lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Apr 2018 09:10:19 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Christian Borntraeger <borntraeger@...ibm.com>
Cc:     Thomas Richter <tmricht@...ux.ibm.com>,
        Jessica Yu <jeyu@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Martin Schwidefsky <schwidefsky@...ibm.com>,
        brueckner@...ux.vnet.ibm.com,
        Heiko Carstens <heiko.carstens@...ibm.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        "Tobin C. Harding" <me@...in.cc>
Subject: Re: [PATCH] modules: Fix display of wrong module .text address

On Tue, Apr 17, 2018 at 1:24 AM, Christian Borntraeger
<borntraeger@...ibm.com> wrote:
>
>
> On 04/17/2018 10:20 AM, Thomas Richter wrote:
>> In kernel v4.16.0 the module .text address is displayed
>> wrong when using /sys/module/*/sections/.text file.
>> Commit ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when
>> not restricting")
>> is the first bad commit.
>>
>> Here is the issue, using module qeth_l2 on s390 which is the
>> ethernet device driver:
>>
>> [root@...lp76 ~]# lsmod
>> Module                  Size  Used by
>> qeth_l2                94208  1
>> ...
>>
>> [root@...lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
>> qeth_l2 94208 1 - Live 0x000003ff80401000
>>                        ^ This is the correct address in memory
>> [root@...lp76 ~]# cat /sys/module/qeth_l2/sections/.text
>> 0x0000000018ea8363      <---- This is a wrong address
>> [root@...lp76 ~]#
>>
>> This breaks the perf tool which uses this address on s390
>> to calculate start of .text section in memory.
>>
>> Fix this by printing the correct (unhashed) address.
>>
>> Thanks to Jessica Yu for helping on this.
>>
>> Suggested-by: Linus Torvalds <torvalds@...ux-foundation.org>
>> Signed-off-by: Thomas Richter <tmricht@...ux.ibm.com>
>> Cc: Jessica Yu <jeyu@...nel.org>
>
> CC stable?
>
>> ---
>>  kernel/module.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index a6e43a5806a1..77ab7211ddef 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -1472,7 +1472,7 @@ static ssize_t module_sect_show(struct module_attribute *mattr,
>>  {
>>       struct module_sect_attr *sattr =
>>               container_of(mattr, struct module_sect_attr, mattr);
>> -     return sprintf(buf, "0x%pK\n", (void *)sattr->address);
>> +     return sprintf(buf, "%#lx\n", kptr_restrict < 2 ? sattr->address : 0);

Can we use %px instead, just to make the hash-bypass reports easier to grep for?

-Kees

>>  }
>>
>>  static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
>>
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ