safely readable with preempt_disable),
99 * 2) module_use links, 98 * 2) module_use links,
100 * 3) module_addr_min/module_addr_max. 99 * 3) module_addr_min/module_addr_max.
101 * (delete uses stop_machine/add uses RCU list operations). */ 100 * (delete and add uses RCU list operations). */
102DEFINE_MUTEX(module_mutex); 101DEFINE_MUTEX(module_mutex);
103EXPORT_SYMBOL_GPL(module_mutex); 102EXPORT_SYMBOL_GPL(module_mutex);
104static LIST_HEAD(modules); 103static LIST_HEAD(modules);
@@ -158,13 +157,13 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
158 * Protected by module_mutex. */ 157 * Protected by module_mutex. */
159static unsigned long module_addr_min = -1UL, module_addr_max = 0; 158static unsigned long module_addr_min = -1UL, module_addr_max = 0;
160 159
161int register_module_notifier(struct notifier_block * nb) 160int register_module_notifier(struct notifier_block *nb)
162{ 161{
163 return blocking_notifier_chain_register(&module_notify_list, nb); 162 return blocking_notifier_chain_register(&module_notify_list, nb);
164} 163}
165EXPORT_SYMBOL(register_module_notifier); 164EXPORT_SYMBOL(register_module_notifier);
166 165
167int unregister_module_notifier(struct notifier_block * nb) 166int unregister_module_notifier(struct notifier_block *nb)
168{ 167{
169 return blocking_notifier_chain_unregister(&module_notify_list, nb); 168 return blocking_notifier_chain_unregister(&module_notify_list, nb);
170} 169}
@@ -628,18 +627,23 @@ static char last_unloaded_module[MODULE_NAME_LEN+1];
628 627
629EXPORT_TRACEPOINT_SYMBOL(module_get); 628EXPORT_TRACEPOINT_SYMBOL(module_get);
630 629
630/* MODULE_REF_BASE is the base reference count by kmodule loader. */
631#define MODULE_REF_BASE 1
632
631/* Init the unload section of the module. */ 633/* Init the unload section of the module. */
632static int module_unload_init(struct module *mod) 634static int module_unload_init(struct module *mod)
633{ 635{
634 mod->refptr = alloc_percpu(struct module_ref); 636 /*
635 if (!mod->refptr) 637 * Initialize reference counter to MODULE_REF_BASE.
636 return -ENOMEM; 638 * refcnt == 0 means module is going.
639 */
640 atomic_set(&mod->refcnt, MODULE_REF_BASE);
637 641
638 INIT_LIST_HEAD(&mod->source_list); 642 INIT_LIST_HEAD(&mod->source_list);
639 INIT_LIST_HEAD(&mod->target_list); 643 INIT_LIST_HEAD(&mod->target_list);
640 644
641 /* Hold reference count during initialization. */ 645 /* Hold reference count during initialization. */
642 raw_cpu_write(mod->refptr->incs, 1); 646 atomic_inc(&mod->refcnt);
643 647
644 return 0; 648 return 0;
645} 649}
@@ -721,8 +725,6 @@ static void module_unload_free(struct module *mod)
721 kfree(use); 725 kfree(use);
722 } 726 }
723 mutex_unlock(&module_mutex); 727 mutex_unlock(&module_mutex);
724
725 free_percpu(mod->refptr);
726} 728}
727 729
728#ifdef CONFIG_MODULE_FORCE_UNLOAD 730#ifdef CONFIG_MODULE_FORCE_UNLOAD
@@ -740,60 +742,48 @@ static inline int try_force_unload(unsigned int flags)
740} 742}
741#endif /* CONFIG_MODULE_FORCE_UNLOAD */ 743#endif /* CONFIG_MODULE_FORCE_UNLOAD */
742 744
743struct stopref 745/* Try to release refcount of module, 0 means success. */
746static int try_release_module_ref(struct module *mod)
744{ 747{
745 struct module *mod; 748 int ret;
746 int flags;
747 int *forced;
748};
749 749
750/* Whole machine is stopped with interrupts off when this runs. */ 750 /* Try to decrement refcnt which we set at loading */
751static int __try_stop_module(void *_sref) 751 ret = atomic_sub_return(MODULE_REF_BASE, &mod->refcnt);
752{ 752 BUG_ON(ret < 0);
753 struct stopref *sref = _sref; 753 if (ret)
754 /* Someone can put this right now, recover with checking */
755 ret = atomic_add_unless(&mod->refcnt, MODULE_REF_BASE, 0);
756
757 return ret;
758}
754 759
760static int try_stop_module(struct module *mod, int flags, int *forced)
761{
755 /* If it's not unused, quit unless we're forcing. */ 762 /* If it's not unused, quit unless we're forcing. */
756 if (module_refcount(sref->mod) != 0) { 763 if (try_release_module_ref(mod) != 0) {
757 if (!(*sref->forced = try_force_unload(sref->flags))) 764 *forced = try_force_unload(flags);
765 if (!(*forced))
758 return -EWOULDBLOCK; 766 return -EWOULDBLOCK;
759 } 767 }
760 768
761 /* Mark it as dying. */ 769 /* Mark it as dying. */
762 sref->mod->state = MODULE_STATE_GOING; 770 mod->state = MODULE_STATE_GOING;
763 return 0;
764}
765 771
766static int try_stop_module(struct module *mod, int flags, int *forced) 772 return 0;
767{
768 struct stopref sref = { mod, flags, forced };
769
770 return stop_machine(__try_stop_module, &sref, NULL);
771} 773}
772 774
773unsigned long module_refcount(struct module *mod) 775/**
776 * module_refcount - return the refcount or -1 if unloading
777 *
778 * @mod: the module we're checking
779 *
780 * Returns:
781 * -1 if the module is in the process of unloading
782 * otherwise the number of references in the kernel to the module
783 */
784int module_refcount(struct module *mod)
774{ 785{
775 unsigned long incs = 0, decs = 0; 786 return atomic_read(&mod->refcnt) - MODULE_REF_BASE;
776 int cpu;
777
778 for_each_possible_cpu(cpu)
779 decs += per_cpu_ptr(mod->refptr, cpu)->decs;
780 /*
781 * ensure the incs are added up after the decs.
782 * module_put ensures incs are visible before decs with smp_wmb.
783 *
784 * This 2-count scheme avoids the situation where the refcount
785 * for CPU0 is read, then CPU0 increments the module refcount,
786 * then CPU1 drops that refcount, then the refcount for CPU1 is
787 * read. We would record a decrement but not its corresponding
788 * increment so we would see a low count (disaster).
789 *
790 * Rare situation? But module_refcount can be preempted, and we
791 * might be tallying up 4096+ CPUs. So it is not impossible.
792 */
793 smp_rmb();
794 for_each_possible_cpu(cpu)
795 incs += per_cpu_ptr(mod->refptr, cpu)->incs;
796 return incs - decs;
797} 787}
798EXPORT_SYMBOL(module_refcount); 788EXPORT_SYMBOL(module_refcount);
799 789
@@ -875,10 +865,12 @@ static inline void print_unload_info(struct seq_file *m, struct module *mod)
875 struct module_use *use; 865 struct module_use *use;
876 int printed_something = 0; 866 int printed_something = 0;
877 867
878 seq_printf(m, " %lu ", module_refcount(mod)); 868 seq_printf(m, " %i ", module_refcount(mod));
879 869
880 /* Always include a trailing , so userspace can differentiate 870 /*
881 between this and the old multi-field proc format. */ 871 * Always include a trailing , so userspace can differentiate
872 * between this and the old multi-field proc format.
873 */
882 list_for_each_entry(use, &mod->source_list, source_list) { 874 list_for_each_entry(use, &mod->source_list, source_list) {
883 printed_something = 1; 875 printed_something = 1;
884 seq_printf(m, "%s,", use->source->name); 876 seq_printf(m, "%s,", use->source->name);
@@ -886,11 +878,11 @@ static inline void print_unload_info(struct seq_file *m, struct module *mod)
886 878
887 if (mod->init != NULL && mod->exit == NULL) { 879 if (mod->init != NULL && mod->exit == NULL) {
888 printed_something = 1; 880 printed_something = 1;
889 seq_printf(m, "[permanent],"); 881 seq_puts(m, "[permanent],");
890 } 882 }
891 883
892 if (!printed_something) 884 if (!printed_something)
893 seq_printf(m, "-"); 885 seq_puts(m, "-");
894} 886}
895 887
896void __symbol_put(const char *symbol) 888void __symbol_put(const char *symbol)
@@ -925,7 +917,7 @@ EXPORT_SYMBOL_GPL(symbol_put_addr);
925static ssize_t show_refcnt(struct module_attribute *mattr, 917static ssize_t show_refcnt(struct module_attribute *mattr,
926 struct module_kobject *mk, char *buffer) 918 struct module_kobject *mk, char *buffer)
927{ 919{
928 return sprintf(buffer, "%lu\n", module_refcount(mk->mod)); 920 return sprintf(buffer, "%i\n", module_refcount(mk->mod));
929} 921}
930 922
931static struct module_attribute modinfo_refcnt = 923static struct module_attribute modinfo_refcnt =
@@ -935,7 +927,7 @@ void __module_get(struct module *module)
935{ 927{
936 if (module) { 928 if (module) {
937 preempt_disable(); 929 preempt_disable();
938 __this_cpu_inc(module->refptr->incs); 930 atomic_inc(&module->refcnt);
939 trace_module_get(module, _RET_IP_); 931 trace_module_get(module, _RET_IP_);
940 preempt_enable(); 932 preempt_enable();
941 } 933 }
@@ -948,11 +940,11 @@ bool try_module_get(struct module *module)
948 940
949 if (module) { 941 if (module) {
950 preempt_disable(); 942 preempt_disable();
951 943 /* Note: here, we can fail to get a reference */
952 if (likely(module_is_live(module))) { 944 if (likely(module_is_live(module) &&
953 __this_cpu_inc(module->refptr->incs); 945 atomic_inc_not_zero(&module->refcnt) != 0))
954 trace_module_get(module, _RET_IP_); 946 trace_module_get(module, _RET_IP_);
955 } else 947 else
956 ret = false; 948 ret = false;
957 949
958 preempt_enable(); 950 preempt_enable();
@@ -963,11 +955,12 @@ EXPORT_SYMBOL(try_module_get);
963 955
964void module_put(struct module *module) 956void module_put(struct module *module)
965{ 957{
958 int ret;
959
966 if (module) { 960 if (module) {
967 preempt_disable(); 961 preempt_disable();
968 smp_wmb(); /* see comment in module_refcount */ 962 ret = atomic_dec_if_positive(&module->refcnt);
969 __this_cpu_inc(module->refptr->decs); 963 WARN_ON(ret < 0); /* Failed to put refcount */
970
971 trace_module_put(module, _RET_IP_); 964 trace_module_put(module, _RET_IP_);
972 preempt_enable(); 965 preempt_enable();
973 } 966 }
@@ -978,7 +971,7 @@ EXPORT_SYMBOL(module_put);
978static inline void print_unload_info(struct seq_file *m, struct module *mod) 971static inline void print_unload_info(struct seq_file *m, struct module *mod)
979{ 972{
980 /* We don't know the usage count, or what modules are using. */ 973 /* We don't know the usage count, or what modules are using. */
981 seq_printf(m, " - -"); 974 seq_puts(m, " - -");
982} 975}
983 976
984static inline void module_unload_free(struct module *mod) 977static inline void module_unload_free(struct module *mod)
@@ -1131,7 +1124,7 @@ static unsigned long maybe_relocated(unsigned long crc,
1131static int check_version(Elf_Shdr *sechdrs, 1124static int check_version(Elf_Shdr *sechdrs,
1132 unsigned int versindex, 1125 unsigned int versindex,
1133 const char *symname, 1126 const char *symname,
1134 struct module *mod, 1127 struct module *mod,
1135 const unsigned long *crc, 1128 const unsigned long *crc,
1136 const struct module *crc_owner) 1129 const struct module *crc_owner)
1137{ 1130{
@@ -1165,7 +1158,7 @@ static int check_version(Elf_Shdr *sechdrs,
1165 return 0; 1158 return 0;
1166 1159
1167bad_version: 1160bad_version:
1168 printk("%s: disagrees about version of symbol %s\n", 1161 pr_warn("%s: disagrees about version of symbol %s\n",
1169 mod->name, symname); 1162 mod->name, symname);
1170 return 0; 1163 return 0;
1171} 1164}
@@ -1200,7 +1193,7 @@ static inline int same_magic(const char *amagic, const char *bmagic,
1200static inline int check_version(Elf_Shdr *sechdrs, 1193static inline int check_version(Elf_Shdr *sechdrs,
1201 unsigned int versindex, 1194 unsigned int versindex,
1202 const char *symname, 1195 const char *symname,
1203 struct module *mod, 1196 struct module *mod,
1204 const unsigned long *crc, 1197 const unsigned long *crc,
1205 const struct module *crc_owner) 1198 const struct module *crc_owner)
1206{ 1199{
@@ -1288,15 +1281,13 @@ static inline bool sect_empty(const Elf_Shdr *sect)
1288 return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; 1281 return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
1289} 1282}
1290 1283
1291struct module_sect_attr 1284struct module_sect_attr {
1292{
1293 struct module_attribute mattr; 1285 struct module_attribute mattr;
1294 char *name; 1286 char *name;
1295 unsigned long address; 1287 unsigned long address;
1296}; 1288};
1297 1289
1298struct module_sect_attrs 1290struct module_sect_attrs {
1299{
1300 struct attribute_group grp; 1291 struct attribute_group grp;
1301 unsigned int nsections; 1292 unsigned int nsections;
1302 struct module_sect_attr attrs[0]; 1293 struct module_sect_attr attrs[0];
@@ -1550,7 +1541,8 @@ static int module_add_modinfo_attrs(struct module *mod)
1550 (attr->test && attr->test(mod))) { 1541 (attr->test && attr->test(mod))) {
1551 memcpy(temp_attr, attr, sizeof(*temp_attr)); 1542 memcpy(temp_attr, attr, sizeof(*temp_attr));
1552 sysfs_attr_init(&temp_attr->attr); 1543 sysfs_attr_init(&temp_attr->attr);
1553 error = sysfs_create_file(&mod->mkobj.kobj,&temp_attr->attr); 1544 error = sysfs_create_file(&mod->mkobj.kobj,
1545 &temp_attr->attr);
1554 ++temp_attr; 1546 ++temp_attr;
1555 } 1547 }
1556 } 1548 }
@@ -1566,7 +1558,7 @@ static void module_remove_modinfo_attrs(struct module *mod)
1566 /* pick a field to test for end of list */ 1558 /* pick a field to test for end of list */
1567 if (!attr->attr.name) 1559 if (!attr->attr.name)
1568 break; 1560 break;
1569 sysfs_remove_file(&mod->mkobj.kobj,&attr->attr); 1561 sysfs_remove_file(&mod->mkobj.kobj, &attr->attr);
1570 if (attr->free) 1562 if (attr->free)
1571 attr->free(mod); 1563 attr->free(mod);
1572 } 1564 }
@@ -1697,18 +1689,6 @@ static void mod_sysfs_teardown(struct module *mod)
1697 mod_sysfs_fini(mod); 1689 mod_sysfs_fini(mod);
1698} 1690}
1699 1691
1700/*
1701 * unlink the module with the whole machine is stopped with interrupts off
1702 * - this defends against kallsyms not taking locks
1703 */
1704static int __unlink_module(void *_mod)
1705{
1706 struct module *mod = _mod;
1707 list_del(&mod->list);
1708 module_bug_cleanup(mod);
1709 return 0;
1710}
1711
1712#ifdef CONFIG_DEBUG_SET_MODULE_RONX 1692#ifdef CONFIG_DEBUG_SET_MODULE_RONX
1713/* 1693/*
1714 * LKM RO/NX protection: protect module's text/ro-data 1694 * LKM RO/NX protection: protect module's text/ro-data
@@ -1824,7 +1804,7 @@ static void unset_module_core_ro_nx(struct module *mod) { }
1824static void unset_module_init_ro_nx(struct module *mod) { } 1804static void unset_module_init_ro_nx(struct module *mod) { }
1825#endif 1805#endif
1826 1806
1827void __weak module_free(struct module *mod, void *module_region) 1807void __weak module_memfree(void *module_region)
1828{ 1808{
1829 vfree(module_region); 1809 vfree(module_region);
1830} 1810}
@@ -1833,6 +1813,10 @@ void __weak module_arch_cleanup(struct module *mod)
1833{ 1813{
1834} 1814}
1835 1815
1816void __weak module_arch_freeing_init(struct module *mod)
1817{
1818}
1819
1836/* Free a module, remove from lists, etc. */ 1820/* Free a module, remove from lists, etc. */
1837static void free_module(struct module *mod) 1821static void free_module(struct module *mod)
1838{ 1822{
@@ -1860,12 +1844,18 @@ static void free_module(struct module *mod)
1860 1844
1861 /* Now we can delete it from the lists */ 1845 /* Now we can delete it from the lists */
1862 mutex_lock(&module_mutex); 1846 mutex_lock(&module_mutex);
1863 stop_machine(__unlink_module, mod, NULL); 1847 /* Unlink carefully: kallsyms could be walking list. */
1848 list_del_rcu(&mod->list);
1849 /* Remove this module from bug list, this uses list_del_rcu */
1850 module_bug_cleanup(mod);
1851 /* Wait for RCU synchronizing before releasing mod->list and buglist. */
1852 synchronize_rcu();
1864 mutex_unlock(&module_mutex); 1853 mutex_unlock(&module_mutex);
1865 1854
1866 /* This may be NULL, but that's OK */ 1855 /* This may be NULL, but that's OK */
1867 unset_module_init_ro_nx(mod); 1856 unset_module_init_ro_nx(mod);
1868 module_free(mod, mod->module_init); 1857 module_arch_freeing_init(mod);
1858 module_memfree(mod->module_init);
1869 kfree(mod->args); 1859 kfree(mod->args);
1870 percpu_modfree(mod); 1860 percpu_modfree(mod);
1871 1861
@@ -1874,7 +1864,7 @@ static void free_module(struct module *mod)
1874 1864
1875 /* Finally, free the core (containing the module structure) */ 1865 /* Finally, free the core (containing the module structure) */
1876 unset_module_core_ro_nx(mod); 1866 unset_module_core_ro_nx(mod);
1877 module_free(mod, mod->module_core); 1867 module_memfree(mod->module_core);
1878 1868
1879#ifdef CONFIG_MPU 1869#ifdef CONFIG_MPU
1880 update_protections(current->mm); 1870 update_protections(current->mm);
@@ -1955,7 +1945,7 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1955 /* We compiled with -fno-common. These are not 1945 /* We compiled with -fno-common. These are not
1956 supposed to happen. */ 1946 supposed to happen. */
1957 pr_debug("Common symbol: %s\n", name); 1947 pr_debug("Common symbol: %s\n", name);
1958 printk("%s: please compile with -fno-common\n", 1948 pr_warn("%s: please compile with -fno-common\n",
1959 mod->name); 1949 mod->name);
1960 ret = -ENOEXEC; 1950 ret = -ENOEXEC;
1961 break; 1951 break;
@@ -2259,7 +2249,7 @@ static char elf_type(const Elf_Sym *sym, const struct load_info *info)
2259} 2249}
2260 2250
2261static bool is_core_symbol(const Elf_Sym *src, const Elf_Shdr *sechdrs, 2251static bool is_core_symbol(const Elf_Sym *src, const Elf_Shdr *sechdrs,
2262 unsigned int shnum) 2252 unsigned int shnum)
2263{ 2253{
2264 const Elf_Shdr *sec; 2254 const Elf_Shdr *sec;
2265 2255
@@ -2735,7 +2725,7 @@ static int find_module_sections(struct module *mod, struct load_info *info)
2735 * This shouldn't happen with same compiler and binutils 2725 * This shouldn't happen with same compiler and binutils
2736 * building all parts of the module. 2726 * building all parts of the module.
2737 */ 2727 */
2738 printk(KERN_WARNING "%s: has both .ctors and .init_array.\n", 2728 pr_warn("%s: has both .ctors and .init_array.\n",
2739 mod->name); 2729 mod->name);
2740 return -EINVAL; 2730 return -EINVAL;
2741 } 2731 }
@@ -2809,7 +2799,7 @@ static int move_module(struct module *mod, struct load_info *info)
2809 */ 2799 */
2810 kmemleak_ignore(ptr); 2800 kmemleak_ignore(ptr);
2811 if (!ptr) { 2801 if (!ptr) {
2812 module_free(mod, mod->module_core); 2802 module_memfree(mod->module_core);
2813 return -ENOMEM; 2803 return -ENOMEM;
2814 } 2804 }
2815 memset(ptr, 0, mod->init_size); 2805 memset(ptr, 0, mod->init_size);
@@ -2954,8 +2944,9 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
2954static void module_deallocate(struct module *mod, struct load_info *info) 2944static void module_deallocate(struct module *mod, struct load_info *info)
2955{ 2945{
2956 percpu_modfree(mod); 2946 percpu_modfree(mod);
2957 module_free(mod, mod->module_init); 2947 module_arch_freeing_init(mod);
2958 module_free(mod, mod->module_core); 2948 module_memfree(mod->module_init);
2949 module_memfree(mod->module_core);
2959} 2950}
2960 2951
2961int __weak module_finalize(const Elf_Ehdr *hdr, 2952int __weak module_finalize(const Elf_Ehdr *hdr,
@@ -3007,10 +2998,31 @@ static void do_mod_ctors(struct module *mod)
3007#endif 2998#endif
3008} 2999}
3009 3000
3001/* For freeing module_init on success, in case kallsyms traversing */
3002struct mod_initfree {
3003 struct rcu_head rcu;
3004 void *module_init;
3005};
3006
3007static void do_free_init(struct rcu_head *head)
3008{
3009 struct mod_initfree *m = container_of(head, struct mod_initfree, rcu);
3010 module_memfree(m->module_init);
3011 kfree(m);
3012}
3013
3010/* This is where the real work happens */ 3014/* This is where the real work happens */
3011static int do_init_module(struct module *mod) 3015static int do_init_module(struct module *mod)
3012{ 3016{
3013 int ret = 0; 3017 int ret = 0;
3018 struct mod_initfree *freeinit;
3019
3020 freeinit = kmalloc(sizeof(*freeinit), GFP_KERNEL);
3021 if (!freeinit) {
3022 ret = -ENOMEM;
3023 goto fail;
3024 }
3025 freeinit->module_init = mod->module_init;
3014 3026
3015 /* 3027 /*
3016 * We want to find out whether @mod uses async during init. Clear 3028 * We want to find out whether @mod uses async during init. Clear
@@ -3023,16 +3035,7 @@ static int do_init_module(struct module *mod)
3023 if (mod->init != NULL) 3035 if (mod->init != NULL)
3024 ret = do_one_initcall(mod->init); 3036 ret = do_one_initcall(mod->init);
3025 if (ret < 0) { 3037 if (ret < 0) {
3026 /* Init routine failed: abort. Try to protect us from 3038 goto fail_free_freeinit;
3027 buggy refcounters. */
3028 mod->state = MODULE_STATE_GOING;
3029 synchronize_sched();
3030 module_put(mod);
3031 blocking_notifier_call_chain(&module_notify_list,
3032 MODULE_STATE_GOING, mod);
3033 free_module(mod);
3034 wake_up_all(&module_wq);
3035 return ret;
3036 } 3039 }
3037 if (ret > 0) { 3040 if (ret > 0) {
3038 pr_warn("%s: '%s'->init suspiciously returned %d, it should " 3041 pr_warn("%s: '%s'->init suspiciously returned %d, it should "
@@ -3077,15 +3080,35 @@ static int do_init_module(struct module *mod)
3077 mod->strtab = mod->core_strtab; 3080 mod->strtab = mod->core_strtab;
3078#endif 3081#endif
3079 unset_module_init_ro_nx(mod); 3082 unset_module_init_ro_nx(mod);
3080 module_free(mod, mod->module_init); 3083 module_arch_freeing_init(mod);
3081 mod->module_init = NULL; 3084 mod->module_init = NULL;
3082 mod->init_size = 0; 3085 mod->init_size = 0;
3083 mod->init_ro_size = 0; 3086 mod->init_ro_size = 0;
3084 mod->init_text_size = 0; 3087 mod->init_text_size = 0;
3088 /*
3089 * We want to free module_init, but be aware that kallsyms may be
3090 * walking this with preempt disabled. In all the failure paths,
3091 * we call synchronize_rcu/synchronize_sched, but we don't want
3092 * to slow down the success path, so use actual RCU here.
3093 */
3094 call_rcu(&freeinit->rcu, do_free_init);
3085 mutex_unlock(&module_mutex); 3095 mutex_unlock(&module_mutex);
3086 wake_up_all(&module_wq); 3096 wake_up_all(&module_wq);
3087 3097
3088 return 0; 3098 return 0;
3099
3100fail_free_freeinit:
3101 kfree(freeinit);
3102fail:
3103 /* Try to protect us from buggy refcounters. */
3104 mod->state = MODULE_STATE_GOING;
3105 synchronize_sched();
3106 module_put(mod);
3107 blocking_notifier_call_chain(&module_notify_list,
3108 MODULE_STATE_GOING, mod);
3109 free_module(mod);
3110 wake_up_all(&module_wq);
3111 return ret;
3089} 3112}
3090 3113
3091static int may_init_module(void) 3114static int may_init_module(void)
@@ -3097,6 +3120,32 @@ static int may_init_module(void)
3097} 3120}
3098 3121
3099/* 3122/*
3123 * Can't use wait_event_interruptible() because our condition
3124 * 'finished_loading()' contains a blocking primitive itself (mutex_lock).
3125 */
3126static int wait_finished_loading(struct module *mod)
3127{
3128 DEFINE_WAIT_FUNC(wait, woken_wake_function);
3129 int ret = 0;
3130
3131 add_wait_queue(&module_wq, &wait);
3132 for (;;) {
3133 if (finished_loading(mod->name))
3134 break;
3135
3136 if (signal_pending(current)) {
3137 ret = -ERESTARTSYS;
3138 break;
3139 }
3140
3141 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
3142 }
3143 remove_wait_queue(&module_wq, &wait);
3144
3145 return ret;
3146}
3147
3148/*
3100 * We try to place it in the list now to make sure it's unique before 3149 * We try to place it in the list now to make sure it's unique before
3101 * we dedicate too many resources. In particular, temporary percpu 3150 * we dedicate too many resources. In particular, temporary percpu
3102 * memory exhaustion. 3151 * memory exhaustion.
@@ -3116,8 +3165,8 @@ again:
3116 || old->state == MODULE_STATE_UNFORMED) { 3165 || old->state == MODULE_STATE_UNFORMED) {
3117 /* Wait in case it fails to load. */ 3166 /* Wait in case it fails to load. */
3118 mutex_unlock(&module_mutex); 3167 mutex_unlock(&module_mutex);
3119 err = wait_event_interruptible(module_wq, 3168
3120 finished_loading(mod->name)); 3169 err = wait_finished_loading(mod);
3121 if (err) 3170 if (err)
3122 goto out_unlocked; 3171 goto out_unlocked;
3123 goto again; 3172 goto again;
@@ -3176,7 +3225,7 @@ out:
3176 3225
3177static int unknown_module_param_cb(char *param, char *val, const char *modname) 3226static int unknown_module_param_cb(char *param, char *val, const char *modname)
3178{ 3227{
3179 /* Check for magic 'dyndbg' arg */ 3228 /* Check for magic 'dyndbg' arg */
3180 int ret = ddebug_dyndbg_module_param_cb(param, val, modname); 3229 int ret = ddebug_dyndbg_module_param_cb(param, val, modname);
3181 if (ret != 0) 3230 if (ret != 0)
3182 pr_warn("%s: unknown parameter '%s' ignored\n", modname, param); 3231 pr_warn("%s: unknown parameter '%s' ignored\n", modname, param);
@@ -3326,6 +3375,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
3326 /* Unlink carefully: kallsyms could be walking list. */ 3375 /* Unlink carefully: kallsyms could be walking list. */
3327 list_del_rcu(&mod->list); 3376 list_del_rcu(&mod->list);
3328 wake_up_all(&module_wq); 3377 wake_up_all(&module_wq);
3378 /* Wait for RCU synchronizing before releasing mod->list. */
3379 synchronize_rcu();
3329 mutex_unlock(&module_mutex); 3380 mutex_unlock(&module_mutex);
3330 free_module: 3381 free_module:
3331 module_deallocate(mod, info); 3382 module_deallocate(mod, info);
@@ -3659,8 +3710,8 @@ static int m_show(struct seq_file *m, void *p)
3659 3710
3660 /* Informative for users. */ 3711 /* Informative for users. */
3661 seq_printf(m, " %s", 3712 seq_printf(m, " %s",
3662 mod->state == MODULE_STATE_GOING ? "Unloading": 3713 mod->state == MODULE_STATE_GOING ? "Unloading" :
3663 mod->state == MODULE_STATE_COMING ? "Loading": 3714 mod->state == MODULE_STATE_COMING ? "Loading" :
3664 "Live"); 3715 "Live");
3665 /* Used by oprofile and other similar tools. */ 3716 /* Used by oprofile and other similar tools. */
3666 seq_printf(m, " 0x%pK", mod->module_core); 3717 seq_printf(m, " 0x%pK", mod->module_core);
@@ -3669,7 +3720,7 @@ static int m_show(struct seq_file *m, void *p)
3669 if (mod->taints) 3720 if (mod->taints)
3670 seq_printf(m, " %s", module_flags(mod, buf)); 3721 seq_printf(m, " %s", module_flags(mod, buf));
3671 3722
3672 seq_printf(m, "\n"); 3723 seq_puts(m, "\n");
3673 return 0; 3724 return 0;
3674} 3725}
3675 3726
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-12 17:14:25 -0500