lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Jun 2019 13:12:12 +0200 (CEST)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Peter Zijlstra <peterz@...radead.org>
cc:     Jessica Yu <jeyu@...nel.org>, linux-kernel@...r.kernel.org,
        jpoimboe@...hat.com, jikos@...nel.org, pmladek@...e.com,
        rostedt@...dmis.org, ast@...nel.org, daniel@...earbox.net
Subject: Re: [RFC][PATCH] module: Propagate MODULE_STATE_COMING notifier
 errors

On Mon, 17 Jun 2019, Peter Zijlstra wrote:

> 
> Some module notifiers; such as jump_label_module_notifier(),
> tracepoint_module_notify(); can fail the MODULE_STATE_COMING callback
> (due to -ENOMEM for example). However module.c:prepare_coming_module()
> ignores all such errors, even though this function can already fail due
> to klp_module_coming().

It does, but there is no change from the pre-prepare_coming_module() 
times. Coming notifiers were called in complete_formation(), their return 
values happily ignored and going notifiers not called to clean up even 
before.

> Therefore, propagate the notifier error and ensure we call the GOING
> notifier when we do fail, to ensure cleanup for all notifiers that
> didn't fail. Auditing all notifiers to make sure calling GOING without
> COMING first is OK found no obvious problems with that, but it did find
> a whole bunch of issues with return values, so clean those up too.

Jessica, do you know why coming notifiers do not return errors without 
this patch (or to be precise, blocking_notifier_call_chain() return value 
is not taken into the account)? We have come across the issue couple of 
times already and I think there was a reason, but I cannot remember 
anything and the code does not help either.

Also the situation around the return values themselves is not completely 
clear. If there is no NOTIFY_STOP_MASK set, only the return value of the 
last notifier called is returned, so good that you checked, Peter.
 
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3638,9 +3638,10 @@ static int prepare_coming_module(struct module *mod)
>  	if (err)
>  		return err;
>  
> -	blocking_notifier_call_chain(&module_notify_list,
> -				     MODULE_STATE_COMING, mod);
> -	return 0;
> +	ret = blocking_notifier_call_chain(&module_notify_list,
> +					   MODULE_STATE_COMING, mod);
> +	ret = notifier_to_errno(ret);
> +	return ret;
>  }
>  
>  static int unknown_module_param_cb(char *param, char *val, const char *modname,
> @@ -3780,7 +3781,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
>  
>  	err = prepare_coming_module(mod);
>  	if (err)
> -		goto bug_cleanup;
> +		goto coming_cleanup;

Not good. klp_module_going() is not prepared to be called without 
klp_module_coming() succeeding. "Funny" things might happen.

Also destroy_params() might be called without parse_args() first now.

So it calls for more fine-grained error handling.

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ