Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp405584pxx; Thu, 29 Oct 2020 05:35:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyLCOmBUaTb6c1W+MOHl4vYU7Y8uLBAoAGIR9YqWl/+JUN0guKYNAgGiWuRoR2a8q0FXPFD X-Received: by 2002:a05:6402:195:: with SMTP id r21mr3696255edv.164.1603974959684; Thu, 29 Oct 2020 05:35:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603974959; cv=none; d=google.com; s=arc-20160816; b=G/UZcd6oN1dGa3mG4X8vFgywleMxM8ZpDF9DReCM30JrqGFXWnMkd47Ag/bH/E9QAO nXiwJULZyPhKbj4099egv75qY9y6PSgDpId0xJqPogX9oG1JVTEpKxZVELbZ9XP60Ly0 rihRq+KkdD1CRG1WTynQtxQ7Rt0Gnl62Fblck/tDZXyCy/lXiiWK14XDJDaO8852TN6U EWsF3T5LNenD1/ZRXvPxEtoAQP5UYAwPofIQ9GPcM0T5JL5randVQifJv2rcDddTcDIv BIk6M6F4WGuksYdJFbtDrnvqW8pgb78MDAdpdrJMNelCsDsNjKOC4XNmoYRXV0emaXXL Vx1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:message-id :in-reply-to:subject:cc:to:from:date; bh=2cPvTt8Dp0Dhvx0OseqLpcbCP3FZytRolGqynUzbxyc=; b=h6JE0QZ3b60BfviDeu9834lqCDIlial9G7jsHeW8ntvFEkSu9WVcJo6e+E9ekdWM3S Qar0gEFEUyxf02ehFjc3MxbHwa8eeaqz0ZWbw11sxk6AU/1C9z7pib1kchhaM9ip0YQb S0Qxg+y4TBXX1sXg4fBkstwn1xE0S5ncTbuNfGvYV1/Vd2Y2LVNrSLO/+S2QwejDRv4Y UUT33DpySHpIGH8bZO+WU09fCrM9tUBvh0ti64XkbbxDmcbV8W7HJEi3tuGLVdhLsHrC efNFKC3OtxXmJXddXa//WSaqH2NuFzFnDxyCdiCqs41Xmfv0VnhpsYPWJEVq7UJl2hLl imTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 94si1865587edp.211.2020.10.29.05.35.36; Thu, 29 Oct 2020 05:35:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725774AbgJ2Mb4 (ORCPT + 99 others); Thu, 29 Oct 2020 08:31:56 -0400 Received: from mx2.suse.de ([195.135.220.15]:37876 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725601AbgJ2Mbz (ORCPT ); Thu, 29 Oct 2020 08:31:55 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 3DE19AD31; Thu, 29 Oct 2020 12:31:54 +0000 (UTC) Date: Thu, 29 Oct 2020 13:31:53 +0100 (CET) From: Miroslav Benes To: Jessica Yu cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] module: set MODULE_STATE_GOING state when a module fails to load In-Reply-To: <20201028122106.GA6867@linux-8ccs> Message-ID: References: <20201027140336.15409-1-mbenes@suse.cz> <20201028122106.GA6867@linux-8ccs> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 28 Oct 2020, Jessica Yu wrote: > +++ Miroslav Benes [27/10/20 15:03 +0100]: > >If a module fails to load due to an error in prepare_coming_module(), > >the following error handling in load_module() runs with > >MODULE_STATE_COMING in module's state. Fix it by correctly setting > >MODULE_STATE_GOING under "bug_cleanup" label. > > > >Signed-off-by: Miroslav Benes > >--- > > kernel/module.c | 1 + > > 1 file changed, 1 insertion(+) > > > >diff --git a/kernel/module.c b/kernel/module.c > >index a4fa44a652a7..b34235082394 100644 > >--- a/kernel/module.c > >+++ b/kernel/module.c > >@@ -3991,6 +3991,7 @@ static int load_module(struct load_info *info, const > >char __user *uargs, > > MODULE_STATE_GOING, mod); > > klp_module_going(mod); > > bug_cleanup: > >+ mod->state = MODULE_STATE_GOING; > > /* module_bug_cleanup needs module_mutex protection */ > > mutex_lock(&module_mutex); > > module_bug_cleanup(mod); > > Thanks for the fix! Hmm, I am wondering if we also need to set the > module to GOING if it happens to fail while it is still UNFORMED. > > Currently, when a module is UNFORMED and encounters an error during > load_module(), it stays UNFORMED until it finally goes away. That > sounds fine, but try_module_get() technically permits you to get a > module while it's UNFORMED (but not if it's GOING). Theoretically > someone could increase the refcount of an unformed module that has > encountered an error condition and is in the process of going away. Right. > This shouldn't happen if we properly set the module to GOING whenever > it encounters an error during load_module(). That's correct. > But - I cannot think of a scenario where someone could call > try_module_get() on an unformed module, since find_module() etc. do > not return unformed modules, so they shouldn't be visible outside of > the module loader. So in practice, I think we're probably safe here.. Hopefully yes. I haven't found anything that would contradict it. I think it is even safer to leave UNFORMED there. free_module() explicitly sets UNFORMED state too while going through the similar process. ftrace_release_mod() is the only inconsistency there. It is called with UNFORMED in load_module() if going through ddebug_cleanup label directly, and with GOING in both do_init_module() before free_module() is called and delete_module syscall. But it probably does not care. Miroslav