| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 02 Oct 2010 17:58:50 +0900
From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To: Jason Baron <jbaron@...hat.com>
Cc: rostedt@...dmis.org, mingo@...e.hu, mathieu.desnoyers@...ymtl.ca,
hpa@...or.com, tglx@...utronix.de, andi@...stfloor.org,
roland@...hat.com, rth@...hat.com, fweisbec@...il.com,
avi@...hat.com, davem@...emloft.net, vgoyal@...hat.com,
sam@...nborg.org, tony@...eyournoodle.com,
ddaney@...iumnetworks.com, linux-kernel@...r.kernel.org,
2nddept-manager@....hitachi.co.jp
Subject: Re: [PATCH 1/5] jump label: fix module __init section race
(2010/10/02 6:23), Jason Baron wrote:
> Jump label uses is_module_text_address() to ensure that the module
> __init sections are valid before updating them. However, between the
> check for a valid module __init section and the subsequent jump
> label update, the module's __init section could be freed out from under
> us.
>
> We fix this potential race by adding a notifier callback to the
> MODULE_STATE_LIVE state. This notifier is called *after* the __init
> section has been run but before it is going to be freed. In the
> callback, the jump label code zeros the key value for any __init jump
> code within the module, and we add a check for a non-zero key value when
> we update jump labels. In this way we require no additional data
> structures.
>
> Thanks to Mathieu Desnoyers for pointing out this race condition.
>
> Signed-off-by: Jason Baron <jbaron@...hat.com>
> Reported-by: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
> ---
> kernel/jump_label.c | 41 ++++++++++++++++++++++++++++++++++++++++-
> 1 files changed, 40 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/jump_label.c b/kernel/jump_label.c
> index 7be868b..e2fad92 100644
> --- a/kernel/jump_label.c
> +++ b/kernel/jump_label.c
> @@ -168,7 +168,8 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
> count = e_module->nr_entries;
> iter = e_module->table;
> while (count--) {
> - if (kernel_text_address(iter->code))
> + if (iter->key &&
> + kernel_text_address(iter->code))
> arch_jump_label_transform(iter, type);
> iter++;
> }
> @@ -366,6 +367,39 @@ static void remove_jump_label_module(struct module *mod)
> }
> }
>
> +static void remove_module_init(struct module *mod)
Hi Jason,
Just a comment, I prefer remove_jump_label_module_init() than this name,
because remove_module_init is too general.
Thank you,
--
Masami HIRAMATSU
2nd Dept. Linux Technology Center
Hitachi, Ltd., Systems Development Laboratory
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists