Re: [PATCH 1/3] uprobes: install_breakpoint() should fail ifis_swbp_insn() == T

From: Srikar Dronamraju
Date: Fri Jun 01 2012 - 12:50:02 EST

Next message: Sam Ravnborg: "Re: [PATCH 01/27] smpboot: Provide a generic method to bootsecondary processors"
Previous message: Al Viro: "Re: [GIT PULL] new mailmap file for the linux kernel git repository"
In reply to: Oleg Nesterov: "Re: [PATCH 1/3] uprobes: install_breakpoint() should fail ifis_swbp_insn() == T"
Next in thread: Oleg Nesterov: "Re: [PATCH 1/3] uprobes: install_breakpoint() should fail ifis_swbp_insn() == T"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Oleg Nesterov <oleg@xxxxxxxxxx> [2012-05-31 20:53:39]:

> On 05/30, Peter Zijlstra wrote:
> >
> > register's vma
> > iteration is very careful not to have the same vma twice,
>
> Hmm. I am wondering if it is careful enough...
>
> Just in case, I think your patch is great. But it seems to me
> there is another problem.
>
> __find_next_vma_info() checks tmpvi->mm == vma->vm_mm to detect the
> already visited mm/vma. However, afaics this can be false positive?
>
> The caller, register_for_each_vma(), does mmput() and after that
> this memory can be freed and re-used as another mm_struct.
>

Before we do a mmput(), we take the mmap_sem for that mm. So this mm
cannot be freed until we complete insertion/removal. If the mm gets
reused after the insertion/removal, and maps the inode, then we are
doing the right thing by parsing it.

Or are you hinting at some other problem?

> I'll recheck this, but perhaps we need something like below?
>
> Oleg.
>
> --- x/kernel/events/uprobes.c
> +++ x/kernel/events/uprobes.c
> @@ -851,7 +851,6 @@ static int register_for_each_vma(struct
> list_del(&vi->probe_list);
> kfree(vi);
> up_write(&mm->mmap_sem);
> - mmput(mm);

If we want to do this, then we have to even move the list_del and kfree
along with mmput. Otherwise we may leak mm's. I see no advantages
except for decrease in code. I might be missing something trivial.

On the other side, moving the lines below would mean keeping extra
elements in the list that have to be traversed again. i.e if we
determine in this pass that elements of the list can be removed, then
why keep them till the next pass.

> continue;
> }
> vaddr = vma_address(vma, uprobe->offset);
> @@ -860,7 +859,6 @@ static int register_for_each_vma(struct
> list_del(&vi->probe_list);
> kfree(vi);
> up_write(&mm->mmap_sem);
> - mmput(mm);
> continue;
> }
>
> @@ -870,7 +868,6 @@ static int register_for_each_vma(struct
> remove_breakpoint(uprobe, mm, vi->vaddr);
>
> up_write(&mm->mmap_sem);
> - mmput(mm);
> if (is_register) {
> if (ret && ret == -EEXIST)
> ret = 0;
> @@ -881,6 +878,7 @@ static int register_for_each_vma(struct
>
> list_for_each_entry_safe(vi, tmpvi, &try_list, probe_list) {
> list_del(&vi->probe_list);
> + mmput(vi->mm)
> kfree(vi);
> }
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "Re: [PATCH 01/27] smpboot: Provide a generic method to bootsecondary processors"
Previous message: Al Viro: "Re: [GIT PULL] new mailmap file for the linux kernel git repository"
In reply to: Oleg Nesterov: "Re: [PATCH 1/3] uprobes: install_breakpoint() should fail ifis_swbp_insn() == T"
Next in thread: Oleg Nesterov: "Re: [PATCH 1/3] uprobes: install_breakpoint() should fail ifis_swbp_insn() == T"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]