lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 31 Aug 2007 21:24:21 +0530 (IST)
From:	Satyam Sharma <satyam@...radead.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
cc:	Robert Hancock <hancockr@...w.ca>,
	Rusty Russell <rusty@...tcorp.com.au>,
	bugme-daemon@...zilla.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	mattilinnanvuori@...oo.com
Subject: Re: [Bugme-new] [Bug 8957] New: Exported functions and variables
 should not be reachable by the outside of the module until module_init
 finishes

Hi Andrew,


On Wed, 29 Aug 2007, Andrew Morton wrote:

> On Wed, 29 Aug 2007 19:33:48 -0600 Robert Hancock <hancockr@...w.ca> wrote:
> 
> > Andrew Morton wrote:
> > > On Wed, 29 Aug 2007 11:33:06 -0700 (PDT) bugme-daemon@...zilla.kernel.org wrote:
> > > 
> > >> http://bugzilla.kernel.org/show_bug.cgi?id=8957
> > >>
> > >>            Summary: Exported functions and variables should not be reachable
> > >>                     by the outside of the module until module_init finishes
> > >>            Product: Other
> > >>            Version: 2.5
> > >>      KernelVersion: 2.6.23-rc4
> > >>           Platform: All
> > >>         OS/Version: Linux
> > >>               Tree: Mainline
> > >>             Status: NEW
> > >>           Severity: normal
> > >>           Priority: P1
> > >>          Component: Modules
> > >>         AssignedTo: other_modules@...nel-bugs.osdl.org
> > >>         ReportedBy: mattilinnanvuori@...oo.com
> > >>
> > >>
> > >> Problem Description: a module's exported functions can be called before before
> > >> they are properly initialized by the module_init function.
> > >>
> > >> Steps to reproduce: write a module that exports functions that require
> > >> initialization by the module_init function to work correctly.
> > >>
> > >> E.g. spin lock variables are no longer allowed to be initialized by C
> > >> initializers of the module but only by spin_lock_init that can be called by the
> > >> module_init function. If an exported function calls spin_lock before it is
> > >> initialized, it deadlocks.
> > > 
> > > ooh, nice bug ;)
> > 
> > Under what circumstances is this actually happening? What are these 
> > functions that are being called?
> > 
> > Normally things are set up such that this isn't a problem, i.e. if 
> > module A depends on module B, module A can't load until module B is 
> > finished loading.
> 
> Good point.
> 
> This thus-far-undescribed module could make its internals externally
> visible via one of the kernel's many register_foo() interfaces,

What you're saying is a plausible problem, but note that it is quite a
completely different issue to what Matti Linnanvuori suggested in the
original bug report.

The report was about module B (which depends on module A, because it
references symbol exported by module A) being able to call a function
(or access data) /exported/ by module A _without_ the module_init()
function of module A having finished completely (and hence the possibility
of accessing uninitialized data etc). But this is not possible -- see the
last reply to Matti.

You're referring to is a module implementing an (possibly un-exported)
function that refers to module-local data, and registering that function
(say through a notifier_block) _before_ initializing_ the data used by
that function. But ...


> but it
> would be a buggy module if it was doing register_foo(my_foo) before
> my_foo() was ready to be called.

... exactly. That module is the buggy culprit here, nothing wrong with
the kernel's core module code.


[ BTW I suspect there /are/ modules out there that get this register_foo()
  ordering wrong in their module_init functions.

  Even more widespread (as I have noticed) is the sad habit of modules
  to not unregister_foo() their stuff (in the module_exit function) in
  the exact reverse order of the register_foo() calls made during
  module_init. This can clearly lead to oopsen, but the only reason why
  we don't see them frequently is because the module_init and module_exit
  codepaths are rarely ever executed at runtime, and even more rarely
  concurrently with other stuff that's using the module. ]


Satyam
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ