Re: [PATCH] kprobes, x86/alternatives: use text_mutex to protect smp_alt_modules

[zhouchengming]

On 2017/10/27 22:15, Peter Zijlstra wrote:
> On Fri, Oct 27, 2017 at 02:33:48PM +0200, Borislav Petkov wrote:
> > On Fri, Oct 27, 2017 at 07:42:45PM +0800, zhouchengming wrote:
> > > This is a real bug happened on one of our machines, below is the calltrace.
> > > We can see the trigger is at alternatives_text_reserved+0x20/0x80, and
> > > encounter a deleted (poisoned) list_head.
> > Looks like some out-of-tree, old kernel thing. We don't have
> > mlx4_stats_sysfs_create() upstream and looking at the boot timestamps,
> > it could be that register_jprobe() is not ready yet.
> >
> > Looking at the Code, though:
> >
> >    20:   74 59                   je     0x7b
> >    22:   66 0f 1f 84 00 00 00    nopw   0x0(%rax,%rax,1)
> >    29:   00 00
> >    2b:*  48 3b 71 20             cmp    0x20(%rcx),%rsi<-- trapping instruction
> >    2f:   72 3a                   jb     0x6b
> >    31:   48 3b 79 28             cmp    0x28(%rcx),%rdi
> >    35:   77 34                   ja     0x6b
> >
> > %rcx is 0xdead0000000000d0 and that is POISON_POINTER_DELTA + 0xd0 so
> > that looks more like smp_alt_modules is not initialized yet but I could
> > could very well be wrong because this is an old kernel. So trigger that
> > with the upstream kernel without out of tree modules.
> Not to mention that we're about (or just have) yanked jprobes out of the
> kernel entirely.

Well... but this is a bug of alternatives_text_reserved(), it traverse the list without holding
the smp_alt mutex. So all users of it, like kprobes, will still have this problem. Maybe I could
think of a way to get rid of the mutex entirely.

Thanks.

> .