• Jason Baron's avatar
    jump label: Fix module __init section race · b842f8fa
    Jason Baron authored
    Jump label uses is_module_text_address() to ensure that the module
    __init sections are valid before updating them. However, between the
    check for a valid module __init section and the subsequent jump
    label update, the module's __init section could be freed out from under
    us.
    
    We fix this potential race by adding a notifier callback to the
    MODULE_STATE_LIVE state. This notifier is called *after* the __init
    section has been run but before it is going to be freed. In the
    callback, the jump label code zeros the key value for any __init jump
    code within the module, and we add a check for a non-zero key value when
    we update jump labels. In this way we require no additional data
    structures.
    
    Thanks to Mathieu Desnoyers for pointing out this race condition.
    Reported-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
    Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
    Signed-off-by: default avatarJason Baron <jbaron@redhat.com>
    LKML-Reference: <c6f037b7598777668025ceedd9294212fd95fa34.1285965957.git.jbaron@redhat.com>
    
    [ Renamed remove_module_init() to remove_jump_label_module_init()
      as suggested by Masami Hiramatsu. ]
    Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
    b842f8fa
jump_label.c 11.1 KB