lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110429163500.GA5241@linux.vnet.ibm.com>
Date:	Fri, 29 Apr 2011 18:35:00 +0200
From:	Jan Glauber <jang@...ux.vnet.ibm.com>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org, castet.matthieu@...e.fr,
	sliakh.lkml@...il.com, jiang@...ncsu.edu, mingo@...e.hu
Subject: Re: Undoing module RONX protection fix

On Fri, Apr 29, 2011 at 02:11:16PM +0930, Rusty Russell wrote:
> On Thu, 28 Apr 2011 15:43:21 +0200, Jan Glauber <jang@...ux.vnet.ibm.com> wrote:
> > On Thu, Apr 28, 2011 at 09:06:39PM +0930, Rusty Russell wrote:
> > > On Thu, 28 Apr 2011 12:08:20 +0200, Jan Glauber <jang@...ux.vnet.ibm.com> wrote:
> > > > How about this?
> > > > 
> > > > To be honest I don't like the inverse naming like in unset no-execute
> > > > too much, it makes me feel dizzy. But I wanted to keep the changes
> > > > minimal.
> > > 
> > > Yes, it should probably just be called protect_module_pages and
> > > unprotect_module_pages.  The current names provide far too much
> > > information.
> > > 
> > > But going back a bit, how did we end up with a NULL mod->module_init and
> > > yet module->init_text_size, mod->init_size or mod->init_ro_size
> > > non-zero?
> > 
> > printk'ing this reveals that mod->init_ro_size is not 0 but 0x1000.
> > Therefore the first page was modified.
> > 
> > Looks like init_ro_size is missing the reset to zero at the end of the init_module
> > syscall. Next patch ? ;-
> 
> Yes, that seems like a much cleaner and clearer fix to me...

Rusty, I'm not sure if I should resend a merged patch or not, going for the
later so you can apply on top of what you might have. If you would appreciate a
merged patch more please let me know...

Cheers,
Jan
------

Reset mod->init_ro_size to zero after the init part of a module is unloaded. 
That makes the check if a module part exists in the unprotect functions
superfluous so they can be removed.

Signed-off-by: Jan Glauber <jang@...ux.vnet.ibm.com>
---
 kernel/module.c |    5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1609,8 +1609,6 @@ static void set_section_ro_nx(void *base
 
 static void unset_module_core_ro_nx(struct module *mod)
 {
-	if (mod->module_core == NULL)
-		return;
 	set_page_attributes(mod->module_core + mod->core_text_size,
 		mod->module_core + mod->core_size,
 		set_memory_x);
@@ -1621,8 +1619,6 @@ static void unset_module_core_ro_nx(stru
 
 static void unset_module_init_ro_nx(struct module *mod)
 {
-	if (mod->module_init == NULL)
-		return;
 	set_page_attributes(mod->module_init + mod->init_text_size,
 		mod->module_init + mod->init_size,
 		set_memory_x);
@@ -2941,6 +2937,7 @@ SYSCALL_DEFINE3(init_module, void __user
 	module_free(mod, mod->module_init);
 	mod->module_init = NULL;
 	mod->init_size = 0;
+	mod->init_ro_size = 0;
 	mod->init_text_size = 0;
 	mutex_unlock(&module_mutex);
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ