lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d72f55fc-bbe2-b02d-0a90-ad6aaef8810e@linux.com>
Date:   Fri, 17 Sep 2021 23:07:22 +0300
From:   Denis Efremov <efremov@...ux.com>
To:     Linux-kernel <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>
Subject: Unloading a module with a function which is used by a static call

Hi,

I'm not sure, but is it intentional that we don't increase a module refcounter
when we call static_call_update()? Let's imagine that:

we load "Module A" with:
  void fire_a(...) {...}
  DEFINE_STATIC_CALL(fire, fire_a);
  EXPORT_STATIC_CALL_GPL(fire);
  static_call(fire)(); // from time-to-time
and load "Module B" that:
  void fire_b(...) {...}
  static_call_update(fire, &fire_b);

and then unload "Module B" without updating back "fire" to "fire_a".
"Module A" will try to call "fire_b" and will crash the kernel or
call something else instead. Maybe pointing static call to a default
value in static_call_del_module() with a WARN can be used instead
of module_get().

I reproduced this scenario here:
https://github.com/evdenis/static_calls_unload_test

Regards,
Denis Efremov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ