lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Apr 2008 17:32:07 +0200 From: Ingo Molnar <mingo@...e.hu> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Jiri Slaby <jirislaby@...il.com>, David Miller <davem@...emloft.net>, zdenek.kabelac@...il.com, rjw@...k.pl, paulmck@...ux.vnet.ibm.com, akpm@...ux-foundation.org, linux-ext4@...r.kernel.org, herbert@...dor.apana.org.au, penberg@...helsinki.fi, clameter@....com, linux-kernel@...r.kernel.org, Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>, Andi Kleen <andi@...stfloor.org>, pageexec@...email.hu, "H. Peter Anvin" <hpa@...or.com>, Jeremy Fitzhardinge <jeremy@...p.org> Subject: Re: [PATCH 1/1] x86: fix text_poke * Ingo Molnar <mingo@...e.hu> wrote: > > > > The 0xf0 pattern comes from alternatives_smp_lock: text_poke(*ptr, > > > > ((unsigned char []){0xf0}), 1); > > > > > > And we should really add a lot more sanity checking there. > > something like the patch below? (untested) the one below even builds and boots. this assumes that all modules areas are allocated via PAGE_KERNEL_EXEC - but that is generally true on x86 due to NX. 32-bit uses vmalloc_exec(), 64-bit uses __vmalloc_area(..., PAGE_KERNEL_EXEC). Jiri ... if you have any desire/stamina to still test this code - does the patch below produce any warnings if you unapply your fix as well, during suspend/resume? Ingo ---------------> Subject: x86: harden kernel code patching From: Ingo Molnar <mingo@...e.hu> Date: Fri Apr 25 17:07:03 CEST 2008 Signed-off-by: Ingo Molnar <mingo@...e.hu> --- arch/x86/kernel/alternative.c | 5 +++++ mm/vmalloc.c | 3 +++ 2 files changed, 8 insertions(+) Index: linux/arch/x86/kernel/alternative.c =================================================================== --- linux.orig/arch/x86/kernel/alternative.c +++ linux/arch/x86/kernel/alternative.c @@ -518,6 +518,11 @@ void *__kprobes text_poke(void *addr, co if (core_kernel_text((unsigned long)addr)) { struct page *pages[2] = { virt_to_page(addr), virt_to_page(addr + PAGE_SIZE) }; + /* + * Module text pages are PageReserved: + */ + WARN_ON(pages[0] && !PageReserved(pages[0])); + WARN_ON(pages[1] && !PageReserved(pages[1])); if (!pages[1]) nr_pages = 1; vaddr = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL); Index: linux/mm/vmalloc.c =================================================================== --- linux.orig/mm/vmalloc.c +++ linux/mm/vmalloc.c @@ -391,6 +391,7 @@ static void __vunmap(const void *addr, i struct page *page = area->pages[i]; BUG_ON(!page); + ClearPageReserved(page); __free_page(page); } @@ -507,6 +508,8 @@ static void *__vmalloc_area_node(struct area->nr_pages = i; goto fail; } + if (pgprot_val(prot) == pgprot_val(PAGE_KERNEL_EXEC)) + SetPageReserved(page); area->pages[i] = page; } -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists