lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706211119.07754.ak@suse.de>
Date:	Thu, 21 Jun 2007 11:19:06 +0200
From:	Andi Kleen <ak@...e.de>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Dave Jones <davej@...hat.com>,
	Ian McDonald <ian.mcdonald@...di.co.nz>,
	Andrew Morton <akpm@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Miklos Szeredi <miklos@...redi.hu>,
	Ingo Molnar <mingo@...e.hu>,
	"Darrick J. Wong" <djwong@...ibm.com>,
	Bj?rn Steinbrink <B.Steinbrink@....de>,
	William Cohen <wcohen@...hat.com>,
	"S. P. Prasanna" <prasanna@...ibm.com>,
	Antonino Daplas <adaplas@...il.com>,
	Olaf Hering <olaf@...fle.de>, Ville Syrj?l? <syrjala@....fi>,
	Jean Delvare <khali@...ux-fr.org>,
	Rudolf Marek <r.marek@...embler.cz>,
	Soeren Sonnenburg <kernel@....de>,
	Michal Piotrowski <michal.k.k.piotrowski@...il.com>
Subject: [PATCH] Alternative fix for kprobes&DEBUG_RODATA was Re: [1/2] 2.6.22-rc5: known regressions with patches

On Thursday 21 June 2007 01:48:43 Linus Torvalds wrote:
> 
> On Wed, 20 Jun 2007, Dave Jones wrote:
> > 
> > Surely the fundamental disagreement is only due to DEBUG_RODATA
> > covering write-protection of both .text, and .rodata  ?
> 
> I agree that we could well split DEBUG_RODATA into something more 
> fine-grained, and for example have it _only_ protect that .rodata thing 
> when Kprobes are enabled, and both .text _and_ .rodata when Kprobes are 
> not.
> 
> That would make lots of sense.

Ok, here's a patch to do this. With that 55181000cd60334fe920c65ffbcdfe0e3f1de406
should be reverted because it isn't needed anymore.

I still think in .23 it should be fixed properly, by either using c_p_a()
as needed in the kprobes/alternatives code (Prasanna already had a patch) 
or perhaps better just doing a temporal ioremap() there.

-Andi

---

Disable kernel text protection when kprobes are enabled

To be done better in .23

Signed-off-by: Andi Kleen <ak@...e.de>

Index: linux/arch/x86_64/mm/init.c
===================================================================
--- linux.orig/arch/x86_64/mm/init.c
+++ linux/arch/x86_64/mm/init.c
@@ -600,6 +600,10 @@ void mark_rodata_ro(void)
 {
 	unsigned long start = (unsigned long)_stext, end;
 
+#ifdef CONFIG_KPROBES
+	/* Kprobes code doesn't know yet how to unprotect. Temporary fix. */
+	start = (unsigned long)_etext;
+#endif
 #ifdef CONFIG_HOTPLUG_CPU
 	/* It must still be possible to apply SMP alternatives. */
 	if (num_possible_cpus() > 1)
Index: linux/arch/i386/mm/init.c
===================================================================
--- linux.orig/arch/i386/mm/init.c
+++ linux/arch/i386/mm/init.c
@@ -798,12 +798,16 @@ void mark_rodata_ro(void)
 {
 	unsigned long start = PFN_ALIGN(_text);
 	unsigned long size = PFN_ALIGN(_etext) - start;
+	int notext = 0;
 
+#ifdef CONFIG_KPROBES
+	notext = 1;
+#endif
 #ifdef CONFIG_HOTPLUG_CPU
 	/* It must still be possible to apply SMP alternatives. */
-	if (num_possible_cpus() <= 1)
+	notext = (num_possible_cpus() > 1);
 #endif
-	{
+	if (!notext) {
 		change_page_attr(virt_to_page(start),
 		                 size >> PAGE_SHIFT, PAGE_KERNEL_RX);
 		printk("Write protecting the kernel text: %luk\n", size >> 10);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ