leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a5af5aa8b6
linux/include
History
Andrey Ryabinin a5af5aa8b6 kasan, module, vmalloc: rework shadow allocation for modules 
Current approach in handling shadow memory for modules is broken.

Shadow memory could be freed only after memory shadow corresponds it is no
longer used.  vfree() called from interrupt context could use memory its
freeing to store 'struct llist_node' in it:

    void vfree(const void *addr)
    {
    ...
        if (unlikely(in_interrupt())) {
            struct vfree_deferred *p = this_cpu_ptr(&vfree_deferred);
            if (llist_add((struct llist_node *)addr, &p->list))
                    schedule_work(&p->wq);

Later this list node used in free_work() which actually frees memory.
Currently module_memfree() called in interrupt context will free shadow
before freeing module's memory which could provoke kernel crash.

So shadow memory should be freed after module's memory.  However, such
deallocation order could race with kasan_module_alloc() in module_alloc().

Free shadow right before releasing vm area.  At this point vfree()'d
memory is not used anymore and yet not available for other allocations.
New VM_KASAN flag used to indicate that vm area has dynamically allocated
shadow memory so kasan frees shadow only if it was previously allocated.

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-03-12 18:46:08 -07:00
..
acpi Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2015-02-19 11:28:36 -08:00
asm-generic OK, this has the big virtio 1.0 implementation, as specified by OASIS. 2015-02-18 09:24:01 -08:00
clocksource
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-02-14 09:47:01 -08:00
drm drm/ttm: device address space != CPU address space 2015-03-05 09:04:39 +10:00
dt-bindings The clock framework changes for 3.20 contain the usual driver additions, 2015-02-21 12:30:30 -08:00
keys
kvm arm/arm64: KVM: allow userland to request a virtual GICv3 2015-01-20 18:25:33 +01:00
linux kasan, module, vmalloc: rework shadow allocation for modules 2015-03-12 18:46:08 -07:00
math-emu
media [media] tea575x: split and export functions 2015-01-27 10:13:50 -02:00
memory
misc
net netfilter: nf_tables: fix userdata length overflow 2015-03-04 18:46:06 +01:00
pcmcia
ras
rdma Revert "IB/core: Add support for extended query device caps" 2015-02-06 00:54:33 -08:00
rxrpc
scsi Merge branch 'for-3.20/core' of git://git.kernel.dk/linux-block 2015-02-12 14:13:23 -08:00
soc
sound ALSA: pcm: allow for trigger_tstamp snapshot in .trigger 2015-02-09 16:01:53 +01:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-02-21 13:21:19 -08:00
trace Merge branch 'lazytime' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-02-17 16:12:34 -08:00
uapi TTY/Serial fixes for 4.0-rc3 2015-03-08 12:25:40 -07:00
video OMAPDSS: fix regression with display sysfs files 2015-02-26 10:23:15 +02:00
xen x86/xen: allow privcmd hypercalls to be preempted 2015-02-23 16:30:24 +00:00
Kbuild