linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Bart Van Assche <bvanassche@acm.org>
To: Waiman Long <longman@redhat.com>, mingo@redhat.com
Cc: peterz@infradead.org, tj@kernel.org, johannes.berg@intel.com,
	linux-kernel@vger.kernel.org,
	Johannes Berg <johannes@sipsolutions.net>
Subject: Re: [PATCH v2 16/24] locking/lockdep: Retain the class key and name while freeing a lock class
Date: Tue, 04 Dec 2018 13:07:11 -0800	[thread overview]
Message-ID: <1543957631.185366.212.camel@acm.org> (raw)
In-Reply-To: <adf9ddfe-d924-bc6c-dd62-ee3da83fb011@redhat.com>

On Tue, 2018-12-04 at 15:31 -0500, Waiman Long wrote:
> On 12/04/2018 02:08 PM, Bart Van Assche wrote:
> > On Tue, 2018-12-04 at 13:57 -0500, Waiman Long wrote:
> > > On 12/03/2018 07:28 PM, Bart Van Assche wrote:
> > > > The next patch in this series uses the class name in code that
> > > > detects lock class use-after-free. Hence retain the class name for
> > > > lock classes that are being freed.
> > > > 
> > > > Cc: Peter Zijlstra <peterz@infradead.org>
> > > > Cc: Waiman Long <longman@redhat.com>
> > > > Cc: Johannes Berg <johannes@sipsolutions.net>
> > > > Signed-off-by: Bart Van Assche <bvanassche@acm.org>
> > > > ---
> > > >  kernel/locking/lockdep.c | 4 +---
> > > >  1 file changed, 1 insertion(+), 3 deletions(-)
> > > > 
> > > > diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
> > > > index ecd92969674c..92bdb187987f 100644
> > > > --- a/kernel/locking/lockdep.c
> > > > +++ b/kernel/locking/lockdep.c
> > > > @@ -4147,10 +4147,8 @@ static void zap_class(struct lock_class *class)
> > > >  	 * Unhash the class and remove it from the all_lock_classes list:
> > > >  	 */
> > > >  	hlist_del_rcu(&class->hash_entry);
> > > > +	class->hash_entry.pprev = NULL;
> > > >  	list_del(&class->lock_entry);
> > > > -page 
> > > > -	RCU_INIT_POINTER(class->key, NULL);
> > > > -	RCU_INIT_POINTER(class->name, NULL);
> > > >  }
> > > >  
> > > >  static inline int within(const void *addr, void *start, unsigned long size)
> > > 
> > > Using the name after module unload can be problematic if it points to
> > > memory space occupied by the unloaded kernel module. The memory page may
> > > be invalid with the potential of crashing the kernel. You may have to
> > > duplicate the name if it is really from the module address space.
> > 
> > The class name shouldn't be used by any of the code I introduced in the
> > lockdep infrastructure after unloading a kernel module finished unless if
> > some of the kernel module code is still running after unloading the kernel
> > module finished. I think if that happens that the kernel module author is
> > to blame and not lockdep :-)
> > 
> > Bart.
> 
> You do use the name once in a WARN_ON check in check_prev_add(). You
> commit log did say the class name will be used.

Hi Waiman,

I will update the commit message and I will add a comment in check_prev_add()
that explains that the newly added warning may trigger a use-after-free.

Bart.

  reply	other threads:[~2018-12-04 21:07 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-04  0:28 [PATCH v2 00/24] locking/lockdep: Add support for dynamic keys Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 01/24] lockdep tests: Display compiler warning and error messages Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 02/24] lockdep tests: Fix shellcheck warnings Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 03/24] lockdep tests: Improve testing accuracy Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 04/24] lockdep tests: Run lockdep tests a second time under Valgrind Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 05/24] liblockdep: Rename "trywlock" into "trywrlock" Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 06/24] liblockdep: Add dummy print_irqtrace_events() implementation Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 07/24] lockdep tests: Test the lockdep_reset_lock() implementation Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 08/24] locking/lockdep: Declare local symbols static Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 09/24] locking/lockdep: Inline __lockdep_init_map() Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 10/24] locking/lockdep: Introduce lock_class_cache_is_registered() Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 11/24] locking/lockdep: Remove a superfluous INIT_LIST_HEAD() statement Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 12/24] locking/lockdep: Make concurrent lockdep_reset_lock() calls safe Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 13/24] locking/lockdep: Stop using RCU primitives to access all_lock_classes Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 14/24] locking/lockdep: Make zap_class() remove all matching lock order entries Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 15/24] locking/lockdep: Reorder struct lock_class members Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 16/24] locking/lockdep: Retain the class key and name while freeing a lock class Bart Van Assche
2018-12-04 18:57   ` Waiman Long
2018-12-04 19:08     ` Bart Van Assche
2018-12-04 20:31       ` Waiman Long
2018-12-04 21:07         ` Bart Van Assche [this message]
2018-12-04  0:28 ` [PATCH v2 17/24] locking/lockdep: Free lock classes that are no longer in use Bart Van Assche
2018-12-04 20:27   ` Waiman Long
2018-12-04 21:42     ` Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 18/24] locking/lockdep: Reuse list entries " Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 19/24] locking/lockdep: Check data structure consistency Bart Van Assche
2018-12-04 20:53   ` Waiman Long
2018-12-04  0:28 ` [PATCH v2 20/24] locking/lockdep: Introduce __lockdep_free_key_range() Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 21/24] locking/lockdep: Verify whether lock objects are small enough to be used as class keys Bart Van Assche
2018-12-04 21:08   ` Waiman Long
2018-12-04 21:39     ` Bart Van Assche
2018-12-04 21:50       ` Waiman Long
2018-12-05  0:06         ` Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 22/24] locking/lockdep: Add support for dynamic keys Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 23/24] kernel/workqueue: Use dynamic lockdep keys for workqueues Bart Van Assche
2018-12-04  0:28 ` [PATCH v2 24/24] lockdep tests: Test dynamic key registration Bart Van Assche

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1543957631.185366.212.camel@acm.org \
    --to=bvanassche@acm.org \
    --cc=johannes.berg@intel.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=longman@redhat.com \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).