| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2007 11:19:06 +0200
From: Andi Kleen <ak@...e.de>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Dave Jones <davej@...hat.com>,
Ian McDonald <ian.mcdonald@...di.co.nz>,
Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Miklos Szeredi <miklos@...redi.hu>,
Ingo Molnar <mingo@...e.hu>,
"Darrick J. Wong" <djwong@...ibm.com>,
Bj?rn Steinbrink <B.Steinbrink@....de>,
William Cohen <wcohen@...hat.com>,
"S. P. Prasanna" <prasanna@...ibm.com>,
Antonino Daplas <adaplas@...il.com>,
Olaf Hering <olaf@...fle.de>, Ville Syrj?l? <syrjala@....fi>,
Jean Delvare <khali@...ux-fr.org>,
Rudolf Marek <r.marek@...embler.cz>,
Soeren Sonnenburg <kernel@....de>,
Michal Piotrowski <michal.k.k.piotrowski@...il.com>
Subject: [PATCH] Alternative fix for kprobes&DEBUG_RODATA was Re: [1/2] 2.6.22-rc5: known regressions with patches
On Thursday 21 June 2007 01:48:43 Linus Torvalds wrote:
>
> On Wed, 20 Jun 2007, Dave Jones wrote:
> >
> > Surely the fundamental disagreement is only due to DEBUG_RODATA
> > covering write-protection of both .text, and .rodata ?
>
> I agree that we could well split DEBUG_RODATA into something more
> fine-grained, and for example have it _only_ protect that .rodata thing
> when Kprobes are enabled, and both .text _and_ .rodata when Kprobes are
> not.
>
> That would make lots of sense.
Ok, here's a patch to do this. With that 55181000cd60334fe920c65ffbcdfe0e3f1de406
should be reverted because it isn't needed anymore.
I still think in .23 it should be fixed properly, by either using c_p_a()
as needed in the kprobes/alternatives code (Prasanna already had a patch)
or perhaps better just doing a temporal ioremap() there.
-Andi
---
Disable kernel text protection when kprobes are enabled
To be done better in .23
Signed-off-by: Andi Kleen <ak@...e.de>
Index: linux/arch/x86_64/mm/init.c
===================================================================
--- linux.orig/arch/x86_64/mm/init.c
+++ linux/arch/x86_64/mm/init.c
@@ -600,6 +600,10 @@ void mark_rodata_ro(void)
{
unsigned long start = (unsigned long)_stext, end;
+#ifdef CONFIG_KPROBES
+ /* Kprobes code doesn't know yet how to unprotect. Temporary fix. */
+ start = (unsigned long)_etext;
+#endif
#ifdef CONFIG_HOTPLUG_CPU
/* It must still be possible to apply SMP alternatives. */
if (num_possible_cpus() > 1)
Index: linux/arch/i386/mm/init.c
===================================================================
--- linux.orig/arch/i386/mm/init.c
+++ linux/arch/i386/mm/init.c
@@ -798,12 +798,16 @@ void mark_rodata_ro(void)
{
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
+ int notext = 0;
+#ifdef CONFIG_KPROBES
+ notext = 1;
+#endif
#ifdef CONFIG_HOTPLUG_CPU
/* It must still be possible to apply SMP alternatives. */
- if (num_possible_cpus() <= 1)
+ notext = (num_possible_cpus() > 1);
#endif
- {
+ if (!notext) {
change_page_attr(virt_to_page(start),
size >> PAGE_SHIFT, PAGE_KERNEL_RX);
printk("Write protecting the kernel text: %luk\n", size >> 10);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists