[PATCH 3/X] uprobes: xol_add_vma: fix ->uprobes_xol_areainitialization

From: Oleg Nesterov
Date: Sat Oct 15 2011 - 15:05:43 EST

Next message: Oleg Nesterov: "[PATCH 4/X] uprobes: xol_add_vma: misc cleanups"
Previous message: Oleg Nesterov: "[PATCH 2/X] uprobes: write_opcode() needs put_page(new_page)unconditionally"
In reply to: Oleg Nesterov: "[PATCH 2/X] uprobes: write_opcode() needs put_page(new_page)unconditionally"
Next in thread: Oleg Nesterov: "[PATCH 4/X] uprobes: xol_add_vma: misc cleanups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

xol_add_vma() can race with another thread which sets ->uprobes_xol_area,
in this case we can't rely on per-thread task_lock() and we should unmap
xol_vma.

Move the setting of mm->uprobes_xol_area into xol_add_vma(), it has to
take mmap_sem for writing anyway, this also simplifies the code.

Change xol_add_vma() to do do_munmap() if it fails after do_mmap_pgoff().
---
kernel/uprobes.c | 34 ++++++++++++++++------------------
1 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/kernel/uprobes.c b/kernel/uprobes.c
index fd9c8e3..6fe2b20 100644
--- a/kernel/uprobes.c
+++ b/kernel/uprobes.c
@@ -1049,18 +1049,18 @@ static int xol_add_vma(struct uprobes_xol_area *area)
struct vm_area_struct *vma;
struct mm_struct *mm;
unsigned long addr;
- int ret = -ENOMEM;
+ int ret;

mm = get_task_mm(current);
if (!mm)
return -ESRCH;

down_write(&mm->mmap_sem);
- if (mm->uprobes_xol_area) {
- ret = -EALREADY;
+ ret = -EALREADY;
+ if (mm->uprobes_xol_area)
goto fail;
- }

+ ret = -ENOMEM;
/*
* Find the end of the top mapping and skip a page.
* If there is no space for PAGE_SIZE above
@@ -1078,15 +1078,19 @@ static int xol_add_vma(struct uprobes_xol_area *area)

if (addr & ~PAGE_MASK)
goto fail;
- vma = find_vma(mm, addr);

+ vma = find_vma(mm, addr);
/* Don't expand vma on mremap(). */
vma->vm_flags |= VM_DONTEXPAND | VM_DONTCOPY;
area->vaddr = vma->vm_start;
if (get_user_pages(current, mm, area->vaddr, 1, 1, 1, &area->page,
- &vma) > 0)
- ret = 0;
+ &vma) != 1) {
+ do_munmap(mm, addr, PAGE_SIZE);
+ goto fail;
+ }

+ mm->uprobes_xol_area = area;
+ ret = 0;
fail:
up_write(&mm->mmap_sem);
mmput(mm);
@@ -1102,7 +1106,7 @@ fail:
*/
static struct uprobes_xol_area *xol_alloc_area(void)
{
- struct uprobes_xol_area *area = NULL;
+ struct uprobes_xol_area *area;

area = kzalloc(sizeof(*area), GFP_KERNEL);
if (unlikely(!area))
@@ -1110,22 +1114,16 @@ static struct uprobes_xol_area *xol_alloc_area(void)

area->bitmap = kzalloc(BITS_TO_LONGS(UINSNS_PER_PAGE) * sizeof(long),
GFP_KERNEL);
-
if (!area->bitmap)
goto fail;

init_waitqueue_head(&area->wq);
spin_lock_init(&area->slot_lock);
- if (!xol_add_vma(area) && !current->mm->uprobes_xol_area) {
- task_lock(current);
- if (!current->mm->uprobes_xol_area) {
- current->mm->uprobes_xol_area = area;
- task_unlock(current);
- return area;
- }
- task_unlock(current);
- }

+ if (xol_add_vma(area))
+ goto fail;
+
+ return area;
fail:
kfree(area->bitmap);
kfree(area);
--
1.5.5.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "[PATCH 4/X] uprobes: xol_add_vma: misc cleanups"
Previous message: Oleg Nesterov: "[PATCH 2/X] uprobes: write_opcode() needs put_page(new_page)unconditionally"
In reply to: Oleg Nesterov: "[PATCH 2/X] uprobes: write_opcode() needs put_page(new_page)unconditionally"
Next in thread: Oleg Nesterov: "[PATCH 4/X] uprobes: xol_add_vma: misc cleanups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]