| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Sep 2010 15:19:36 -0400
From: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>
To: Jason Baron <jbaron@...hat.com>
Cc: Andi Kleen <andi@...stfloor.org>, rusty@...tcorp.co.au,
rostedt@...dmis.com, linux-kernel@...r.kernel.org, mingo@...e.hu,
hpa@...or.com, tglx@...utronix.de, roland@...hat.com,
rth@...hat.com, mhiramat@...hat.com, fweisbec@...il.com,
avi@...hat.com, davem@...emloft.net, vgoyal@...hat.com,
sam@...nborg.org, tony@...eyournoodle.com,
Andi Kleen <ak@...ux.intel.com>
Subject: Re: [PATCH 2/2] Rewrite jump_label.c to use binary search
* Jason Baron (jbaron@...hat.com) wrote:
> On Wed, Sep 22, 2010 at 11:02:50AM -0400, Mathieu Desnoyers wrote:
> > * Andi Kleen (andi@...stfloor.org) wrote:
> > >
> > > >
> > > >>> + for (; entry < stop && entry->key == key; entry++)
> > > >>> + if (kernel_text_address(entry->code))
> > > >>
> > > >> This does not work for modules I'm afraid, only for the core kernel. You
> > > >> should test for __module_text_address() somewhere.
> > > >
> > > > I thought it was shared now, but ok.
> > >
> > > Double checked. This is ok because kernel_text_address()
> > > already checks for modules. You were probably thinking
> > > of __kernel_text_address()
> >
> > Ah right,
> >
> > Although we have another problem:
> >
> > __module_text_address() includes module init text, which defeats the
> > purpose of the check put in there by Jason.
> >
> > So the check works for the core kernel, but not for modules.
> >
> > Mathieu
> >
>
> it works for modules too...it does:
>
> struct module *__module_text_address(unsigned long addr)
> {
> struct module *mod = __module_address(addr);
> if (mod) {
> /* Make sure it's within the text section. */
> if (!within(addr, mod->module_init, mod->init_text_size)
> && !within(addr, mod->module_core,
> mod->core_text_size))
> mod = NULL;
> }
> return mod;
> }
>
> and then in kernel/module.c we have :
>
>
> module_free(mod, mod->module_init);
> mod->module_init = NULL;
>
>
> So, I was relying on the fact module_init gets set to NULL after the
> free happens. However, there a small race there in that the vfree()
> happens before module_init() is set to NULL. So that is probably most
> easily fixed be wrapping those two lines with the jump_label_mutex.
It's both module_init = NULL _and_ init_text_size = 0 that make sure
the test "within(addr, mod->module_init, mod->init_text_size)" is valid.
Just the "module_init = NULL" can cause problems with addresses in the
low range of kernel addresses. With a long enough module init section,
the offset from NULL can end up (temporarily) in the kernel address
range.
But this is all wrong: __module_text_address is relying on
preempt_disable() to ensure coherency of this test is just racy, as you
point out above. So we either do the RCU synchronization properly, or
hold the module_mutex around the module text address test _and_ actual
access to the module init section.
Thanks,
Mathieu
>
> thanks,
>
> -Jason
>
>
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists