| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Mar 2014 20:30:28 +0900
From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To: Kees Cook <keescook@...omium.org>
Cc: "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
linux-kernel@...r.kernel.org, Andy Honig <ahonig@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Jianguo Wu <wujianguo@...wei.com>,
David Rientjes <rientjes@...gle.com>,
Fengguang Wu <fengguang.wu@...el.com>
Subject: Re: [PATCH] x86, kaslr: fix module lock ordering problem
(2014/03/11 5:42), Kees Cook wrote:
> There was a potential lock ordering problem with the module kASLR patch
> ("x86, kaslr: randomize module base load address"). This patch removes
> the usage of the module_mutex and creates a new mutex to protect the
> module base address offset value.
>
> Chain exists of:
> text_mutex --> kprobe_insn_slots.mutex --> module_mutex
>
> [ 0.515561] Possible unsafe locking scenario:
> [ 0.515561]
> [ 0.515561] CPU0 CPU1
> [ 0.515561] ---- ----
> [ 0.515561] lock(module_mutex);
> [ 0.515561] lock(kprobe_insn_slots.mutex);
> [ 0.515561] lock(module_mutex);
> [ 0.515561] lock(text_mutex);
> [ 0.515561]
> [ 0.515561] *** DEADLOCK ***
>
> Reported-by: Fengguang Wu <fengguang.wu@...el.com>
> Signed-off-by: Andy Honig <ahonig@...gle.com>
> Signed-off-by: Kees Cook <keescook@...omium.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Thanks for fix that ! :)
> ---
> arch/x86/kernel/module.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
> index 49483137371f..e69f9882bf95 100644
> --- a/arch/x86/kernel/module.c
> +++ b/arch/x86/kernel/module.c
> @@ -48,6 +48,9 @@ do { \
> static unsigned long module_load_offset;
> static int randomize_modules = 1;
>
> +/* Mutex protects the module_load_offset. */
> +static DEFINE_MUTEX(module_kaslr_mutex);
> +
> static int __init parse_nokaslr(char *p)
> {
> randomize_modules = 0;
> @@ -58,7 +61,7 @@ early_param("nokaslr", parse_nokaslr);
> static unsigned long int get_module_load_offset(void)
> {
> if (randomize_modules) {
> - mutex_lock(&module_mutex);
> + mutex_lock(&module_kaslr_mutex);
> /*
> * Calculate the module_load_offset the first time this
> * code is called. Once calculated it stays the same until
> @@ -67,7 +70,7 @@ static unsigned long int get_module_load_offset(void)
> if (module_load_offset == 0)
> module_load_offset =
> (get_random_int() % 1024 + 1) * PAGE_SIZE;
> - mutex_unlock(&module_mutex);
> + mutex_unlock(&module_kaslr_mutex);
> }
> return module_load_offset;
> }
>
--
Masami HIRAMATSU
IT Management Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists