Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp12413pxy; Fri, 30 Jul 2021 22:05:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzUI7wghYb1l2RRlqYUpei1R22sFzuGciKdZpWxddzLUQEbX1XYvfjXp1+vS8NEHr42n3Tg X-Received: by 2002:aa7:d841:: with SMTP id f1mr7358970eds.196.1627707930015; Fri, 30 Jul 2021 22:05:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627707930; cv=none; d=google.com; s=arc-20160816; b=IyGbg1kyYBDKzoNoy2kuO+sYv5TCdoodUOubSQb/jabcLFdoK865PiBavh98L3Sp6u 57/LbHmkGUe3qdSmm+k2gOpBJzwAS0EDb8PTtFep/DyK63hbBljMkqGzd5aG+amN1+/6 6ylemB8w8M1atMQzSDi7YNTS2Ywvcxxd85zwnXPetgnjQdrwYcX35k9y8Y8r06A0UaX4 lC8zOw9iueaVQS2mVnKg/eJOlKCDrSjVgCzRiNwXoiX4Y0ynu2mJqonqFOFDeYpM0dyu ok/quzbfJjZzZWzhMN7NEBo9PBdkBOyMrENg0MHtzbYJS9WKMuAKtpp0GJPFu/MXtNmT z2bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=3JKkS9FDFfdvDXoShFjVqip4NKKfn8qyUAGKimKquCo=; b=E7KA757AbbQWCurxNOS1Nm3lfDF94PosiBsp8SC+FXrC5/cbuN2yCZNRwpZXU3SqXP tru8tP61zaYLl1eLD82E31GLCOAiVQhcJY1I4sGADlAo/gHc+vAR3K7gwadWEFYohOwj rny4mbB7QEl+FR61yKVJXAszjWSX2xDzRxK3MTHPjO7f8BsH685UAjLqRo71HKAWbkgg Ct4jHH7VRH4+0HqR+x/sZhf34t9qK/tm4qtzdPY1+/R8G4HuWZgF2PsbpKXRcqlky90u igvzB/55HiLoJzNEvggch/ZDPrP9QNgr4KIPWg+i9jMcEZc8oqt4cgjiPtgWOtEf+Qe+ 8u3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k4si3492503edv.523.2021.07.30.22.05.04; Fri, 30 Jul 2021 22:05:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231558AbhGaFDN (ORCPT + 99 others); Sat, 31 Jul 2021 01:03:13 -0400 Received: from out30-131.freemail.mail.aliyun.com ([115.124.30.131]:55585 "EHLO out30-131.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229478AbhGaFDM (ORCPT ); Sat, 31 Jul 2021 01:03:12 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R801e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04420;MF=wenyang@linux.alibaba.com;NM=1;PH=DS;RN=10;SR=0;TI=SMTPD_---0UhV3faO_1627707780; Received: from localhost(mailfrom:wenyang@linux.alibaba.com fp:SMTPD_---0UhV3faO_1627707780) by smtp.aliyun-inc.com(127.0.0.1); Sat, 31 Jul 2021 13:03:05 +0800 From: Wen Yang To: Peter Zijlstra , Thomas Gleixner Cc: Wen Yang , Baoyou Xie , =?UTF-8?q?Christian=20K=C3=B6nig?= , Paul Menzel , Jessica Yu , "Gustavo A. R. Silva" , Johan Hovold , linux-kernel@vger.kernel.org Subject: [PATCH RESEND] params: fix a race condition between rmmod and module_attr_store Date: Sat, 31 Jul 2021 13:02:53 +0800 Message-Id: <20210731050253.86995-1-wenyang@linux.alibaba.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When rmmod, the resource of the module may have been released, but its sysfs have not been destroyed. And at this time, if another process manipulates the module through sysfs, it may cause kernel panic. This may occasionally occur during stress testing, as follows: PID: 36427 TASK: ffff88ed08044300 CPU: 6 COMMAND: "rmmod" #0 [ffff9d21888c7ca8] __schedule at ffffffff93871dd8 #1 [ffff9d21888c7d40] schedule at ffffffff93872113 #2 [ffff9d21888c7d58] schedule_timeout at ffffffff93876492 #3 [ffff9d21888c7de0] wait_for_completion at ffffffff93872b83 #4 [ffff9d21888c7e40] __wait_rcu_gp at ffffffff93117aac #5 [ffff9d21888c7e80] synchronize_sched at ffffffff9311c179 #6 [ffff9d21888c7ec8] cleanup_module at ffffffffc04a282f [aprof] #7 [ffff9d21888c7ee0] __x64_sys_delete_module at ffffffff931453e0 #8 [ffff9d21888c7f38] do_syscall_64 at ffffffff9300437b PID: 19120 TASK: ffff88f0b34ad3c0 CPU: 3 COMMAND: "bash" #0 [ffff9d219406bad8] machine_kexec at ffffffff9306242e #1 [ffff9d219406bb30] __crash_kexec at ffffffff9314b541 #2 [ffff9d219406bbf0] crash_kexec at ffffffff9314c398 #3 [ffff9d219406bc08] oops_end at ffffffff9302ace4 #4 [ffff9d219406bc28] no_context at ffffffff93071331 #5 [ffff9d219406bc80] __do_page_fault at ffffffff93071f06 #6 [ffff9d219406bcf0] do_page_fault at ffffffff93072322 #7 [ffff9d219406bd20] async_page_fault at ffffffff93a0119e [exception RIP: __list_add_valid] ...... #10 [ffff9d219406be48] param_set_buffer_grow at ffffffffc04a1408 [aprof] #11 [ffff9d219406be60] param_attr_store at ffffffff930bf0ac #12 [ffff9d219406be88] module_attr_store at ffffffff930be69a #13 [ffff9d219406be90] kernfs_fop_write at ffffffff9334f56f #14 [ffff9d219406bec8] vfs_write at ffffffff932ad740 #15 [ffff9d219406bef8] ksys_write at ffffffff932ad9ca It is fixed by making sure that the module is alive in param_attr_store. Signed-off-by: Wen Yang Cc: Baoyou Xie Cc: "Christian König" Cc: Paul Menzel Cc: Jessica Yu Cc: "Gustavo A. R. Silva" Cc: Johan Hovold Cc: linux-kernel@vger.kernel.org --- kernel/params.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/params.c b/kernel/params.c index 2daa2780..3ff3efc 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -562,12 +562,16 @@ static ssize_t param_attr_store(struct module_attribute *mattr, if (!attribute->param->ops->set) return -EPERM; + if (!try_module_get(mk->mod)) + return -ENODEV; + kernel_param_lock(mk->mod); if (param_check_unsafe(attribute->param)) err = attribute->param->ops->set(buf, attribute->param); else err = -EPERM; kernel_param_unlock(mk->mod); + module_put(mk->mod); if (!err) return len; return err; -- 1.8.3.1