lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250521171635.848656-1-pchelkin@ispras.ru>
Date: Wed, 21 May 2025 20:16:33 +0300
From: Fedor Pchelkin <pchelkin@...ras.ru>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	stable@...r.kernel.org
Cc: Fedor Pchelkin <pchelkin@...ras.ru>,
	Steven Rostedt <rostedt@...dmis.org>,
	Masami Hiramatsu <mhiramat@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	x86@...nel.org,
	Peter Zijlstra <peterz@...radead.org>,
	"Mike Rapoport (Microsoft)" <rppt@...nel.org>,
	linux-kernel@...r.kernel.org,
	lvc-project@...uxtesting.org
Subject: [PATCH 5.15 0/1] Oopses on module unload seen on 5.15-rc

A followup to the similar patch sent to 6.1.y:
https://lore.kernel.org/stable/20250521165909.834545-1-pchelkin@ispras.ru/

commit 959cadf09dbae7b304f03e039b8d8e13c529e2dd
Author: Peter Zijlstra <peterz@...radead.org>
Date:   Mon Oct 14 10:05:48 2024 -0700

    x86/its: Use dynamic thunks for indirect branches
    
    commit 872df34d7c51a79523820ea6a14860398c639b87 upstream.

being ported to 5.15.y would lead to kernel crashes there after module
unload operations.

As mentioned in the blamed patch comment describing the backport
adaptations:

[ pawan: CONFIG_EXECMEM and CONFIG_EXECMEM_ROX are not supported on
        backport kernel, made changes to use module_alloc() and
        set_memory_*() for dynamic thunks. ]

module_alloc/module_memfree in conjunction with memory protection routines
were used. The allocated memory is vmalloc-based, and it ends up being ROX
upon release inside its_free_mod().

Freeing of special permissioned memory in vmalloc requires its own
handling. VM_FLUSH_RESET_PERMS flag was introduced for these purposes.

In-kernel users dealing with the stuff had to care about this explicitly
before commit 4c4eb3ecc91f ("x86/modules: Set VM_FLUSH_RESET_PERMS in
module_alloc()"). It fixes the current problem.

More recent kernels starting from 6.2 have the commit and are not affected.

Found by Linux Verification Center (linuxtesting.org).

Thomas Gleixner (1):
  x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()

 arch/x86/kernel/ftrace.c       | 2 --
 arch/x86/kernel/kprobes/core.c | 1 -
 arch/x86/kernel/module.c       | 9 +++++----
 3 files changed, 5 insertions(+), 7 deletions(-)

-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ