Re: Linux 2.4.1-ac15

Philipp Rumpf (prumpf@mandrakesoft.com)
Mon, 19 Feb 2001 10:34:49 -0600 (CST)


On Mon, 19 Feb 2001, Alan Cox wrote:
> > so you hold a spinlock during copy_from_user ? Or did you change
> > sys_init_module/sys_create_modules semantics ?
>
> The only points I need to hold a spinlock are editing the chain and
> walking it in a case where I dont hold the kernel lock.
>
> So I spin_lock_irqsave the two ops updating the list links in each case and
> the exception lookup walk

So you fixed the nonexistent race only. The real race is that the module
structure gets initialized first (so the exception table pointers point to
uninitialized vmalloc'd (module_map'd) memory), then the module data
(including the exception table) gets copied.

The race window is from the first copy_from_user in sys_init_module until
the second one.

Or am I missing something ?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/