[BUG] A bug report between init_moudle and kallsyms_lookup_name

[Rui Xiang]

Hi List, 

We encounter a crash in kallsyms_lookup_name in our product, the kernel version is Linux 3.4.
It seems a kernel bug.

In the scene, some modules were loading in CPU A. But kallsyms_lookup_name was  
executed to find an symbol name for each modules in CPU B.

The reason seems like that, 
after the module was added to modules list in CPU A, then module_kallsyms_lookup_name 
in CPU B would found the mod. The addrs of mod->strtab and mod->symtab would be saved in register.
After the module init, the mod_symtab, strtab and num_symtab are updated to core_***, and 
the init memory will be free. It means the memory area of the old mod->strtab and mod->symtab 
is also free. But in the mod_find_symname, the addr saved in the register is still old.

		CPU A					CPU B
						module_kallsyms_lookup_name
	load_module				    -->mod_find_symname
	    -->list_add_rcu(modules)
		ããã				                          *save mod->symtab/strtab into register
	do_one_initcall
		ããã				strcmp(name, mod->strtab+mod->symtab[i].st_name)		*OK
	mod->num_symtab = mod->core_num_syms;
	mod->symtab = mod->core_symtab;
	mod->strtab = mod->core_strtab;
		ããã
	module_freeïmodule_initï
						strcmp(name, mod->strtab+mod->symtab[i].st_name) 		*old addr, crash

The same to other two functions in kernel. Using kallsyms_on_each_symbol or module_get_kallsym would 
cause a crash, while loading an modules, too.

It seems like an old bug in kernel, and also exits in mainline. Right?
Any advice is welcome.

Thanks,
Rui

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/