Re: [PATCH] fix error handling in load_module()

From: Tejun Heo
Date: Mon Sep 21 2009 - 10:42:05 EST

Next message: Jiri Kosina: "[GIT] trivial tree"
Previous message: Jiri Kosina: "[GIT] HID fixes"
In reply to: Tejun Heo: "Re: [PATCH] fix error handling in load_module()"
Next in thread: Rusty Russell: "Re: [PATCH] fix error handling in load_module()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, Andrew.

Andrew Morton wrote:
> My reverse engineering of the secret, undocumented percpu_modfree()
> indicates that its mad inventor intended that percpu_modfree(NULL) be a
> valid thing to do.
>
> It calls free_percpu(), all implementations of which appear to secretly
> support free_percpu(NULL).

Eh... unfortunately, the original percpu_modfree() implementation
didn't seem to support it.

> So why did your machine crash?
>
> This:
>
> void free_percpu(void *ptr)
> {
> void *addr = __pcpu_ptr_to_addr(ptr);
> struct pcpu_chunk *chunk;
> unsigned long flags;
> int off;
>
> if (!ptr)
> return;
>
> is dangerous. The implementation of __pcpu_ptr_to_addr() can be
> overridden by asm/percpu.h and there's no reason why the compiler won't
> choose to pass a NULL into __pcpu_ptr_to_addr().
>
> But there doesn't appear to be any overriding of __pcpu_ptr_to_addr()
> in 2.6.31 and the default __pcpu_ptr_to_addr() looks like it will
> handle a NULL pointer OK.
>
> So again, why did your machine crash?
>
> From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
>
> __pcpu_ptr_to_addr() can be overridden by the architecture and might not
> behave well if passed a NULL pointer. So avoid calling it until we have
> verified that its arg is not NULL.
>
> Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
> Cc: Kamalesh Babulal <kamalesh@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> ---
>
> mm/percpu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff -puN mm/percpu.c~percpu-avoid-calling-__pcpu_ptr_to_addrnull mm/percpu.c
> --- a/mm/percpu.c~percpu-avoid-calling-__pcpu_ptr_to_addrnull
> +++ a/mm/percpu.c
> @@ -957,7 +957,7 @@ static void pcpu_reclaim(struct work_str
> */
> void free_percpu(void *ptr)
> {
> - void *addr = __pcpu_ptr_to_addr(ptr);
> + void *addr;
> struct pcpu_chunk *chunk;
> unsigned long flags;
> int off;
> @@ -965,6 +965,8 @@ void free_percpu(void *ptr)
> if (!ptr)
> return;
>
> + addr = __pcpu_ptr_to_addr(ptr);
> +

__pcpu_ptr_to_addr() and reverse should be simple arithmetic
transformations. The sole reason why it's defined as overridable was
mostly because I didn't know whether all archs could be unified to use
the same macro (and different variants were used early during
development) but yeap no harm in being careful.

Thanks.

--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "[GIT] trivial tree"
Previous message: Jiri Kosina: "[GIT] HID fixes"
In reply to: Tejun Heo: "Re: [PATCH] fix error handling in load_module()"
Next in thread: Rusty Russell: "Re: [PATCH] fix error handling in load_module()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]