| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zy4zGy9aoQ1-Qokg@bombadil.infradead.org>
Date: Fri, 8 Nov 2024 07:49:47 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: Christophe Leroy <christophe.leroy@...roup.eu>,
Daniel Gomez <da.gomez@...sung.com>,
Petr Pavlu <petr.pavlu@...e.com>,
Sami Tolvanen <samitolvanen@...gle.com>,
linux-modules@...r.kernel.org
Cc: Mike Rapoport <rppt@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
Jinjie Ruan <ruanjinjie@...wei.com>, linux-kernel@...r.kernel.org,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Liu Shixin <liushixin2@...wei.com>
Subject: Re: [PATCH] static_call: Handle module init failure correctly in
static_call_del_module()
+ Other new module maintainers
On Fri, Nov 08, 2024 at 09:12:03AM +0100, Christophe Leroy wrote:
> Hi Luis,
>
> Le 24/09/2024 à 09:22, Mike Rapoport a écrit :
> > On Thu, Sep 19, 2024 at 02:53:34AM -0700, Luis Chamberlain wrote:
> > > On Fri, Sep 06, 2024 at 04:24:56PM -0700, Luis Chamberlain wrote:
> > > > On Thu, Sep 05, 2024 at 11:44:00AM +0200, Thomas Gleixner wrote:
> > > > > Now you at least provided the information that the missing cleanup in
> > > > > the init() function is not the problem. So the obvious place to look is
> > > > > in the module core code whether there is a failure path _after_
> > > > > module->init() returned success.
> > > > >
> > > > > do_init_module()
> > > > > ret = do_one_initcall(mod->init);
> > > > > ...
> > > > > ret = module_enable_rodata_ro(mod, true);
> > > > > if (ret)
> > > > > goto fail_mutex_unlock;
> > > > >
> > > > > and that error path does _not_ invoke module->exit(), which is obviously
> > > > > not correct. Luis?
> > > >
> > > > You're spot on this needs fixing.
> > >
> > > Christophe, this is a regression caused by the second hunk of your commit
> > > d1909c0221739 ("module: Don't ignore errors from set_memory_XX()") on v6.9.
> > > Sadly there are a few issues with trying to get to call mod->exit():
> > >
> > > - We should try try_stop_module() and that can fail
> > > - source_list may not be empty and that would block removal
> > > - mod->exit may not exist
> > >
> > > I'm wondering if instead we should try to do the module_enable_rodata_ro()
> > > before the init, but that requires a bit more careful evaluation...
> >
> > There is ro_after_init section, we can't really make it RO before ->init()
>
> Surprisingly I never received Luis's email
So odd..
> allthough I got this answer from Mike that I overlooked.
>
> So coming back here from
> https://lore.kernel.org/all/ZyQhbHxDTRXTJgIx@bombadil.infradead.org/
>
> As far as I understand, indeed once init is called it is too late to fail,
Partly yes, party no. Party yes in that its a can of worms we have not
had to deal with before, and also I worry about deadlocks, and the code
to address this seems complex. right ?
> Especially when the module has no exit() path or when
> CONFIG_MODULE_UNLOAD is not built in.
That's exactly the other extreme case I fear for.
> So the only thing we can do then is a big fat warning telling
> set_memory_ro() on ro_after_init memory has failed ?
I suspect this is more sensible to do.
> Maybe we should try and change it to RO then back to RW before calling init,
> to be on a safer side hopping that if change to RO works once it will work
> twice ?
That's another approach wich could work, if we proove that this does
work, it's a nice best effort and I think less or a mess to the codebase
then special-casing the error handling of trying to deal with the
driver's exit.
Daniel Gomez has been looking at this, so his feedback here would be
valuable.
Luis
Powered by blists - more mailing lists