Re: [RFC][PATCH] module: Propagate MODULE_STATE_COMING notifier errors

[Jessica Yu]

+++ Peter Zijlstra [19/06/19 13:23 +0200]:
> On Wed, Jun 19, 2019 at 01:12:12PM +0200, Miroslav Benes wrote:
> > > @@ -3780,7 +3781,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
> > >
> > >  	err = prepare_coming_module(mod);
> > >  	if (err)
> > > -		goto bug_cleanup;
> > > +		goto coming_cleanup;
> >
> > Not good. klp_module_going() is not prepared to be called without
> > klp_module_coming() succeeding. "Funny" things might happen.
>
> Bah, I did look at that but failed to spot it :/
>
> > So it calls for more fine-grained error handling.
>
> Another approach that I considered was trying to re-iterate the notifier
> list up until the point we got, but that was fairly non-trivial and
> needed changes to the notifier crud itself.
>
> I'll try again.

Hm.. I would prefer if we didn't complicate the error handling too
much, especially since you mention it seems non-trivial, and it
doesn't look too nice. You also checked that calling the GOING without
the COMING notifiers should be safe, so I think we can keep things
simple. I tried to look at how other places in the kernel handle
blocking_notifier_call_chain() errors and the places that do look at
the error code (most invocations of blocking_notifier_call_chain()
seem to just ignore the return value) just call the opposing notifiers
(module "going" in our case) to cleanup. I also would not mind
breaking up prepare_coming_module() to refine the error handling, as I
mentioned in my other mail.

Thanks,

Jessica