| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aJnccgC5E-ui2Oqo@willie-the-truck> Date: Mon, 11 Aug 2025 13:05:06 +0100 From: Will Deacon <will@...nel.org> To: Marc Zyngier <maz@...nel.org> Cc: fanqincui <fanqincui@....com>, catalin.marinas@....com, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Fanqin Cui <cuifq1@...natelecom.cn>, hanht2@...natelecom.cn Subject: Re: [PATCH] arm64/module: Support for patching modules during runtime On Mon, Aug 11, 2025 at 09:01:43AM +0100, Marc Zyngier wrote: > On Mon, 11 Aug 2025 08:37:32 +0100, > fanqincui <fanqincui@....com> wrote: > > > > Hi will, > > Yes, you are right. The alternative callback function lives inside the module. > > This callback function is actually similar to kvm_update_va_mask in KVM; > > > > The module's callback function calculates some values based on > > the current CPU features and then performs the replacement. > > > > The .text.alternative_cb section is actually marked as SHF_EXECINSTR | SHF_ALLOC > > during compilation, so intersections() includes this section and sets it as executable later. > > I'm worried there is a chicken-and-egg problem here. What if the > callback itself requires patching via some other alternative? Is there > a guarantee that this always performed in the correct order? Maybe we should just reject loading modules that have alternative callbacks that don't reside in the kernel text? I _think_ that should cover all the in-tree users, although I didn't get a reply to my question asking which module triggered this bug report. Will
Powered by blists - more mailing lists