modules: Fix module_bug_list list corruption race

torvalds · torvalds · commit 5336377d6225 · 2010-10-05T11:29:27.000-07:00
With all the recent module loading cleanups, we've minimized the code
that sits under module_mutex, fixing various deadlocks and making it
possible to do most of the module loading in parallel.

However, that whole conversion totally missed the rather obscure code
that adds a new module to the list for BUG() handling.  That code was
doubly obscure because (a) the code itself lives in lib/bugs.c (for
dubious reasons) and (b) it gets called from the architecture-specific
"module_finalize()" rather than from generic code.

Calling it from arch-specific code makes no sense what-so-ever to begin
with, and is now actively wrong since that code isn't protected by the
module loading lock any more.

So this commit moves the "module_bug_{finalize,cleanup}()" calls away
from the arch-specific code, and into the generic code - and in the
process protects it with the module_mutex so that the list operations
are now safe.

Future fixups:
 - move the module list handling code into kernel/module.c where it
   belongs.
 - get rid of 'module_bug_list' and just use the regular list of modules
   (called 'modules' - imagine that) that we already create and maintain
   for other reasons.

Reported-and-tested-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Cc: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
Cc: Adrian Bunk &lt;bunk@kernel.org&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
diff --git a/arch/avr32/kernel/module.c b/arch/avr32/kernel/module.c
@@ -314,10 +314,9 @@ int module_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
 	vfree(module->arch.syminfo);
 	module->arch.syminfo = NULL;
 
-	return module_bug_finalize(hdr, sechdrs, module);
+	return 0;
 }
 
 void module_arch_cleanup(struct module *module)
 {
-	module_bug_cleanup(module);
 }
diff --git a/arch/h8300/kernel/module.c b/arch/h8300/kernel/module.c
@@ -112,10 +112,9 @@ int module_finalize(const Elf_Ehdr *hdr,
 		    const Elf_Shdr *sechdrs,
 		    struct module *me)
 {
-	return module_bug_finalize(hdr, sechdrs, me);
+	return 0;
 }
 
 void module_arch_cleanup(struct module *mod)
 {
-	module_bug_cleanup(mod);
 }
diff --git a/arch/mn10300/kernel/module.c b/arch/mn10300/kernel/module.c
@@ -206,13 +206,12 @@ int module_finalize(const Elf_Ehdr *hdr,
 		    const Elf_Shdr *sechdrs,
 		    struct module *me)
 {
-	return module_bug_finalize(hdr, sechdrs, me);
+	return 0;
 }
 
 /*
  * finish clearing the module
  */
 void module_arch_cleanup(struct module *mod)
 {
-	module_bug_cleanup(mod);
 }
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
@@ -941,11 +941,10 @@ int module_finalize(const Elf_Ehdr *hdr,
 	nsyms = newptr - (Elf_Sym *)symhdr->sh_addr;
 	DEBUGP("NEW num_symtab %lu\n", nsyms);
 	symhdr->sh_size = nsyms * sizeof(Elf_Sym);
-	return module_bug_finalize(hdr, sechdrs, me);
+	return 0;
 }
 
 void module_arch_cleanup(struct module *mod)
 {
 	deregister_unwind_table(mod);
-	module_bug_cleanup(mod);
 }
diff --git a/arch/powerpc/kernel/module.c b/arch/powerpc/kernel/module.c
@@ -65,10 +65,6 @@ int module_finalize(const Elf_Ehdr *hdr,
 	const Elf_Shdr *sect;
 	int err;
 
-	err = module_bug_finalize(hdr, sechdrs, me);
-	if (err)
-		return err;
-
 	/* Apply feature fixups */
 	sect = find_section(hdr, sechdrs, "__ftr_fixup");
 	if (sect != NULL)
@@ -101,5 +97,4 @@ int module_finalize(const Elf_Ehdr *hdr,
 
 void module_arch_cleanup(struct module *mod)
 {
-	module_bug_cleanup(mod);
 }
diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
@@ -407,10 +407,9 @@ int module_finalize(const Elf_Ehdr *hdr,
 {
 	vfree(me->arch.syminfo);
 	me->arch.syminfo = NULL;
-	return module_bug_finalize(hdr, sechdrs, me);
+	return 0;
 }
 
 void module_arch_cleanup(struct module *mod)
 {
-	module_bug_cleanup(mod);
 }
diff --git a/arch/sh/kernel/module.c b/arch/sh/kernel/module.c
@@ -149,13 +149,11 @@ int module_finalize(const Elf_Ehdr *hdr,
 	int ret = 0;
 
 	ret |= module_dwarf_finalize(hdr, sechdrs, me);
-	ret |= module_bug_finalize(hdr, sechdrs, me);
 
 	return ret;
 }
 
 void module_arch_cleanup(struct module *mod)
 {
-	module_bug_cleanup(mod);
 	module_dwarf_cleanup(mod);
 }
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
@@ -239,11 +239,10 @@ int module_finalize(const Elf_Ehdr *hdr,
 		apply_paravirt(pseg, pseg + para->sh_size);
 	}
 
-	return module_bug_finalize(hdr, sechdrs, me);
+	return 0;
 }
 
 void module_arch_cleanup(struct module *mod)
 {
 	alternatives_smp_module_del(mod);
-	module_bug_cleanup(mod);
 }
diff --git a/include/linux/module.h b/include/linux/module.h
@@ -686,17 +686,16 @@ extern int module_sysfs_initialized;
 
 
 #ifdef CONFIG_GENERIC_BUG
-int  module_bug_finalize(const Elf_Ehdr *, const Elf_Shdr *,
+void module_bug_finalize(const Elf_Ehdr *, const Elf_Shdr *,
 			 struct module *);
 void module_bug_cleanup(struct module *);
 
 #else	/* !CONFIG_GENERIC_BUG */
 
-static inline int  module_bug_finalize(const Elf_Ehdr *hdr,
+static inline void module_bug_finalize(const Elf_Ehdr *hdr,
 					const Elf_Shdr *sechdrs,
 					struct module *mod)
 {
-	return 0;
 }
 static inline void module_bug_cleanup(struct module *mod) {}
 #endif	/* CONFIG_GENERIC_BUG */
diff --git a/kernel/module.c b/kernel/module.c
@@ -1537,6 +1537,7 @@ static int __unlink_module(void *_mod)
 {
 	struct module *mod = _mod;
 	list_del(&mod->list);
+	module_bug_cleanup(mod);
 	return 0;
 }
 
@@ -2625,6 +2626,7 @@ static struct module *load_module(void __user *umod,
 	if (err < 0)
 		goto ddebug;
 
+	module_bug_finalize(info.hdr, info.sechdrs, mod);
 	list_add_rcu(&mod->list, &modules);
 	mutex_unlock(&module_mutex);
 
@@ -2650,6 +2652,8 @@ static struct module *load_module(void __user *umod,
 	mutex_lock(&module_mutex);
 	/* Unlink carefully: kallsyms could be walking list. */
 	list_del_rcu(&mod->list);
+	module_bug_cleanup(mod);
+
  ddebug:
 	if (!mod->taints)
 		dynamic_debug_remove(info.debug);
diff --git a/lib/bug.c b/lib/bug.c
@@ -72,8 +72,8 @@ static const struct bug_entry *module_find_bug(unsigned long bugaddr)
 	return NULL;
 }
 
-int module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
-			struct module *mod)
+void module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
+			 struct module *mod)
 {
 	char *secstrings;
 	unsigned int i;
@@ -97,8 +97,6 @@ int module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
 	 * could potentially lead to deadlock and thus be counter-productive.
 	 */
 	list_add(&mod->bug_list, &module_bug_list);
-
-	return 0;
 }
 
 void module_bug_cleanup(struct module *mod)

Original file line number	Diff line number	Diff line change
`@@ -314,10 +314,9 @@ int module_finalize(const Elf_Ehdr hdr, const Elf_Shdr sechdrs,`
`314`	`314`	`vfree(module->arch.syminfo);`
`315`	`315`	`module->arch.syminfo = NULL;`
`316`	`316`
`317`		`- return module_bug_finalize(hdr, sechdrs, module);`
	`317`	`+ return 0;`
`318`	`318`	`}`
`319`	`319`
`320`	`320`	`void module_arch_cleanup(struct module *module)`
`321`	`321`	`{`
`322`		`- module_bug_cleanup(module);`
`323`	`322`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,10 +112,9 @@ int module_finalize(const Elf_Ehdr *hdr,`
`112`	`112`	`const Elf_Shdr *sechdrs,`
`113`	`113`	`struct module *me)`
`114`	`114`	`{`
`115`		`- return module_bug_finalize(hdr, sechdrs, me);`
	`115`	`+ return 0;`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`void module_arch_cleanup(struct module *mod)`
`119`	`119`	`{`
`120`		`- module_bug_cleanup(mod);`
`121`	`120`	`}`
Original file line number	Diff line number	Diff line change
`@@ -206,13 +206,12 @@ int module_finalize(const Elf_Ehdr *hdr,`
`206`	`206`	`const Elf_Shdr *sechdrs,`
`207`	`207`	`struct module *me)`
`208`	`208`	`{`
`209`		`- return module_bug_finalize(hdr, sechdrs, me);`
	`209`	`+ return 0;`
`210`	`210`	`}`
`211`	`211`
`212`	`212`	`/*`
`213`	`213`	`* finish clearing the module`
`214`	`214`	`*/`
`215`	`215`	`void module_arch_cleanup(struct module *mod)`
`216`	`216`	`{`
`217`		`- module_bug_cleanup(mod);`
`218`	`217`	`}`
Original file line number	Diff line number	Diff line change
`@@ -941,11 +941,10 @@ int module_finalize(const Elf_Ehdr *hdr,`
`941`	`941`	`nsyms = newptr - (Elf_Sym *)symhdr->sh_addr;`
`942`	`942`	`DEBUGP("NEW num_symtab %lu\n", nsyms);`
`943`	`943`	`symhdr->sh_size = nsyms * sizeof(Elf_Sym);`
`944`		`- return module_bug_finalize(hdr, sechdrs, me);`
	`944`	`+ return 0;`
`945`	`945`	`}`
`946`	`946`
`947`	`947`	`void module_arch_cleanup(struct module *mod)`
`948`	`948`	`{`
`949`	`949`	`deregister_unwind_table(mod);`
`950`		`- module_bug_cleanup(mod);`
`951`	`950`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,10 +65,6 @@ int module_finalize(const Elf_Ehdr *hdr,`
`65`	`65`	`const Elf_Shdr *sect;`
`66`	`66`	`int err;`
`67`	`67`
`68`		`- err = module_bug_finalize(hdr, sechdrs, me);`
`69`		`- if (err)`
`70`		`- return err;`
`71`		`-`
`72`	`68`	`/* Apply feature fixups */`
`73`	`69`	`sect = find_section(hdr, sechdrs, "__ftr_fixup");`
`74`	`70`	`if (sect != NULL)`
`@@ -101,5 +97,4 @@ int module_finalize(const Elf_Ehdr *hdr,`
`101`	`97`
`102`	`98`	`void module_arch_cleanup(struct module *mod)`
`103`	`99`	`{`
`104`		`- module_bug_cleanup(mod);`
`105`	`100`	`}`
Original file line number	Diff line number	Diff line change
`@@ -407,10 +407,9 @@ int module_finalize(const Elf_Ehdr *hdr,`
`407`	`407`	`{`
`408`	`408`	`vfree(me->arch.syminfo);`
`409`	`409`	`me->arch.syminfo = NULL;`
`410`		`- return module_bug_finalize(hdr, sechdrs, me);`
	`410`	`+ return 0;`
`411`	`411`	`}`
`412`	`412`
`413`	`413`	`void module_arch_cleanup(struct module *mod)`
`414`	`414`	`{`
`415`		`- module_bug_cleanup(mod);`
`416`	`415`	`}`
Original file line number	Diff line number	Diff line change
`@@ -149,13 +149,11 @@ int module_finalize(const Elf_Ehdr *hdr,`
`149`	`149`	`int ret = 0;`
`150`	`150`
`151`	`151`	`ret \|= module_dwarf_finalize(hdr, sechdrs, me);`
`152`		`- ret \|= module_bug_finalize(hdr, sechdrs, me);`
`153`	`152`
`154`	`153`	`return ret;`
`155`	`154`	`}`
`156`	`155`
`157`	`156`	`void module_arch_cleanup(struct module *mod)`
`158`	`157`	`{`
`159`		`- module_bug_cleanup(mod);`
`160`	`158`	`module_dwarf_cleanup(mod);`
`161`	`159`	`}`
Original file line number	Diff line number	Diff line change
`@@ -239,11 +239,10 @@ int module_finalize(const Elf_Ehdr *hdr,`
`239`	`239`	`apply_paravirt(pseg, pseg + para->sh_size);`
`240`	`240`	`}`
`241`	`241`
`242`		`- return module_bug_finalize(hdr, sechdrs, me);`
	`242`	`+ return 0;`
`243`	`243`	`}`
`244`	`244`
`245`	`245`	`void module_arch_cleanup(struct module *mod)`
`246`	`246`	`{`
`247`	`247`	`alternatives_smp_module_del(mod);`
`248`		`- module_bug_cleanup(mod);`
`249`	`248`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,8 +72,8 @@ static const struct bug_entry *module_find_bug(unsigned long bugaddr)`
`72`	`72`	`return NULL;`
`73`	`73`	`}`
`74`	`74`
`75`		`-int module_bug_finalize(const Elf_Ehdr hdr, const Elf_Shdr sechdrs,`
`76`		`- struct module *mod)`
	`75`	`+void module_bug_finalize(const Elf_Ehdr hdr, const Elf_Shdr sechdrs,`
	`76`	`+ struct module *mod)`
`77`	`77`	`{`
`78`	`78`	`char *secstrings;`
`79`	`79`	`unsigned int i;`
`@@ -97,8 +97,6 @@ int module_bug_finalize(const Elf_Ehdr hdr, const Elf_Shdr sechdrs,`
`97`	`97`	`* could potentially lead to deadlock and thus be counter-productive.`
`98`	`98`	`*/`
`99`	`99`	`list_add(&mod->bug_list, &module_bug_list);`
`100`		`-`
`101`		`- return 0;`
`102`	`100`	`}`
`103`	`101`
`104`	`102`	`void module_bug_cleanup(struct module *mod)`