| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1454291492-105918-1-git-send-email-chenweilong@huawei.com>
Date: Mon, 1 Feb 2016 09:51:32 +0800
From: Weilong Chen <chenweilong@...wei.com>
To: <linux-kernel@...r.kernel.org>, <jcm@...masters.org>,
<rusty@...tcorp.com.au>
Subject: [PATCH v2] Race between cat /proc/kallsyms and rmmod
Iterating code of /proc/kallsyms calls module_get_kallsym() which grabs
and drops module_mutex internally and returns "struct module *",
module is removed, aforementioned "struct module *" is used in non-trivial
way.
So, grab module_mutex for entire operation like /proc/modules does.
Steps to reproduce:
while true; do modprobe xfs; rmmod xfs; done
vs
while true; do cat /proc/kallsyms >/dev/null; done
Signed-off-by: Weilong Chen <chenweilong@...wei.com>
---
kernel/kallsyms.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 5c5987f..e09df60 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -516,6 +516,9 @@ static void *s_next(struct seq_file *m, void *p, loff_t *pos)
static void *s_start(struct seq_file *m, loff_t *pos)
{
+#ifdef CONFIG_MODULES
+ mutex_lock(&module_mutex);
+#endif
if (!update_iter(m->private, *pos))
return NULL;
return m->private;
@@ -523,6 +526,9 @@ static void *s_start(struct seq_file *m, loff_t *pos)
static void s_stop(struct seq_file *m, void *p)
{
+#ifdef CONFIG_MODULES
+ mutex_unlock(&module_mutex);
+#endif
}
static int s_show(struct seq_file *m, void *p)
--
1.8.3.1
Powered by blists - more mailing lists