lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 02 Oct 2010 17:58:50 +0900 From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> To: Jason Baron <jbaron@...hat.com> Cc: rostedt@...dmis.org, mingo@...e.hu, mathieu.desnoyers@...ymtl.ca, hpa@...or.com, tglx@...utronix.de, andi@...stfloor.org, roland@...hat.com, rth@...hat.com, fweisbec@...il.com, avi@...hat.com, davem@...emloft.net, vgoyal@...hat.com, sam@...nborg.org, tony@...eyournoodle.com, ddaney@...iumnetworks.com, linux-kernel@...r.kernel.org, 2nddept-manager@....hitachi.co.jp Subject: Re: [PATCH 1/5] jump label: fix module __init section race (2010/10/02 6:23), Jason Baron wrote: > Jump label uses is_module_text_address() to ensure that the module > __init sections are valid before updating them. However, between the > check for a valid module __init section and the subsequent jump > label update, the module's __init section could be freed out from under > us. > > We fix this potential race by adding a notifier callback to the > MODULE_STATE_LIVE state. This notifier is called *after* the __init > section has been run but before it is going to be freed. In the > callback, the jump label code zeros the key value for any __init jump > code within the module, and we add a check for a non-zero key value when > we update jump labels. In this way we require no additional data > structures. > > Thanks to Mathieu Desnoyers for pointing out this race condition. > > Signed-off-by: Jason Baron <jbaron@...hat.com> > Reported-by: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> > --- > kernel/jump_label.c | 41 ++++++++++++++++++++++++++++++++++++++++- > 1 files changed, 40 insertions(+), 1 deletions(-) > > diff --git a/kernel/jump_label.c b/kernel/jump_label.c > index 7be868b..e2fad92 100644 > --- a/kernel/jump_label.c > +++ b/kernel/jump_label.c > @@ -168,7 +168,8 @@ void jump_label_update(unsigned long key, enum jump_label_type type) > count = e_module->nr_entries; > iter = e_module->table; > while (count--) { > - if (kernel_text_address(iter->code)) > + if (iter->key && > + kernel_text_address(iter->code)) > arch_jump_label_transform(iter, type); > iter++; > } > @@ -366,6 +367,39 @@ static void remove_jump_label_module(struct module *mod) > } > } > > +static void remove_module_init(struct module *mod) Hi Jason, Just a comment, I prefer remove_jump_label_module_init() than this name, because remove_module_init is too general. Thank you, -- Masami HIRAMATSU 2nd Dept. Linux Technology Center Hitachi, Ltd., Systems Development Laboratory E-mail: masami.hiramatsu.pt@...achi.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists