Re: [PATCH v3] kmod: Avoid deadlock by recursive kmod call.

From: Tetsuo Handa
Date: Wed Jan 18 2012 - 21:07:59 EST

Next message: Russ Anderson: "[PATCH] x86/uv: Fix uv_gpa_to_soc_phys_ram shift"
Previous message: David Miller: "Re: [PATCH] net: ftgmac100/ftmac100: add missing interrupt.hinclude"
In reply to: Andrew Morton: "Re: [PATCH v3] kmod: Avoid deadlock by recursive kmod call."
Next in thread: Tetsuo Handa: "[PATCH v4] kmod: Avoid deadlock by recursive kmod call."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

("[PATCH v3] kmod: Avoid deadlock by recursive kmod call." didn't arrive at ML
due to mail delivery failure. The V3 patch can be found at
https://bugzilla.kernel.org/show_bug.cgi?id=42579 )

Andrew Morton wrote:
> I suppose we should fix this, although it's obscure.
>
> The changelog doesn't tell people how the bug might occur, which is
> bad. I suggest adding this text to it:
>
> : This bug was observed when using a corrupted /sbin/hotplug binary. The
> : corrupted binary caused a call to request_module("binfmt-0000").
> : search_binary_handler() uses UMH_WAIT_EXEC.

A corrupted /sbin/hotplug binary is just a simplest example. There are various
hooks called during do_execve() operation (e.g. security_bprm_check(),
audit_bprm(), "struct linux_binfmt"->load_binary()). If one of such hooks
triggers (in the future, but maybe already) UMH_WAIT_EXEC, this deadlock
will happen even if /sbin/hotplug is not corrupted.

> I prefer patch A - all that poking around at stack slots is hacky.
OK.

> > --- linux-3.2.orig/fs/exec.c
> > +++ linux-3.2/fs/exec.c
> > @@ -1406,6 +1406,7 @@ int search_binary_handler(struct linux_b
> > fput(bprm->file);
> > bprm->file = NULL;
> > current->did_exec = 1;
> > + current->kmod_thread = 0;
> > proc_exec_connector(current);
> > return retval;
> > }
>
> Special-casing this assignment down in this particular client of kmod
> looks bad. We need to find somewhere else to do this. Perferably
> within the kmod code itself, or possibly over in exec.c or fork.c.
>
Well, kmod code is no longer called if do_execve() succeeded.

In "[PATCH v2] kmod: Avoid deadlock by recursive kmod call"
( https://lkml.org/lkml/2012/1/4/111 ), I forgot to do

current->kmod_thread = 0;

when do_execve() succeeded. Not clearing this flag might overkill functionality
of /sbin/hotplug and its descendants. If we want to clear this flag, I think we
cannot help doing it in fork.c or exec.c (or do like patch B which does not
need this flag).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russ Anderson: "[PATCH] x86/uv: Fix uv_gpa_to_soc_phys_ram shift"
Previous message: David Miller: "Re: [PATCH] net: ftgmac100/ftmac100: add missing interrupt.hinclude"
In reply to: Andrew Morton: "Re: [PATCH v3] kmod: Avoid deadlock by recursive kmod call."
Next in thread: Tetsuo Handa: "[PATCH v4] kmod: Avoid deadlock by recursive kmod call."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]