From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Andrea Parri <andrea.parri@amarulasolutions.com>,
Oleg Nesterov <oleg@redhat.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Jiri Olsa <jolsa@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Namhyung Kim <namhyung@kernel.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
Stephane Eranian <eranian@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Vince Weaver <vincent.weaver@maine.edu>,
stable@kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.4 33/91] uprobes: Fix handle_swbp() vs. unregister() + register() race once more
Date: Tue, 11 Dec 2018 16:40:52 +0100 [thread overview]
Message-ID: <20181211151608.463823962@linuxfoundation.org> (raw)
In-Reply-To: <20181211151606.026852373@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Parri <andrea.parri@amarulasolutions.com>
commit 09d3f015d1e1b4fee7e9bbdcf54201d239393391 upstream.
Commit:
142b18ddc8143 ("uprobes: Fix handle_swbp() vs unregister() + register() race")
added the UPROBE_COPY_INSN flag, and corresponding smp_wmb() and smp_rmb()
memory barriers, to ensure that handle_swbp() uses fully-initialized
uprobes only.
However, the smp_rmb() is mis-placed: this barrier should be placed
after handle_swbp() has tested for the flag, thus guaranteeing that
(program-order) subsequent loads from the uprobe can see the initial
stores performed by prepare_uprobe().
Move the smp_rmb() accordingly. Also amend the comments associated
to the two memory barriers to indicate their actual locations.
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: stable@kernel.org
Fixes: 142b18ddc8143 ("uprobes: Fix handle_swbp() vs unregister() + register() race")
Link: http://lkml.kernel.org/r/20181122161031.15179-1-andrea.parri@amarulasolutions.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/uprobes.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -606,7 +606,7 @@ static int prepare_uprobe(struct uprobe
BUG_ON((uprobe->offset & ~PAGE_MASK) +
UPROBE_SWBP_INSN_SIZE > PAGE_SIZE);
- smp_wmb(); /* pairs with rmb() in find_active_uprobe() */
+ smp_wmb(); /* pairs with the smp_rmb() in handle_swbp() */
set_bit(UPROBE_COPY_INSN, &uprobe->flags);
out:
@@ -1892,10 +1892,18 @@ static void handle_swbp(struct pt_regs *
* After we hit the bp, _unregister + _register can install the
* new and not-yet-analyzed uprobe at the same address, restart.
*/
- smp_rmb(); /* pairs with wmb() in install_breakpoint() */
if (unlikely(!test_bit(UPROBE_COPY_INSN, &uprobe->flags)))
goto out;
+ /*
+ * Pairs with the smp_wmb() in prepare_uprobe().
+ *
+ * Guarantees that if we see the UPROBE_COPY_INSN bit set, then
+ * we must also see the stores to &uprobe->arch performed by the
+ * prepare_uprobe() call.
+ */
+ smp_rmb();
+
/* Tracing handlers use ->utask to communicate with fetch methods */
if (!get_utask())
goto out;
next prev parent reply other threads:[~2018-12-11 15:46 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-11 15:40 [PATCH 4.4 00/91] 4.4.167-stable review Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 01/91] media: em28xx: Fix use-after-free when disconnecting Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 02/91] Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 03/91] rapidio/rionet: do not free skb before reading its length Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 04/91] s390/qeth: fix length check in SNMP processing Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 05/91] usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 06/91] kvm: mmu: Fix race in emulated page table writes Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 07/91] xtensa: enable coprocessors that are being flushed Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 08/91] xtensa: fix coprocessor context offset definitions Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 09/91] Btrfs: ensure path name is null terminated at btrfs_control_ioctl Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 10/91] ALSA: wss: Fix invalid snd_free_pages() at error path Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 11/91] ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 12/91] ALSA: control: Fix race between adding and removing a user element Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 13/91] ALSA: sparc: Fix invalid snd_free_pages() at error path Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 14/91] ext2: fix potential use after free Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 15/91] dmaengine: at_hdmac: fix memory leak in at_dma_xlate() Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 16/91] dmaengine: at_hdmac: fix module unloading Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 17/91] btrfs: release metadata before running delayed refs Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 18/91] USB: usb-storage: Add new IDs to ums-realtek Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 19/91] usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 20/91] misc: mic/scif: fix copy-paste error in scif_create_remote_lookup Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 21/91] Kbuild: suppress packed-not-aligned warning for default setting only Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 22/91] exec: avoid gcc-8 warning for get_task_comm Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 23/91] disable stringop truncation warnings for now Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 24/91] kobject: Replace strncpy with memcpy Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 25/91] unifdef: use memcpy instead of strncpy Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 26/91] kernfs: Replace strncpy with memcpy Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 27/91] ip_tunnel: Fix name string concatenate in __ip_tunnel_create() Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 28/91] drm: gma500: fix logic error Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 29/91] scsi: bfa: convert to strlcpy/strlcat Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 30/91] staging: rts5208: fix gcc-8 logic error warning Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 31/91] kdb: use memmove instead of overlapping memcpy Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 32/91] iser: set sector for ambiguous mr status errors Greg Kroah-Hartman
2018-12-11 15:40 ` Greg Kroah-Hartman [this message]
2018-12-11 15:40 ` [PATCH 4.4 34/91] MIPS: ralink: Fix mt7620 nd_sd pinmux Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 35/91] mips: fix mips_get_syscall_arg o32 check Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 36/91] drm/ast: Fix incorrect free on ioregs Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 37/91] scsi: scsi_devinfo: cleanly zero-pad devinfo strings Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 38/91] ALSA: trident: Suppress gcc string warning Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 39/91] scsi: csiostor: Avoid content leaks and casts Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 4.4 40/91] kgdboc: Fix restrict error Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 41/91] kgdboc: Fix warning with module build Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 42/91] leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 43/91] leds: turn off the LED and wait for completion on unregistering LED class device Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 44/91] leds: leds-gpio: Fix return value check in create_gpio_led() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 45/91] Input: xpad - quirk all PDP Xbox One gamepads Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 46/91] Input: matrix_keypad - check for errors from of_get_named_gpio() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 47/91] Input: elan_i2c - add ELAN0620 to the ACPI table Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 48/91] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 49/91] Input: elan_i2c - add support for ELAN0621 touchpad Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 50/91] btrfs: Always try all copies when reading extent buffers Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 51/91] Btrfs: fix use-after-free when dumping free space Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 52/91] ARC: change defconfig defaults to ARCv2 Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 53/91] arc: [devboards] Add support of NFSv3 ACL Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 54/91] mm: cleancache: fix corruption on missed inode invalidation Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 55/91] mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 56/91] usb: gadget: dummy: fix nonsensical comparisons Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 57/91] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 58/91] iommu/ipmmu-vmsa: Fix crash on early domain free Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 59/91] can: rcar_can: Fix erroneous registration Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 60/91] batman-adv: Expand merged fragment buffer for full packet Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 61/91] bnx2x: Assign unique DMAE channel number for FW DMAE transactions Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 62/91] qed: Fix PTT leak in qed_drain() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 63/91] qed: Fix reading wrong value in loop condition Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 64/91] net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 65/91] net/mlx4_core: Fix uninitialized variable compilation warning Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 66/91] net/mlx4: Fix UBSAN warning of signed integer overflow Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 67/91] net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 68/91] iommu/vt-d: Use memunmap to free memremap Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 69/91] net: amd: add missing of_node_put() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 70/91] usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 71/91] usb: appledisplay: Add 27" Apple Cinema Display Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 72/91] USB: check usb_get_extra_descriptor for proper size Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 73/91] ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 74/91] ALSA: hda: Add support for AMD Stoney Ridge Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 75/91] ALSA: pcm: Fix starvation on down_write_nonblock() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 76/91] ALSA: pcm: Call snd_pcm_unlink() conditionally at closing Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 77/91] ALSA: pcm: Fix interval evaluation with openmin/max Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 78/91] virtio/s390: avoid race on vcdev->config Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 79/91] virtio/s390: fix race in ccw_io_helper() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 80/91] SUNRPC: Fix leak of krb5p encode pages Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 81/91] dmaengine: cppi41: delete channel from pending list when stop channel Greg Kroah-Hartman
2018-12-12 16:40 ` Bin Liu
2018-12-11 15:41 ` [PATCH 4.4 82/91] xhci: Prevent U1/U2 link pm states if exit latency is too long Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 83/91] Staging: lustre: remove two build warnings Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 84/91] cifs: Fix separator when building path from dentry Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 85/91] tty: serial: 8250_mtk: always resume the device in probe Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 86/91] kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 87/91] mac80211_hwsim: Timer should be initialized before device registered Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 88/91] mac80211: Clear beacon_int in ieee80211_do_stop Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 89/91] mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 90/91] mac80211: fix reordering of buffered broadcast packets Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 4.4 91/91] mac80211: ignore NullFunc frames in the duplicate detection Greg Kroah-Hartman
2018-12-11 21:53 ` [PATCH 4.4 00/91] 4.4.167-stable review kernelci.org bot
2018-12-11 23:56 ` shuah
2018-12-12 7:05 ` Naresh Kamboju
2018-12-12 14:24 ` Guenter Roeck
2018-12-12 17:29 ` Greg Kroah-Hartman
2018-12-12 19:15 ` Harsh Shandilya
2018-12-13 8:04 ` Greg Kroah-Hartman
2018-12-12 22:20 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181211151608.463823962@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=acme@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=andrea.parri@amarulasolutions.com \
--cc=eranian@google.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=oleg@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).