lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4CA6F44A.1000907@hitachi.com>
Date:	Sat, 02 Oct 2010 17:58:50 +0900
From:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To:	Jason Baron <jbaron@...hat.com>
Cc:	rostedt@...dmis.org, mingo@...e.hu, mathieu.desnoyers@...ymtl.ca,
	hpa@...or.com, tglx@...utronix.de, andi@...stfloor.org,
	roland@...hat.com, rth@...hat.com, fweisbec@...il.com,
	avi@...hat.com, davem@...emloft.net, vgoyal@...hat.com,
	sam@...nborg.org, tony@...eyournoodle.com,
	ddaney@...iumnetworks.com, linux-kernel@...r.kernel.org,
	2nddept-manager@....hitachi.co.jp
Subject: Re: [PATCH 1/5] jump label: fix module __init section race

(2010/10/02 6:23), Jason Baron wrote:
> Jump label uses is_module_text_address() to ensure that the module
> __init sections are valid before updating them. However, between the
> check for a valid module __init section and the subsequent jump
> label update, the module's __init section could be freed out from under
> us.
> 
> We fix this potential race by adding a notifier callback to the
> MODULE_STATE_LIVE state. This notifier is called *after* the __init
> section has been run but before it is going to be freed. In the
> callback, the jump label code zeros the key value for any __init jump
> code within the module, and we add a check for a non-zero key value when
> we update jump labels. In this way we require no additional data
> structures.
> 
> Thanks to Mathieu Desnoyers for pointing out this race condition.
> 
> Signed-off-by: Jason Baron <jbaron@...hat.com>
> Reported-by: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
> ---
>  kernel/jump_label.c |   41 ++++++++++++++++++++++++++++++++++++++++-
>  1 files changed, 40 insertions(+), 1 deletions(-)
> 
> diff --git a/kernel/jump_label.c b/kernel/jump_label.c
> index 7be868b..e2fad92 100644
> --- a/kernel/jump_label.c
> +++ b/kernel/jump_label.c
> @@ -168,7 +168,8 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
>  			count = e_module->nr_entries;
>  			iter = e_module->table;
>  			while (count--) {
> -				if (kernel_text_address(iter->code))
> +				if (iter->key &&
> +						kernel_text_address(iter->code))
>  					arch_jump_label_transform(iter, type);
>  				iter++;
>  			}
> @@ -366,6 +367,39 @@ static void remove_jump_label_module(struct module *mod)
>  	}
>  }
>  
> +static void remove_module_init(struct module *mod)

Hi Jason,

Just a comment, I prefer remove_jump_label_module_init() than this name,
because remove_module_init is too general.

Thank you,


-- 
Masami HIRAMATSU
2nd Dept. Linux Technology Center
Hitachi, Ltd., Systems Development Laboratory
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ