LKML Archive on lore.kernel.org help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Kefeng Wang <wangkefeng.wang@huawei.com>, Hannes Frederic Sowa <hannes@stressinduktion.org>, Daniel Borkmann <daniel@iogearbox.net>, "David S . Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Minmin chen <chenmingmin@huawei.com>, Sasha Levin <sashal@kernel.org> Subject: [PATCH AUTOSEL 5.13 08/12] once: Fix panic when module unload Date: Mon, 16 Aug 2021 20:35:32 -0400 [thread overview] Message-ID: <20210817003536.83063-8-sashal@kernel.org> (raw) In-Reply-To: <20210817003536.83063-1-sashal@kernel.org> From: Kefeng Wang <wangkefeng.wang@huawei.com> [ Upstream commit 1027b96ec9d34f9abab69bc1a4dc5b1ad8ab1349 ] DO_ONCE DEFINE_STATIC_KEY_TRUE(___once_key); __do_once_done once_disable_jump(once_key); INIT_WORK(&w->work, once_deferred); struct once_work *w; w->key = key; schedule_work(&w->work); module unload //*the key is destroy* process_one_work once_deferred BUG_ON(!static_key_enabled(work->key)); static_key_count((struct static_key *)x) //*access key, crash* When module uses DO_ONCE mechanism, it could crash due to the above concurrency problem, we could reproduce it with link[1]. Fix it by add/put module refcount in the once work process. [1] https://lore.kernel.org/netdev/eaa6c371-465e-57eb-6be9-f4b16b9d7cbf@huawei.com/ Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: David S. Miller <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Reported-by: Minmin chen <chenmingmin@huawei.com> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> --- include/linux/once.h | 4 ++-- lib/once.c | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/include/linux/once.h b/include/linux/once.h index 9225ee6d96c7..ae6f4eb41cbe 100644 --- a/include/linux/once.h +++ b/include/linux/once.h @@ -7,7 +7,7 @@ bool __do_once_start(bool *done, unsigned long *flags); void __do_once_done(bool *done, struct static_key_true *once_key, - unsigned long *flags); + unsigned long *flags, struct module *mod); /* Call a function exactly once. The idea of DO_ONCE() is to perform * a function call such as initialization of random seeds, etc, only @@ -46,7 +46,7 @@ void __do_once_done(bool *done, struct static_key_true *once_key, if (unlikely(___ret)) { \ func(__VA_ARGS__); \ __do_once_done(&___done, &___once_key, \ - &___flags); \ + &___flags, THIS_MODULE); \ } \ } \ ___ret; \ diff --git a/lib/once.c b/lib/once.c index 8b7d6235217e..59149bf3bfb4 100644 --- a/lib/once.c +++ b/lib/once.c @@ -3,10 +3,12 @@ #include <linux/spinlock.h> #include <linux/once.h> #include <linux/random.h> +#include <linux/module.h> struct once_work { struct work_struct work; struct static_key_true *key; + struct module *module; }; static void once_deferred(struct work_struct *w) @@ -16,10 +18,11 @@ static void once_deferred(struct work_struct *w) work = container_of(w, struct once_work, work); BUG_ON(!static_key_enabled(work->key)); static_branch_disable(work->key); + module_put(work->module); kfree(work); } -static void once_disable_jump(struct static_key_true *key) +static void once_disable_jump(struct static_key_true *key, struct module *mod) { struct once_work *w; @@ -29,6 +32,8 @@ static void once_disable_jump(struct static_key_true *key) INIT_WORK(&w->work, once_deferred); w->key = key; + w->module = mod; + __module_get(mod); schedule_work(&w->work); } @@ -53,11 +58,11 @@ bool __do_once_start(bool *done, unsigned long *flags) EXPORT_SYMBOL(__do_once_start); void __do_once_done(bool *done, struct static_key_true *once_key, - unsigned long *flags) + unsigned long *flags, struct module *mod) __releases(once_lock) { *done = true; spin_unlock_irqrestore(&once_lock, *flags); - once_disable_jump(once_key); + once_disable_jump(once_key, mod); } EXPORT_SYMBOL(__do_once_done); -- 2.30.2
next prev parent reply other threads:[~2021-08-17 0:36 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-17 0:35 [PATCH AUTOSEL 5.13 01/12] ASoC: rt5682: Adjust headset volume button threshold Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 02/12] ASoC: component: Remove misplaced prefix handling in pin control functions Sasha Levin 2021-08-30 12:49 ` Pavel Machek 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 03/12] ASoC: wm_adsp: Let soc_cleanup_component_debugfs remove debugfs Sasha Levin 2021-08-18 13:15 ` Charles Keepax 2021-08-19 13:26 ` Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 04/12] platform/x86: Add and use a dual_accel_detect() helper Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 05/12] ARC: Fix CONFIG_STACKDEPOT Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 06/12] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 07/12] netfilter: conntrack: collect all entries in one cycle Sasha Levin 2021-08-17 0:35 ` Sasha Levin [this message] 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 09/12] io_uring: rsrc ref lock needs to be IRQ safe Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 10/12] blk-iocost: fix lockdep warning on blkcg->lock Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 11/12] ovl: fix uninitialized pointer read in ovl_lookup_real_one() Sasha Levin 2021-08-17 0:35 ` [PATCH AUTOSEL 5.13 12/12] net: mscc: Fix non-GPL export of regmap APIs Sasha Levin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210817003536.83063-8-sashal@kernel.org \ --to=sashal@kernel.org \ --cc=chenmingmin@huawei.com \ --cc=daniel@iogearbox.net \ --cc=davem@davemloft.net \ --cc=edumazet@google.com \ --cc=hannes@stressinduktion.org \ --cc=linux-kernel@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=wangkefeng.wang@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).