• A
    netlink: fix for too early rmmod · 974c37e9
    Alexey Dobriyan 提交于
    Netlink code does module autoload if protocol userspace is asking for is
    not ready. However, module can dissapear right after it was autoloaded.
    Example: modprobe/rmmod stress-testing and xfrm_user.ko providing NETLINK_XFRM.
    
    netlink_create() in such situation _will_ create userspace socket and
    _will_not_ pin module. Now if module was removed and we're going to call
    ->netlink_rcv into nothing:
    
    BUG: unable to handle kernel paging request at ffffffffa02f842a
    					       ^^^^^^^^^^^^^^^^
    	modules are loaded near these addresses here
    
    IP: [<ffffffffa02f842a>] 0xffffffffa02f842a
    PGD 161f067 PUD 1623063 PMD baa12067 PTE 0
    Oops: 0010 [#1] PREEMPT SMP DEBUG_PAGEALLOC
    last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda/uevent
    CPU 1
    Pid: 11515, comm: ip Not tainted 2.6.33-rc5-netns-00594-gaaa5728-dirty #6 P5E/P5E
    RIP: 0010:[<ffffffffa02f842a>]  [<ffffffffa02f842a>] 0xffffffffa02f842a
    RSP: 0018:ffff8800baa3db48  EFLAGS: 00010292
    RAX: ffff8800baa3dfd8 RBX: ffff8800be353640 RCX: 0000000000000000
    RDX: ffffffff81959380 RSI: ffff8800bab7f130 RDI: 0000000000000001
    RBP: ffff8800baa3db58 R08: 0000000000000001 R09: 0000000000000000
    R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000011
    R13: ffff8800be353640 R14: ffff8800bcdec240 R15: ffff8800bd488010
    FS:  00007f93749656f0(0000) GS:ffff880002300000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: ffffffffa02f842a CR3: 00000000ba82b000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process ip (pid: 11515, threadinfo ffff8800baa3c000, task ffff8800bab7eb30)
    Stack:
     ffffffff813637c0 ffff8800bd488000 ffff8800baa3dba8 ffffffff8136397d
    <0> 0000000000000000 ffffffff81344adc 7fffffffffffffff 0000000000000000
    <0> ffff8800baa3ded8 ffff8800be353640 ffff8800bcdec240 0000000000000000
    Call Trace:
     [<ffffffff813637c0>] ? netlink_unicast+0x100/0x2d0
     [<ffffffff8136397d>] netlink_unicast+0x2bd/0x2d0
    
    	netlink_unicast_kernel:
    		nlk->netlink_rcv(skb);
    
     [<ffffffff81344adc>] ? memcpy_fromiovec+0x6c/0x90
     [<ffffffff81364263>] netlink_sendmsg+0x1d3/0x2d0
     [<ffffffff8133975b>] sock_sendmsg+0xbb/0xf0
     [<ffffffff8106cdeb>] ? __lock_acquire+0x27b/0xa60
     [<ffffffff810a18c3>] ? might_fault+0x73/0xd0
     [<ffffffff810a18c3>] ? might_fault+0x73/0xd0
     [<ffffffff8106db22>] ? __lock_release+0x82/0x170
     [<ffffffff810a190e>] ? might_fault+0xbe/0xd0
     [<ffffffff810a18c3>] ? might_fault+0x73/0xd0
     [<ffffffff81344c77>] ? verify_iovec+0x47/0xd0
     [<ffffffff8133a509>] sys_sendmsg+0x1a9/0x360
     [<ffffffff813c2be5>] ? _raw_spin_unlock_irqrestore+0x65/0x70
     [<ffffffff8106aced>] ? trace_hardirqs_on+0xd/0x10
     [<ffffffff813c2bc2>] ? _raw_spin_unlock_irqrestore+0x42/0x70
     [<ffffffff81197004>] ? __up_read+0x84/0xb0
     [<ffffffff8106ac95>] ? trace_hardirqs_on_caller+0x145/0x190
     [<ffffffff813c207f>] ? trace_hardirqs_on_thunk+0x3a/0x3f
     [<ffffffff8100262b>] system_call_fastpath+0x16/0x1b
    Code:  Bad RIP value.
    RIP  [<ffffffffa02f842a>] 0xffffffffa02f842a
     RSP <ffff8800baa3db48>
    CR2: ffffffffa02f842a
    
    If module was quickly removed after autoloading, return -E.
    
    Return -EPROTONOSUPPORT if module was quickly removed after autoloading.
    Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    974c37e9
af_netlink.c 47.5 KB