1. 19 5月, 2011 1 次提交
  2. 31 3月, 2011 1 次提交
  3. 23 3月, 2011 1 次提交
    • K
      printk: use %pK for /proc/kallsyms and /proc/modules · 9f36e2c4
      Kees Cook 提交于
      In an effort to reduce kernel address leaks that might be used to help
      target kernel privilege escalation exploits, this patch uses %pK when
      displaying addresses in /proc/kallsyms, /proc/modules, and
      /sys/module/*/sections/*.
      
      Note that this changes %x to %p, so some legitimately 0 values in
      /proc/kallsyms would have changed from 00000000 to "(null)".  To avoid
      this, "(null)" is not used when using the "K" format.  Anything that was
      already successfully parsing "(null)" in addition to full hex digits
      should have no problem with this change.  (Thanks to Joe Perches for the
      suggestion.) Due to the %x to %p, "void *" casts are needed since these
      addresses are already "unsigned long" everywhere internally, due to their
      starting life as ELF section offsets.
      Signed-off-by: NKees Cook <kees.cook@canonical.com>
      Cc: Eugene Teo <eugene@redhat.com>
      Cc: Dan Rosenberg <drosenberg@vsecurity.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9f36e2c4
  4. 03 2月, 2011 1 次提交
    • M
      tracepoints: Fix section alignment using pointer array · 65498646
      Mathieu Desnoyers 提交于
      Make the tracepoints more robust, making them solid enough to handle compiler
      changes by not relying on anything based on compiler-specific behavior with
      respect to structure alignment. Implement an approach proposed by David Miller:
      use an array of const pointers to refer to the individual structures, and export
      this pointer array through the linker script rather than the structures per se.
      It will consume 32 extra bytes per tracepoint (24 for structure padding and 8
      for the pointers), but are less likely to break due to compiler changes.
      
      History:
      
      commit 7e066fb8 tracepoints: add DECLARE_TRACE() and DEFINE_TRACE()
      added the aligned(32) type and variable attribute to the tracepoint structures
      to deal with gcc happily aligning statically defined structures on 32-byte
      multiples.
      
      One attempt was to use a 8-byte alignment for tracepoint structures by applying
      both the variable and type attribute to tracepoint structures definitions and
      declarations. It worked fine with gcc 4.5.1, but broke with gcc 4.4.4 and 4.4.5.
      
      The reason is that the "aligned" attribute only specify the _minimum_ alignment
      for a structure, leaving both the compiler and the linker free to align on
      larger multiples. Because tracepoint.c expects the structures to be placed as an
      array within each section, up-alignment cause NULL-pointer exceptions due to the
      extra unexpected padding.
      
      (this patch applies on top of -tip)
      Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      LKML-Reference: <20110126222622.GA10794@Krystal>
      CC: Frederic Weisbecker <fweisbec@gmail.com>
      CC: Ingo Molnar <mingo@elte.hu>
      CC: Thomas Gleixner <tglx@linutronix.de>
      CC: Andrew Morton <akpm@linux-foundation.org>
      CC: Peter Zijlstra <peterz@infradead.org>
      CC: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      65498646
  5. 23 12月, 2010 1 次提交
    • S
      module: Move RO/NX module protection to after ftrace module update · 94462ad3
      Steven Rostedt 提交于
      The commit:
      
      84e1c6bb
      x86: Add RO/NX protection for loadable kernel modules
      
      Broke the function tracer with this output:
      
      ------------[ cut here ]------------
      WARNING: at kernel/trace/ftrace.c:1014 ftrace_bug+0x114/0x171()
      Hardware name: Precision WorkStation 470
      Modules linked in: i2c_core(+)
      Pid: 86, comm: modprobe Not tainted 2.6.37-rc2+ #68
      Call Trace:
       [<ffffffff8104e957>] warn_slowpath_common+0x85/0x9d
       [<ffffffffa00026db>] ? __process_new_adapter+0x7/0x34 [i2c_core]
       [<ffffffffa00026db>] ? __process_new_adapter+0x7/0x34 [i2c_core]
       [<ffffffff8104e989>] warn_slowpath_null+0x1a/0x1c
       [<ffffffff810a9dfe>] ftrace_bug+0x114/0x171
       [<ffffffffa00026db>] ? __process_new_adapter+0x7/0x34 [i2c_core]
       [<ffffffff810aa0db>] ftrace_process_locs+0x1ae/0x274
       [<ffffffffa00026db>] ? __process_new_adapter+0x7/0x34 [i2c_core]
       [<ffffffff810aa29e>] ftrace_module_notify+0x39/0x44
       [<ffffffff814405cf>] notifier_call_chain+0x37/0x63
       [<ffffffff8106e054>] __blocking_notifier_call_chain+0x46/0x5b
       [<ffffffff8106e07d>] blocking_notifier_call_chain+0x14/0x16
       [<ffffffff8107ffde>] sys_init_module+0x73/0x1f3
       [<ffffffff8100acf2>] system_call_fastpath+0x16/0x1b
      ---[ end trace 2aff4f4ca53ec746 ]---
      ftrace faulted on writing [<ffffffffa00026db>]
      __process_new_adapter+0x7/0x34 [i2c_core]
      
      The cause was that the module text was set to read only before ftrace
      could convert the calls to mcount to nops. Thus, the conversions failed
      due to not being able to write to the text locations.
      
      The simple fix is to move setting the module to read only after the
      module notifiers are called (where ftrace sets the module mcounts to nops).
      Reported-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: NRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      94462ad3
  6. 18 11月, 2010 1 次提交
    • M
      x86: Add RO/NX protection for loadable kernel modules · 84e1c6bb
      matthieu castet 提交于
      This patch is a logical extension of the protection provided by
      CONFIG_DEBUG_RODATA to LKMs. The protection is provided by
      splitting module_core and module_init into three logical parts
      each and setting appropriate page access permissions for each
      individual section:
      
       1. Code: RO+X
       2. RO data: RO+NX
       3. RW data: RW+NX
      
      In order to achieve proper protection, layout_sections() have
      been modified to align each of the three parts mentioned above
      onto page boundary. Next, the corresponding page access
      permissions are set right before successful exit from
      load_module(). Further, free_module() and sys_init_module have
      been modified to set module_core and module_init as RW+NX right
      before calling module_free().
      
      By default, the original section layout and access flags are
      preserved. When compiled with CONFIG_DEBUG_SET_MODULE_RONX=y,
      the patch will page-align each group of sections to ensure that
      each page contains only one type of content and will enforce
      RO/NX for each group of pages.
      
        -v1: Initial proof-of-concept patch.
        -v2: The patch have been re-written to reduce the number of #ifdefs
             and to make it architecture-agnostic. Code formatting has also
             been corrected.
        -v3: Opportunistic RO/NX protection is now unconditional. Section
             page-alignment is enabled when CONFIG_DEBUG_RODATA=y.
        -v4: Removed most macros and improved coding style.
        -v5: Changed page-alignment and RO/NX section size calculation
        -v6: Fixed comments. Restricted RO/NX enforcement to x86 only
        -v7: Introduced CONFIG_DEBUG_SET_MODULE_RONX, added
             calls to set_all_modules_text_rw() and set_all_modules_text_ro()
             in ftrace
        -v8: updated for compatibility with linux 2.6.33-rc5
        -v9: coding style fixes
       -v10: more coding style fixes
       -v11: minor adjustments for -tip
       -v12: minor adjustments for v2.6.35-rc2-tip
       -v13: minor adjustments for v2.6.37-rc1-tip
      Signed-off-by: NSiarhei Liakh <sliakh.lkml@gmail.com>
      Signed-off-by: NXuxian Jiang <jiang@cs.ncsu.edu>
      Acked-by: NArjan van de Ven <arjan@linux.intel.com>
      Reviewed-by: NJames Morris <jmorris@namei.org>
      Signed-off-by: NH. Peter Anvin <hpa@zytor.com>
      Cc: Andi Kleen <ak@muc.de>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Dave Jones <davej@redhat.com>
      Cc: Kees Cook <kees.cook@canonical.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      LKML-Reference: <4CE2F914.9070106@free.fr>
      [ minor cleanliness edits, -v14: build failure fix ]
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      84e1c6bb
  7. 11 11月, 2010 1 次提交
    • S
      tracing: Fix module use of trace_bprintk() · 13b9b6e7
      Steven Rostedt 提交于
      On use of trace_printk() there's a macro that determines if the format
      is static or a variable. If it is static, it defaults to __trace_bprintk()
      otherwise it uses __trace_printk().
      
      A while ago, Lai Jiangshan added __trace_bprintk(). In that patch, we
      discussed a way to allow modules to use it. The difference between
      __trace_bprintk() and __trace_printk() is that for faster processing,
      just the format and args are stored in the trace instead of running
      it through a sprintf function. In order to do this, the format used
      by the __trace_bprintk() had to be persistent.
      
      See commit 1ba28e02
      
      The problem comes with trace_bprintk() where the module is unloaded.
      The pointer left in the buffer is still pointing to the format.
      
      To solve this issue, the formats in the module were copied into kernel
      core. If the same format was used, they would use the same copy (to prevent
      memory leak). This all worked well until we tried to merge everything.
      
      At the time this was written, Lai Jiangshan, Frederic Weisbecker,
      Ingo Molnar and myself were all touching the same code. When this was
      merged, we lost the part of it that was in module.c. This kept out the
      copying of the formats and unloading the module could cause bad pointers
      left in the ring buffer.
      
      This patch adds back (with updates required for current kernel) the
      module code that sets up the necessary pointers.
      
      Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      13b9b6e7
  8. 27 10月, 2010 1 次提交
  9. 06 10月, 2010 1 次提交
    • L
      modules: Fix module_bug_list list corruption race · 5336377d
      Linus Torvalds 提交于
      With all the recent module loading cleanups, we've minimized the code
      that sits under module_mutex, fixing various deadlocks and making it
      possible to do most of the module loading in parallel.
      
      However, that whole conversion totally missed the rather obscure code
      that adds a new module to the list for BUG() handling.  That code was
      doubly obscure because (a) the code itself lives in lib/bugs.c (for
      dubious reasons) and (b) it gets called from the architecture-specific
      "module_finalize()" rather than from generic code.
      
      Calling it from arch-specific code makes no sense what-so-ever to begin
      with, and is now actively wrong since that code isn't protected by the
      module loading lock any more.
      
      So this commit moves the "module_bug_{finalize,cleanup}()" calls away
      from the arch-specific code, and into the generic code - and in the
      process protects it with the module_mutex so that the list operations
      are now safe.
      
      Future fixups:
       - move the module list handling code into kernel/module.c where it
         belongs.
       - get rid of 'module_bug_list' and just use the regular list of modules
         (called 'modules' - imagine that) that we already create and maintain
         for other reasons.
      Reported-and-tested-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Adrian Bunk <bunk@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: stable@kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5336377d
  10. 23 9月, 2010 1 次提交
    • J
      jump label: Base patch for jump label · bf5438fc
      Jason Baron 提交于
      base patch to implement 'jump labeling'. Based on a new 'asm goto' inline
      assembly gcc mechanism, we can now branch to labels from an 'asm goto'
      statment. This allows us to create a 'no-op' fastpath, which can subsequently
      be patched with a jump to the slowpath code. This is useful for code which
      might be rarely used, but which we'd like to be able to call, if needed.
      Tracepoints are the current usecase that these are being implemented for.
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NJason Baron <jbaron@redhat.com>
      LKML-Reference: <ee8b3595967989fdaf84e698dc7447d315ce972a.1284733808.git.jbaron@redhat.com>
      
      [ cleaned up some formating ]
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      bf5438fc
  11. 05 8月, 2010 19 次提交
    • R
      module: cleanup comments, remove noinline · 51f3d0f4
      Rusty Russell 提交于
      On my (32-bit x86) machine, sys_init_module() uses 124 bytes of stack
      once load_module() is inlined.
      
      This effectively reverts ffb4ba76 which inlined it due to stack
      pressure.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      51f3d0f4
    • R
      module: group post-relocation functions into post_relocation() · 811d66a0
      Rusty Russell 提交于
      This simply hoists more code out of load_module; we also put the
      identification of the extable and dynamic debug table in with the
      others in find_module_sections().
      
      We move the taint check to the actual add/remove of the dynamic debug
      info: this is certain (find_module_sections is too early).
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Yehuda Sadeh <yehuda@hq.newdream.net>
      811d66a0
    • R
      module: move module args strndup_user to just before use · 6526c534
      Rusty Russell 提交于
      Instead of copying and allocating the args and storing it in
      load_info, we can just allocate them right before we need them.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      6526c534
    • R
      module: pass load_info into other functions · 49668688
      Rusty Russell 提交于
      Pass the struct load_info into all the other functions in module
      loading.  This neatens things and makes them more consistent.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      49668688
    • R
      module: fix sysfs cleanup for !CONFIG_SYSFS · 36b0360d
      Rusty Russell 提交于
      Restore the stub module_remove_modinfo_attrs, remove the now-unused
      !CONFIG_SYSFS module_sysfs_init.
      
      Also, rename mod_kobject_remove() to mod_sysfs_teardown() as
      it is the logical counterpart to mod_sysfs_setup now.
      Reported-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      36b0360d
    • R
      module: sysfs cleanup · 8f6d0378
      Rusty Russell 提交于
      We change the sysfs functions to take struct load_info, and call
      them all in mod_sysfs_setup().
      
      We also clean up the #ifdefs a little.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      8f6d0378
    • R
      module: layout_and_allocate · d913188c
      Rusty Russell 提交于
      layout_and_allocate() does everything up to and including the final
      struct module placement inside the allocated module memory.  We have
      to store the symbol layout information in our struct load_info though.
      
      This avoids the nasty code we had before where 'mod' pointed first
      to the version inside the temporary allocation containing the entire
      file, then later was moved to point to the real struct module: now
      the main code only ever sees the final module address.
      
      (Includes fix for the Tony Luck-found Linus-diagnosed failure path
       error).
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      d913188c
    • R
      module: fix crash in get_ksymbol() when oopsing in module init · 511ca6ae
      Rusty Russell 提交于
      Andrew had the sole pleasure of tickling this bug in linux-next; when we set
      up "info->strtab" it's pointing into the temporary copy of the module.  For
      most uses that is fine, but kallsyms keeps a pointer around during module
      load (inside mod->strtab).
      
      If we oops for some reason inside a module's init function, kallsyms will use
      the mod->strtab pointer into the now-freed temporary module copy.
      
      (Later oopses work fine: after init we overwrite mod->strtab to point to a
       compacted core-only strtab).
      Reported-by: NAndrew "Grumpy" Morton <akpm@linux-foundation.org>
      Signed-off-by: NRusty "Buggy" Russell <rusty@rustcorp.com.au>
      Tested-by: NAndrew "Happy" Morton <akpm@linux-foundation.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      511ca6ae
    • R
      module: kallsyms functions take struct load_info · eded41c1
      Rusty Russell 提交于
      Simple refactor causes us to lift struct definition to top of file.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      eded41c1
    • R
      module: refactor out section header rewriting: FIX modversions · d6df72a0
      Rusty Russell 提交于
      We can't do the find_sec after removing the SHF_ALLOC flags; it won't
      find the sections.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      d6df72a0
    • R
      module: refactor out section header rewriting · 8b5f61a7
      Rusty Russell 提交于
      Put all the "rewrite and check section headers" in one place.  This
      adds another iteration over the sections, but it's far clearer.  We
      iterate once for every find_section() so we already iterate over many
      times.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      8b5f61a7
    • L
      module: add load_info · 3264d3f9
      Linus Torvalds 提交于
      Btw, here's a patch that _looks_ large, but it really pretty trivial, and
      sets things up so that it would be way easier to split off pieces of the
      module loading.
      
      The reason it looks large is that it creates a "module_info" structure
      that contains all the module state that we're building up while loading,
      instead of having individual variables for all the indices etc.
      
      So the patch ends up being large, because every "symindex" access instead
      becomes "info.index.sym" etc. That may be a few characters longer, but it
      then means that we can just pass a pointer to that "info" structure
      around. and let all the pieces fill it in very naturally.
      
      As an example of that, the patch also moves the initialization of all
      those convenience variables into a "setup_module_info()" function. And at
      this point it really does become very natural to start to peel off some of
      the error labels and move them into the helper functions - now the
      "truncated" case is gone, and is handled inside that setup function
      instead.
      
      So maybe you don't like this approach, and it does make the variable
      accesses a bit longer, but I don't think unreadably so. And the patch
      really does look big and scary, but there really should be absolutely no
      semantic changes - most of it was a trivial and mindless rename.
      
      In fact, it was so mindless that I on purpose kept the existing helper
      functions looking like this:
      
      -       err = check_modinfo(mod, sechdrs, infoindex, versindex);
      +       err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
      
      rather than changing them to just take the "info" pointer. IOW, a second
      phase (if you think the approach is ok) would change that calling
      convention to just do
      
      	err = check_modinfo(mod, &info);
      
      (and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
      while right now it makes things _look_ bigger, with things like this:
      
      	versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
      
      becoming
      
      	info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
      
      in the new "setup_module_info()" function, that's again just a result of
      it being a search-and-replace patch. By using the 'info' pointer, we could
      just change the 'find_sec()' interface so that it ends up being
      
      	info->index.vers = find_sec(info, "__versions");
      
      instead, and then we'd actually have a shorter and more readable line. So
      for a lot of those mindless variable name expansions there's would be room
      for separate cleanups.
      
      I didn't move quite everything in there - if we do this to layout_symtabs,
      for example, we'd want to move the percpu, symoffs, stroffs, *strmap
      variables to be fields in that module_info structure too. But that's a
      much smaller patch, I moved just the really core stuff that is currently
      being set up and used in various parts.
      
      But even in this rough form, it removes close to 70 lines from that
      function (but adds 22 lines overall, of course - the structure definition,
      the helper function declarations and call-sites etc etc).
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      3264d3f9
    • L
      module: reduce stack usage for each_symbol() · 44032e63
      Linus Torvalds 提交于
      And now that I'm looking at that call-chain (to see if it would make sense
      to use some other more specific lock - doesn't look like it: all the
      readers are using RCU and this is the only writer), I also give you this
      trivial one-liner. It changes each_symbol() to not put that constant array
      on the stack, resulting in changing
      
              movq    $C.388.31095, %rsi      #, tmp85
              subq    $376, %rsp      #,
              movq    %rdi, %rbx      # fn, fn
              leaq    -208(%rbp), %rdi        #, tmp84
              movq    %rbx, %rdx      # fn,
              rep movsl
              xorl    %esi, %esi      #
              leaq    -208(%rbp), %rdi        #, tmp87
              movq    %r12, %rcx      # data,
              call    each_symbol_in_section.clone.0  #
      
      into
      
              xorl    %esi, %esi      #
              subq    $216, %rsp      #,
              movq    %rdi, %rbx      # fn, fn
              movq    $arr.31078, %rdi        #,
              call    each_symbol_in_section.clone.0  #
      
      which is not so much about being obviously shorter and simpler because we
      don't unnecessarily copy that constant array around onto the stack, but
      also about having a much smaller stack footprint (376 vs 216 bytes - see
      the update of 'rsp').
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      44032e63
    • R
      module: refactor load_module part 5 · 22e268eb
      Rusty Russell 提交于
      1) Extract out the relocation loop into apply_relocations
      2) Extract license and version checks into check_module_license_and_versions
      3) Extract icache flushing into flush_module_icache
      4) Move __obsparm warning into find_module_sections
      5) Move license setting into check_modinfo.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      22e268eb
    • R
      module: refactor load_module part 4 · 9f85a4bb
      Rusty Russell 提交于
      Allocate references inside module_unload_init(), clean up inside
      module_unload_free().
      
      This version fixed to do allocation before __this_cpu_write, thanks to
      bug reports from linux-next from Dave Young <hidave.darkstar@gmail.com>
      and Stephen Rothwell <sfr@canb.auug.org.au>.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      9f85a4bb
    • R
      module: refactor load_module part 3 · 40dd2560
      Rusty Russell 提交于
      Extract out the allocation and copying in from userspace, and the
      first set of modinfo checks.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      40dd2560
    • L
      module: refactor load_module part 2 · 65b8a9b4
      Linus Torvalds 提交于
      Here's a second one. It's slightly less trivial - since we now have error
      cases - and equally untested so it may well be totally broken. But it also
      cleans up a bit more, and avoids one of the goto targets, because the
      "move_module()" helper now does both allocations or none.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      65b8a9b4
    • L
      module: refactor load_module · f91a13bb
      Linus Torvalds 提交于
      I'd start from the trivial stuff. There's a fair amount of straight-line
      code that just makes the function hard to read just because you have to
      page up and down so far. Some of it is trivial to just create a helper
      function for.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      f91a13bb
    • E
      module: module_unload_init() cleanup · 2409e742
      Eric Dumazet 提交于
      No need to clear mod->refptr in module_unload_init(), since
      alloc_percpu() already clears allocated chunks.
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (removed unused var)
      2409e742
  12. 28 7月, 2010 1 次提交
  13. 05 7月, 2010 1 次提交
  14. 05 6月, 2010 8 次提交
    • R
      module: fix bne2 "gave up waiting for init of module libcrc32c" · 9bea7f23
      Rusty Russell 提交于
      Problem: it's hard to avoid an init routine stumbling over a
      request_module these days.  And it's not clear it's always a bad idea:
      for example, a module like kvm with dynamic dependencies on kvm-intel
      or kvm-amd would be neater if it could simply request_module the right
      one.
      
      In this particular case, it's libcrc32c:
      
      	libcrc32c_mod_init
      	 crypto_alloc_shash
      	  crypto_alloc_tfm
      	   crypto_find_alg
      	    crypto_alg_mod_lookup
      	     crypto_larval_lookup
      	      request_module
      
      If another module is waiting inside resolve_symbol() for libcrc32c to
      finish initializing (ie. bne2 depends on libcrc32c) then it does so
      holding the module lock, and our request_module() can't make progress
      until that is released.
      
      Waiting inside resolve_symbol() without the lock isn't all that hard:
      we just need to pass the -EBUSY up the call chain so we can sleep
      where we don't hold the lock.  Error reporting is a bit trickier: we
      need to copy the name of the unfinished module before releasing the
      lock.
      
      Other notes:
      1) This also fixes a theoretical issue where a weak dependency would allow
         symbol version mismatches to be ignored.
      2) We rename use_module to ref_module to make life easier for the only
         external user (the out-of-tree ksplice patches).
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Tim Abbot <tabbott@ksplice.com>
      Tested-by: NBrandon Philips <bphilips@suse.de>
      9bea7f23
    • R
      module: verify_export_symbols under the lock · be593f4c
      Rusty Russell 提交于
      It disabled preempt so it was "safe", but nothing stops another module
      slipping in before this module is added to the global list now we don't
      hold the lock the whole time.
      
      So we check this just after we check for duplicate modules, and just
      before we put the module in the global list.
      
      (find_symbol finds symbols in coming and going modules, too).
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      be593f4c
    • L
      module: move find_module check to end · 3bafeb62
      Linus Torvalds 提交于
      I think Rusty may have made the lock a bit _too_ finegrained there, and
      didn't add it to some places that needed it. It looks, for example, like
      PATCH 1/2 actually drops the lock in places where it's needed
      ("find_module()" is documented to need it, but now load_module() didn't
      hold it at all when it did the find_module()).
      
      Rather than adding a new "module_loading" list, I think we should be able
      to just use the existing "modules" list, and just fix up the locking a
      bit.
      
      In fact, maybe we could just move the "look up existing module" a bit
      later - optimistically assuming that the module doesn't exist, and then
      just undoing the work if it turns out that we were wrong, just before
      adding ourselves to the list.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      3bafeb62
    • R
      module: make locking more fine-grained. · 75676500
      Rusty Russell 提交于
      Kay Sievers <kay.sievers@vrfy.org> reports that we still have some
      contention over module loading which is slowing boot.
      
      Linus also disliked a previous "drop lock and regrab" patch to fix the
      bne2 "gave up waiting for init of module libcrc32c" message.
      
      This is more ambitious: we only grab the lock where we need it.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Brandon Philips <brandon@ifup.org>
      Cc: Kay Sievers <kay.sievers@vrfy.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      75676500
    • R
      module: Make module sysfs functions private. · 6407ebb2
      Rusty Russell 提交于
      These were placed in the header in ef665c1a to get the various
      SYSFS/MODULE config combintations to compile.
      
      That may have been necessary then, but it's not now.  These functions
      are all local to module.c.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      6407ebb2
    • R
      module: move sysfs exposure to end of load_module · 80a3d1bb
      Rusty Russell 提交于
      This means a little extra work, but is more logical: we don't put
      anything in sysfs until we're about to put the module into the
      global list an parse its parameters.
      
      This also gives us a logical place to put duplicate module detection
      in the next patch.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      80a3d1bb
    • R
      module: fix kdb's illicit use of struct module_use. · c8e21ced
      Rusty Russell 提交于
      Linus changed the structure, and luckily this didn't compile any more.
      Reported-by: NStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Jason Wessel <jason.wessel@windriver.com>
      Cc: Martin Hicks <mort@sgi.com>
      c8e21ced
    • L
      module: Make the 'usage' lists be two-way · 2c02dfe7
      Linus Torvalds 提交于
      When adding a module that depends on another one, we used to create a
      one-way list of "modules_which_use_me", so that module unloading could
      see who needs a module.
      
      It's actually quite simple to make that list go both ways: so that we
      not only can see "who uses me", but also see a list of modules that are
      "used by me".
      
      In fact, we always wanted that list in "module_unload_free()": when we
      unload a module, we want to also release all the other modules that are
      used by that module.  But because we didn't have that list, we used to
      first iterate over all modules, and then iterate over each "used by me"
      list of that module.
      
      By making the list two-way, we simplify module_unload_free(), and it
      allows for some trivial fixes later too.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cleaned & rebased)
      2c02dfe7
  15. 01 6月, 2010 1 次提交