| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2022 04:08:04 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: linux-kbuild@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Nick Desaulniers <ndesaulniers@...gle.com>
Subject: [PATCH 20/27] modpost: mitigate false-negatives for static EXPORT_SYMBOL checks
The 'static' specifier and EXPORT_SYMBOL() are an odd combination.
Since commit 15bfc2348d54 ("modpost: check for static EXPORT_SYMBOL*
functions"), modpost tries to detect it, but there are false negatives.
Here is the sample code.
[Sample 1]
Makefile:
obj-m += mymod1.o mymod2.o
mymod1.c:
#include <linux/export.h>
#include <linux/module.h>
static void foo(void) {}
EXPORT_SYMBOL(foo);
MODULE_LICENSE("GPL");
mymod2.c:
#include <linux/module.h>
void foo(void) {}
MODULE_LICENSE("GPL");
mymod1 exports the static symbol 'foo', but modpost cannot catch it
because it is confused by the same name symbol in another module, mymod2.
(Without mymod2, modpost can detect the error in mymod1)
find_symbol() returns the first symbol found in the hash table with the
given name. This hash table is global, so it may return a symbol from
an unrelated module. So, a global symbol in a module may unset the
'is_static' flag of a different module.
To mitigate this issue, add find_symbol_in_module(), which receives the
module pointer as the second argument. If non-NULL pointer is passed, it
returns the symbol in the specified module. If NULL is passed, it is
equivalent to find_module().
Please note there are still false positives in the composite module,
like below (or when both are built-in). I have no idea how to do this
correctly.
[Sample 2] (not fixed by this commit)
Makefile:
obj-m += mymod.o
mymod-objs := mymod1.o mymod2.o
Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
---
scripts/mod/modpost.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 908390b4fa80..fb50927cd241 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -271,7 +271,8 @@ static void sym_add_unresolved(const char *name, struct module *mod, bool weak)
list_add_tail(&sym->list, &mod->unresolved_symbols);
}
-static struct symbol *find_symbol(const char *name)
+static struct symbol *find_symbol_in_module(const char *name,
+ struct module *mod)
{
struct symbol *s;
@@ -280,11 +281,17 @@ static struct symbol *find_symbol(const char *name)
name++;
hash_for_matched_symbol(s, exported_symbols, name) {
- return s;
+ if (!mod || s->module == mod)
+ return s;
}
return NULL;
}
+static struct symbol *find_symbol(const char *name)
+{
+ return find_symbol_in_module(name, NULL);
+}
+
struct namespace_list {
struct list_head list;
char namespace[];
@@ -2062,8 +2069,9 @@ static void read_symbols(const char *modname)
if (bind == STB_GLOBAL || bind == STB_WEAK) {
struct symbol *s =
- find_symbol(remove_dot(info.strtab +
- sym->st_name));
+ find_symbol_in_module(remove_dot(info.strtab +
+ sym->st_name),
+ mod);
if (s)
s->is_static = false;
--
2.32.0
Powered by blists - more mailing lists