patch-2.4.22 linux-2.4.22/kernel/module.c
Next file: linux-2.4.22/kernel/printk.c
Previous file: linux-2.4.22/kernel/ksyms.c
Back to the patch index
Back to the overall index
- Lines: 55
- Date:
2003-08-25 04:44:44.000000000 -0700
- Orig file:
linux-2.4.21/kernel/module.c
- Orig date:
2003-06-13 07:51:39.000000000 -0700
diff -urN linux-2.4.21/kernel/module.c linux-2.4.22/kernel/module.c
@@ -345,10 +345,10 @@
asmlinkage long
sys_init_module(const char *name_user, struct module *mod_user)
{
- struct module mod_tmp, *mod;
+ struct module mod_tmp, *mod, *mod2 = NULL;
char *name, *n_name, *name_tmp = NULL;
long namelen, n_namelen, i, error;
- unsigned long mod_user_size;
+ unsigned long mod_user_size, flags;
struct module_ref *dep;
if (!capable(CAP_SYS_MODULE))
@@ -387,11 +387,23 @@
}
strcpy(name_tmp, mod->name);
- error = copy_from_user(mod, mod_user, mod_user_size);
+ /* Copying mod_user directly over mod breaks the module_list chain and
+ * races against search_exception_table. copy_from_user may sleep so it
+ * cannot be under modlist_lock, do the copy in two stages.
+ */
+ if (!(mod2 = vmalloc(mod_user_size))) {
+ error = -ENOMEM;
+ goto err2;
+ }
+ error = copy_from_user(mod2, mod_user, mod_user_size);
if (error) {
error = -EFAULT;
goto err2;
}
+ spin_lock_irqsave(&modlist_lock, flags);
+ memcpy(mod, mod2, mod_user_size);
+ mod->next = mod_tmp.next;
+ spin_unlock_irqrestore(&modlist_lock, flags);
/* Sanity check the size of the module. */
error = -EINVAL;
@@ -505,7 +517,6 @@
to make the I and D caches consistent. */
flush_icache_range((unsigned long)mod, (unsigned long)mod + mod->size);
- mod->next = mod_tmp.next;
mod->refs = NULL;
/* Sanity check the module's dependents */
@@ -571,6 +582,8 @@
err1:
put_mod_name(name);
err0:
+ if (mod2)
+ vfree(mod2);
unlock_kernel();
kfree(name_tmp);
return error;
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)