lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100922154310.GE2816@redhat.com>
Date:	Wed, 22 Sep 2010 11:43:10 -0400
From:	Jason Baron <jbaron@...hat.com>
To:	Mathieu Desnoyers <compudj@...stal.dyndns.org>
Cc:	Andi Kleen <andi@...stfloor.org>, rusty@...tcorp.co.au,
	rostedt@...dmis.com, linux-kernel@...r.kernel.org, mingo@...e.hu,
	hpa@...or.com, tglx@...utronix.de, roland@...hat.com,
	rth@...hat.com, mhiramat@...hat.com, fweisbec@...il.com,
	avi@...hat.com, davem@...emloft.net, vgoyal@...hat.com,
	sam@...nborg.org, tony@...eyournoodle.com,
	Andi Kleen <ak@...ux.intel.com>
Subject: Re: [PATCH 2/2] Rewrite jump_label.c to use binary search

On Wed, Sep 22, 2010 at 11:07:43AM -0400, Mathieu Desnoyers wrote:
> * Mathieu Desnoyers (mathieu.desnoyers@...ymtl.ca) wrote:
> > * Andi Kleen (andi@...stfloor.org) wrote:
> > > 
> > > >
> > > >>> +	for (; entry < stop && entry->key == key; entry++)
> > > >>> +		if (kernel_text_address(entry->code))
> > > >>
> > > >> This does not work for modules I'm afraid, only for the core kernel. You
> > > >> should test for __module_text_address() somewhere.
> > > >
> > > > I thought it was shared now, but ok.
> > > 
> > > Double checked. This is ok because kernel_text_address()
> > > already checks for modules. You were probably thinking
> > > of __kernel_text_address()
> > 
> > Ah right,
> > 
> > Although we have another problem:
> > 
> > __module_text_address() includes module init text, which defeats the
> > purpose of the check put in there by Jason.
> > 
> > So the check works for the core kernel, but not for modules.
> 
> So, we have this issue, but I also have a question for Jason: what
> happens if someone puts static jump in a function declared in the __init
> section of the core kernel/module ? Can we enable them at early boot ?
> 
> Thanks,
> 
> Mathieu
> 

Hi Mathieu,

Yes, we should be able to enable these. Look at the definition for
core_kernel_text():

int core_kernel_text(unsigned long addr)
{
        if (addr >= (unsigned long)_stext &&
            addr <= (unsigned long)_etext)
                return 1;

        if (system_state == SYSTEM_BOOTING &&
            init_kernel_text(addr))
                return 1;
        return 0;
}

If the system is in the SYSTEM_BOOTING state we allow the text to be
updated. same for modules, the check will allow module __init text
modifications. At very early init there could be some issue
text_poke_smp() working on x86, I'm not sure. In any case, we could
always fall back to text_poke_early(), if needed. So I don't see any
fundamental issues with this case.

thanks,

-Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ