linux/kernel/livepatch
Rik van Riel 747f7a2901 livepatch: fix race between fork and KLP transition
The KLP transition code depends on the TIF_PATCH_PENDING and
the task->patch_state to stay in sync. On a normal (forward)
transition, TIF_PATCH_PENDING will be set on every task in
the system, while on a reverse transition (after a failed
forward one) first TIF_PATCH_PENDING will be cleared from
every task, followed by it being set on tasks that need to
be transitioned back to the original code.

However, the fork code copies over the TIF_PATCH_PENDING flag
from the parent to the child early on, in dup_task_struct and
setup_thread_stack. Much later, klp_copy_process will set
child->patch_state to match that of the parent.

However, the parent's patch_state may have been changed by KLP loading
or unloading since it was initially copied over into the child.

This results in the KLP code occasionally hitting this warning in
klp_complete_transition:

        for_each_process_thread(g, task) {
                WARN_ON_ONCE(test_tsk_thread_flag(task, TIF_PATCH_PENDING));
                task->patch_state = KLP_UNDEFINED;
        }

Set, or clear, the TIF_PATCH_PENDING flag in the child task
depending on whether or not it is needed at the time
klp_copy_process is called, at a point in copy_process where the
tasklist_lock is held exclusively, preventing races with the KLP
code.

The KLP code does have a few places where the state is changed
without the tasklist_lock held, but those should not cause
problems because klp_update_patch_state(current) cannot be
called while the current task is in the middle of fork,
klp_check_and_switch_task() which is called under the pi_lock,
which prevents rescheduling, and manipulation of the patch
state of idle tasks, which do not fork.

This should prevent this warning from triggering again in the
future, and close the race for both normal and reverse transitions.

Signed-off-by: Rik van Riel <riel@surriel.com>
Reported-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Fixes: d83a7cb375 ("livepatch: change to a per-task consistency model")
Cc: stable@kernel.org
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20220808150019.03d6a67b@imladris.surriel.com
2022-09-01 14:53:18 +02:00
..
core.c livepatch: Fix build failure on 32 bits processors 2022-02-07 21:03:10 +11:00
core.h livepatch: Keep replaced patches until post_patch callback is called 2019-11-01 13:08:08 +01:00
Kconfig livepatch: Use the default ftrace_ops instead of REGS when ARGS is available 2020-11-13 12:15:28 -05:00
Makefile livepatch: Basic API to track system state changes 2019-11-01 13:08:14 +01:00
patch.c livepatch: Remove klp_arch_set_pc() and asm/livepatch.h 2022-05-24 08:46:37 +02:00
patch.h livepatch: Remove Nop structures when unused 2019-01-11 20:51:24 +01:00
shadow.c Documentation: livepatch: Add livepatch API page 2021-12-23 11:35:53 +01:00
state.c kernel/: fix repeated words in comments 2020-10-16 11:11:19 -07:00
state.h livepatch: Allow to distinguish different version of system state changes 2019-11-01 13:08:19 +01:00
transition.c livepatch: fix race between fork and KLP transition 2022-09-01 14:53:18 +02:00
transition.h livepatch: Remove signal sysfs attribute 2019-01-16 22:09:33 +01:00