提交 4710f05f 编写于 作者: O Oleg Nesterov

uprobes: Fix prepare_uprobe() race with itself

install_breakpoint() is called under mm->mmap_sem, this protects
set_swbp() but not prepare_uprobe(). Two or more different tasks
can call install_breakpoint()->prepare_uprobe() at the same time,
this leads to numerous problems if UPROBE_COPY_INSN is not set.

Just for example, the second copy_insn() can corrupt the already
analyzed/fixuped uprobe->arch.insn and race with handle_swbp().

This patch simply adds uprobe->copy_mutex to serialize this code.
We could probably reuse ->consumer_rwsem, but this would mean that
consumer->handler() can not use mm->mmap_sem, not good.

Note: this is another temporary ugly hack until we move this logic
into uprobe_register().
Signed-off-by: NOleg Nesterov <oleg@redhat.com>
Acked-by: NSrikar Dronamraju <srikar@linux.vnet.ibm.com>
上级 cb9a19fe
...@@ -89,6 +89,7 @@ struct uprobe { ...@@ -89,6 +89,7 @@ struct uprobe {
struct rb_node rb_node; /* node in the rb tree */ struct rb_node rb_node; /* node in the rb tree */
atomic_t ref; atomic_t ref;
struct rw_semaphore consumer_rwsem; struct rw_semaphore consumer_rwsem;
struct mutex copy_mutex; /* TODO: kill me and UPROBE_COPY_INSN */
struct list_head pending_list; struct list_head pending_list;
struct uprobe_consumer *consumers; struct uprobe_consumer *consumers;
struct inode *inode; /* Also hold a ref to inode */ struct inode *inode; /* Also hold a ref to inode */
...@@ -444,6 +445,7 @@ static struct uprobe *alloc_uprobe(struct inode *inode, loff_t offset) ...@@ -444,6 +445,7 @@ static struct uprobe *alloc_uprobe(struct inode *inode, loff_t offset)
uprobe->inode = igrab(inode); uprobe->inode = igrab(inode);
uprobe->offset = offset; uprobe->offset = offset;
init_rwsem(&uprobe->consumer_rwsem); init_rwsem(&uprobe->consumer_rwsem);
mutex_init(&uprobe->copy_mutex);
/* add to uprobes_tree, sorted on inode:offset */ /* add to uprobes_tree, sorted on inode:offset */
cur_uprobe = insert_uprobe(uprobe); cur_uprobe = insert_uprobe(uprobe);
...@@ -578,6 +580,10 @@ static int prepare_uprobe(struct uprobe *uprobe, struct file *file, ...@@ -578,6 +580,10 @@ static int prepare_uprobe(struct uprobe *uprobe, struct file *file,
if (uprobe->flags & UPROBE_COPY_INSN) if (uprobe->flags & UPROBE_COPY_INSN)
return ret; return ret;
mutex_lock(&uprobe->copy_mutex);
if (uprobe->flags & UPROBE_COPY_INSN)
goto out;
ret = copy_insn(uprobe, file); ret = copy_insn(uprobe, file);
if (ret) if (ret)
goto out; goto out;
...@@ -598,6 +604,8 @@ static int prepare_uprobe(struct uprobe *uprobe, struct file *file, ...@@ -598,6 +604,8 @@ static int prepare_uprobe(struct uprobe *uprobe, struct file *file,
uprobe->flags |= UPROBE_COPY_INSN; uprobe->flags |= UPROBE_COPY_INSN;
out: out:
mutex_unlock(&uprobe->copy_mutex);
return ret; return ret;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册