livepatch: add locking to force and signal functions

mirab · Jiri Kosina · commit 8869016d3a58 · 2018-01-11T17:36:07.000+01:00
klp_send_signals() and klp_force_transition() do not acquire klp_mutex, because it seemed to be superfluous. A potential race in klp_send_signals() was harmless and there was nothing in klp_force_transition() which needed to be synchronized. That changed with the addition of klp_forced variable during the review process. There is a small window now, when klp_complete_transition() does not see klp_forced set to true while all tasks have been already transitioned to the target state. module_put() is called and the module can be removed. Acquire klp_mutex in sysfs callback to prevent it. Do the same for the signal sending just to be sure. There is no real downside to that. Fixes: c99a2be ("livepatch: force transition to finish") Fixes: 43347d5 ("livepatch: send a fake signal to all blocking tasks") Reported-by: Jason Baron <jbaron@akamai.com> Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Petr Mladek <pmladek@suse.com> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
@@ -537,22 +537,24 @@ static ssize_t signal_store(struct kobject *kobj, struct kobj_attribute *attr,
 	int ret;
 	bool val;
 
-	patch = container_of(kobj, struct klp_patch, kobj);
-
-	/*
-	 * klp_mutex lock is not grabbed here intentionally. It is not really
-	 * needed. The race window is harmless and grabbing the lock would only
-	 * hold the action back.
-	 */
-	if (patch != klp_transition_patch)
-		return -EINVAL;
-
 	ret = kstrtobool(buf, &val);
 	if (ret)
 		return ret;
 
-	if (val)
-		klp_send_signals();
+	if (!val)
+		return count;
+
+	mutex_lock(&klp_mutex);
+
+	patch = container_of(kobj, struct klp_patch, kobj);
+	if (patch != klp_transition_patch) {
+		mutex_unlock(&klp_mutex);
+		return -EINVAL;
+	}
+
+	klp_send_signals();
+
+	mutex_unlock(&klp_mutex);
 
 	return count;
 }
@@ -564,22 +566,24 @@ static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr,
 	int ret;
 	bool val;
 
-	patch = container_of(kobj, struct klp_patch, kobj);
-
-	/*
-	 * klp_mutex lock is not grabbed here intentionally. It is not really
-	 * needed. The race window is harmless and grabbing the lock would only
-	 * hold the action back.
-	 */
-	if (patch != klp_transition_patch)
-		return -EINVAL;
-
 	ret = kstrtobool(buf, &val);
 	if (ret)
 		return ret;
 
-	if (val)
-		klp_force_transition();
+	if (!val)
+		return count;
+
+	mutex_lock(&klp_mutex);
+
+	patch = container_of(kobj, struct klp_patch, kobj);
+	if (patch != klp_transition_patch) {
+		mutex_unlock(&klp_mutex);
+		return -EINVAL;
+	}
+
+	klp_force_transition();
+
+	mutex_unlock(&klp_mutex);
 
 	return count;
 }
