From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932823AbbCDPvo (ORCPT <rfc822;w@1wt.eu>);
	Wed, 4 Mar 2015 10:51:44 -0500
Received: from cantor2.suse.de ([195.135.220.15]:33137 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932358AbbCDPvl (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 4 Mar 2015 10:51:41 -0500
Date: Wed, 4 Mar 2015 16:51:39 +0100 (CET)
From: Jiri Kosina <jkosina@suse.cz>
To: Josh Poimboeuf <jpoimboe@redhat.com>
cc: Petr Mladek <pmladek@suse.cz>, Seth Jennings <sjenning@redhat.com>,
        Vojtech Pavlik <vojtech@suse.cz>, live-patching@vger.kernel.org,
        linux-kernel@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>,
        Miroslav Benes <mbenes@suse.cz>,
        Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>, mingo@kernel.org,
        mathieu.desnoyers@efficios.com, oleg@redhat.com,
        paulmck@linux.vnet.ibm.com, andi@firstfloor.org, rostedt@goodmis.org,
        tglx@linutronix.de
Subject: Re: [PATCH 2/2] livepatch: fix patched module loading race
In-Reply-To: <20150304153415.GB5464@treble.hsd1.ky.comcast.net>
Message-ID: <alpine.LNX.2.00.1503041650440.26925@pobox.suse.cz>
References: <cover.1425423640.git.jpoimboe@redhat.com> <297cb260437910c43bf0ec85f53578f6cfef6d88.1425423640.git.jpoimboe@redhat.com> <20150304131752.GD15177@pathway.suse.cz> <20150304153415.GB5464@treble.hsd1.ky.comcast.net>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 4 Mar 2015, Josh Poimboeuf wrote:

> > CPU0					CPU1
> > 
> > delete_module()  #SYSCALL
> > 
> >    try_stop_module()
> >      mod->state = MODULE_STATE_GOING;
> > 
> >    mutex_unlock(&module_mutex);
> > 
> > 					klp_register_patch()
> > 					klp_enable_patch()
> > 
> > 					#save place to switch universe
> > 
> > 					b()     # from module that is going
> > 					  a()   # from core (patched)
> > 
> > 
> >    mod->exit();
> > 
> > 
> > Note that the function b() can be called until we call mod->exit().
> > 
> > If we do not apply patch against b() because it is in
> > MODULE_STATE_GOING. It will call patched a() with modified semantic
> > and things might get wrong.
> > 
> > Well, the above described race is rather theoretical. It will happen
> > only when a patched module is being removed and a module with a patch
> > is added at the same time. Also it means that some other CPU will
> > manage to register, enable the patch, switch the universe, and
> > call function from the patched module during the small race window.
> > 
> > I am not sure if we need to handle such a type of race if the solution
> > adds too big complexity.
> 
> But b() can't be called after the module is in MODULE_STATE_GOING,
> right?  try_stop_module() makes sure it's not being used before changing
> its state.

If b() is called from __exit() of the particular module, then you end up 
in exactly the situation described above, don't you?

Thanks,

-- 
Jiri Kosina
SUSE Labs