From: Oleg Nesterov <oleg@redhat.com>
To: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@elte.hu>, Steven Rostedt <rostedt@goodmis.org>,
Linux-mm <linux-mm@kvack.org>,
Arnaldo Carvalho de Melo <acme@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ananth N Mavinakayanahalli <ananth@in.ibm.com>,
Hugh Dickins <hughd@google.com>,
Christoph Hellwig <hch@infradead.org>,
Jonathan Corbet <corbet@lwn.net>,
Thomas Gleixner <tglx@linutronix.de>,
Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jim Keniston <jkenisto@linux.vnet.ibm.com>,
Roland McGrath <roland@hack.frob.com>,
Andi Kleen <andi@firstfloor.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v4 3.0-rc2-tip 4/22] 4: Uprobes: register/unregister probes.
Date: Wed, 15 Jun 2011 19:30:07 +0200 [thread overview]
Message-ID: <20110615173007.GA12652@redhat.com> (raw)
In-Reply-To: <20110607125900.28590.16071.sendpatchset@localhost6.localdomain6>
I still didn't actually read this/next patches, but
On 06/07, Srikar Dronamraju wrote:
>
> +#ifdef CONFIG_UPROBES
> + unsigned long uprobes_vaddr;
Srikar, I know it is very easy to blame the patches ;) But why does this
patch add mm->uprobes_vaddr ? Look, it is write-only, register/unregister
do
mm->uprobes_vaddr = (unsigned long) vaddr;
and it is not used otherwise. It is not possible to understand its purpose
without reading the next patches. And the code above looks very strange,
the next vma can overwrite uprobes_vaddr.
If possible, please try to re-split this series. If uprobes_vaddr is used
in 6/22, then this patch should introduce this member. Note that this is
only one particular example, there are a lot more.
> +int register_uprobe(struct inode *inode, loff_t offset,
> + struct uprobe_consumer *consumer)
> +{
> ...
> + mutex_lock(&mapping->i_mmap_mutex);
> + vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, 0, 0) {
> + loff_t vaddr;
> + struct task_struct *tsk;
> +
> + if (!atomic_inc_not_zero(&vma->vm_mm->mm_users))
> + continue;
> +
> + mm = vma->vm_mm;
> + if (!valid_vma(vma)) {
> + mmput(mm);
This looks deadlockable. If mmput()->atomic_dec_and_test() succeeds
unlink_file_vma() needs the same ->i_mmap_mutex, no?
I think you can simply remove mmput(). Why do you increment ->mm_users
in advance? I think you can do this right before list_add(), after all
valid_vma/etc checks.
> + vaddr = vma->vm_start + offset;
> + vaddr -= vma->vm_pgoff << PAGE_SHIFT;
> + if (vaddr < vma->vm_start || vaddr > vma->vm_end) {
> + /* Not in this vma */
> + mmput(mm);
> + continue;
> + }
Not sure that "Not in this vma" is possible if we pass the correct pgoff
to vma_prio_tree_foreach()... but OK, I forgot everything I knew about
vma prio_tree.
So, we verified that vaddr is valid. Then,
> + tsk = get_mm_owner(mm);
> + if (tsk && vaddr > TASK_SIZE_OF(tsk)) {
how it it possible to map ->vm_file above TASK_SIZE ?
And why do you need get/put_task_struct? You could simply read
TASK_SIZE_OF(tsk) under rcu_read_lock.
> +void unregister_uprobe(struct inode *inode, loff_t offset,
> + struct uprobe_consumer *consumer)
> +{
> ...
> +
> + mutex_lock(&mapping->i_mmap_mutex);
> + vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, 0, 0) {
> + struct task_struct *tsk;
> +
> + if (!atomic_inc_not_zero(&vma->vm_mm->mm_users))
> + continue;
> +
> + mm = vma->vm_mm;
> +
> + if (!atomic_read(&mm->uprobes_count)) {
> + mmput(mm);
Again, mmput() doesn't look safe.
> + list_for_each_entry_safe(mm, tmpmm, &tmp_list, uprobes_list)
> + remove_breakpoint(mm, uprobe);
What if the application, say, unmaps the vma with bkpt before
unregister_uprobe() ? Or it can do mprotect(PROT_WRITE), then valid_vma()
fails. Probably this is fine, but mm->uprobes_count becomes wrong, no?
Oleg.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-06-15 17:32 UTC|newest]
Thread overview: 120+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-07 12:58 [PATCH v4 3.0-rc2-tip 0/22] 0: Uprobes patchset with perf probe support Srikar Dronamraju
2011-06-07 12:58 ` [PATCH v4 3.0-rc2-tip 1/22] 1: X86 specific breakpoint definitions Srikar Dronamraju
2011-06-07 12:58 ` [PATCH v4 3.0-rc2-tip 2/22] 2: uprobes: Breakground page replacement Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-13 8:48 ` Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-13 8:50 ` Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-09 23:03 ` Peter Zijlstra
2011-06-13 8:59 ` Srikar Dronamraju
2011-06-14 12:57 ` Peter Zijlstra
2011-06-14 14:57 ` Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-13 9:14 ` Srikar Dronamraju
2011-06-13 13:46 ` Oleg Nesterov
2011-06-13 17:00 ` Oleg Nesterov
2011-06-14 12:35 ` Srikar Dronamraju
2011-06-14 14:20 ` Oleg Nesterov
2011-06-15 8:55 ` Srikar Dronamraju
2011-06-15 17:54 ` Oleg Nesterov
2011-06-14 13:01 ` Peter Zijlstra
2011-06-14 14:27 ` Oleg Nesterov
2011-06-14 15:07 ` Peter Zijlstra
2011-06-14 15:40 ` Oleg Nesterov
2011-06-14 18:22 ` Peter Zijlstra
2011-06-16 12:48 ` Peter Zijlstra
2011-06-07 12:58 ` [PATCH v4 3.0-rc2-tip 3/22] 3: uprobes: Adding and remove a uprobe in a rb tree Srikar Dronamraju
2011-06-08 4:12 ` Stephen Wilson
2011-06-08 7:04 ` Josh Stone
2011-06-08 10:29 ` Srikar Dronamraju
2011-06-08 10:30 ` Srikar Dronamraju
2011-06-07 12:59 ` [PATCH v4 3.0-rc2-tip 4/22] 4: Uprobes: register/unregister probes Srikar Dronamraju
2011-06-08 22:10 ` Stephen Wilson
2011-06-09 5:43 ` Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-16 5:40 ` Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-13 16:50 ` Steven Rostedt
2011-06-16 5:26 ` Srikar Dronamraju
2011-06-16 9:42 ` Peter Zijlstra
2011-06-13 19:57 ` Oleg Nesterov
2011-06-14 12:00 ` Srikar Dronamraju
2011-06-14 14:29 ` Oleg Nesterov
2011-06-15 17:30 ` Oleg Nesterov [this message]
2011-06-16 5:09 ` Srikar Dronamraju
2011-06-15 17:41 ` Peter Zijlstra
2011-06-16 4:11 ` Srikar Dronamraju
2011-06-16 9:46 ` Peter Zijlstra
2011-06-16 9:54 ` Srikar Dronamraju
2011-06-16 10:09 ` Peter Zijlstra
2011-06-16 13:51 ` Oleg Nesterov
2011-06-17 9:29 ` Srikar Dronamraju
2011-06-15 18:01 ` Peter Zijlstra
2011-07-24 18:07 ` Oleg Nesterov
2011-07-25 12:17 ` Srikar Dronamraju
2011-06-07 12:59 ` [PATCH v4 3.0-rc2-tip 5/22] 5: x86: analyze instruction and determine fixups Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-07 12:59 ` [PATCH v4 3.0-rc2-tip 6/22] 6: uprobes: store/restore original instruction Srikar Dronamraju
2011-06-07 12:59 ` [PATCH v4 3.0-rc2-tip 7/22] 7: uprobes: mmap and fork hooks Srikar Dronamraju
2011-06-08 22:12 ` Stephen Wilson
2011-06-09 5:50 ` Srikar Dronamraju
2011-06-15 18:11 ` Peter Zijlstra
2011-06-16 3:26 ` Srikar Dronamraju
2011-06-16 12:00 ` Peter Zijlstra
2011-06-16 13:00 ` Srikar Dronamraju
2011-06-16 18:23 ` Peter Zijlstra
2011-06-16 18:25 ` Peter Zijlstra
2011-06-17 4:50 ` Srikar Dronamraju
2011-06-17 8:03 ` Peter Zijlstra
2011-06-17 9:05 ` Srikar Dronamraju
2011-06-17 9:41 ` Peter Zijlstra
2011-06-21 13:17 ` Peter Zijlstra
2011-06-22 14:39 ` Srikar Dronamraju
2011-06-24 2:06 ` Srikar Dronamraju
2011-06-24 7:42 ` Peter Zijlstra
2011-06-27 6:45 ` Srikar Dronamraju
2011-06-27 8:57 ` Peter Zijlstra
2011-07-18 9:20 ` Srikar Dronamraju
2011-07-18 14:31 ` Peter Zijlstra
2011-07-19 6:53 ` Srikar Dronamraju
2011-07-20 11:56 ` Peter Zijlstra
2011-06-07 12:59 ` [PATCH v4 3.0-rc2-tip 8/22] 8: x86: architecture specific task information Srikar Dronamraju
2011-06-07 12:59 ` [PATCH v4 3.0-rc2-tip 9/22] 9: uprobes: task specific information Srikar Dronamraju
2011-06-07 13:00 ` [PATCH v4 3.0-rc2-tip 10/22] 10: uprobes: slot allocation for uprobes Srikar Dronamraju
2011-06-07 13:00 ` [PATCH v4 3.0-rc2-tip 11/22] 11: uprobes: get the breakpoint address Srikar Dronamraju
2011-06-07 13:00 ` [PATCH v4 3.0-rc2-tip 12/22] 12: x86: x86 specific probe handling Srikar Dronamraju
2011-06-07 13:00 ` [PATCH v4 3.0-rc2-tip 13/22] 13: uprobes: Handing int3 and singlestep exception Srikar Dronamraju
2011-06-08 22:11 ` Stephen Wilson
2011-06-09 5:47 ` Srikar Dronamraju
2011-06-16 11:52 ` Peter Zijlstra
2011-06-16 12:04 ` Srikar Dronamraju
2011-06-16 12:35 ` Peter Zijlstra
2011-06-07 13:01 ` [PATCH v4 3.0-rc2-tip 14/22] 14: x86: uprobes exception notifier for x86 Srikar Dronamraju
2011-06-21 13:31 ` Peter Zijlstra
2011-06-21 13:32 ` Peter Zijlstra
2011-06-22 14:54 ` Srikar Dronamraju
2011-06-22 16:40 ` Roland McGrath
2011-06-07 13:01 ` [PATCH v4 3.0-rc2-tip 15/22] 15: uprobes: register a notifier for uprobes Srikar Dronamraju
2011-06-07 13:01 ` [PATCH v4 3.0-rc2-tip 16/22] 16: tracing: Extract out common code for kprobes/uprobes traceevents Srikar Dronamraju
2011-06-07 13:01 ` [PATCH v4 3.0-rc2-tip 17/22] 17: tracing: uprobes trace_event interface Srikar Dronamraju
2011-06-07 13:01 ` [PATCH v4 3.0-rc2-tip 18/22] 18: tracing: Uprobe tracer documentation Srikar Dronamraju
2011-06-07 13:02 ` [PATCH v4 3.0-rc2-tip 19/22] 19: perf: rename target_module to target Srikar Dronamraju
2011-06-07 13:02 ` [PATCH v4 3.0-rc2-tip 20/22] 20: perf: perf interface for uprobes Srikar Dronamraju
2011-06-07 13:30 ` Christoph Hellwig
2011-06-07 13:38 ` Ananth N Mavinakayanahalli
2011-06-07 14:21 ` Arnaldo Carvalho de Melo
2011-06-07 16:06 ` Srikar Dronamraju
2011-06-08 3:41 ` Masami Hiramatsu
2011-06-07 19:59 ` Josh Stone
2011-06-08 3:44 ` Srikar Dronamraju
2011-06-10 11:50 ` Masami Hiramatsu
2011-06-07 13:02 ` [PATCH v4 3.0-rc2-tip 21/22] 21: perf: show possible probes in a given executable file or library Srikar Dronamraju
2011-06-07 13:02 ` [PATCH v4 3.0-rc2-tip 22/22] 22: perf: Documentation for perf uprobes Srikar Dronamraju
2011-06-10 12:03 ` Masami Hiramatsu
2011-06-09 18:42 ` [PATCH v4 3.0-rc2-tip 0/22] 0: Uprobes patchset with perf probe support Peter Zijlstra
2011-06-10 5:56 ` Ananth N Mavinakayanahalli
2011-06-13 9:23 ` Srikar Dronamraju
2011-06-09 23:03 ` Peter Zijlstra
2011-06-10 6:15 ` Masami Hiramatsu
2011-06-13 10:08 ` Srikar Dronamraju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110615173007.GA12652@redhat.com \
--to=oleg@redhat.com \
--cc=acme@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=ananth@in.ibm.com \
--cc=andi@firstfloor.org \
--cc=corbet@lwn.net \
--cc=hch@infradead.org \
--cc=hughd@google.com \
--cc=jkenisto@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=masami.hiramatsu.pt@hitachi.com \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=roland@hack.frob.com \
--cc=rostedt@goodmis.org \
--cc=srikar@linux.vnet.ibm.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox