Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20190118172334.d7b1bcd580c3f6c4ed388160@kernel.org>
Date: Fri, 18 Jan 2019 17:23:34 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Nadav Amit <namit@...are.com>
Cc: Rick Edgecombe <rick.p.edgecombe@...el.com>, Andy Lutomirski
 <luto@...nel.org>, Ingo Molnar <mingo@...hat.com>, Linux List Kernel
 Mailing <linux-kernel@...r.kernel.org>, the arch/x86 maintainers
 <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner
 <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Dave Hansen
 <dave.hansen@...ux.intel.com>, Peter Zijlstra <peterz@...radead.org>,
 Damian Tometzki <linux_dti@...oud.com>, linux-integrity
 <linux-integrity@...r.kernel.org>, LSM List
 <linux-security-module@...r.kernel.org>, Andrew Morton
 <akpm@...ux-foundation.org>, Kernel Hardening
 <kernel-hardening@...ts.openwall.com>, Linux-MM <linux-mm@...ck.org>, Will
 Deacon <will.deacon@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>,
 "kristen@...ux.intel.com" <kristen@...ux.intel.com>,
 "deneen.t.dock@...el.com" <deneen.t.dock@...el.com>
Subject: Re: [PATCH 17/17] module: Prevent module removal racing with
 text_poke()

On Thu, 17 Jan 2019 18:07:03 +0000
Nadav Amit <namit@...are.com> wrote:

> > On Jan 16, 2019, at 11:54 PM, Masami Hiramatsu <mhiramat@...nel.org> wrote:
> > 
> > On Wed, 16 Jan 2019 16:32:59 -0800
> > Rick Edgecombe <rick.p.edgecombe@...el.com> wrote:
> > 
> >> From: Nadav Amit <namit@...are.com>
> >> 
> >> It seems dangerous to allow code modifications to take place
> >> concurrently with module unloading. So take the text_mutex while the
> >> memory of the module is freed.
> > 
> > At that point, since the module itself is removed from module list,
> > it seems no actual harm. Or would you have any concern?
> 
> So it appears that you are right and all the users of text_poke() and
> text_poke_bp() do install module notifiers, and remove the module from their
> internal data structure when they are done (*). As long as they prevent
> text_poke*() to be called concurrently (e.g., using jump_label_lock()),
> everything is fine.
> 
> Having said that, the question is whether you “trust” text_poke*() users to
> do so. text_poke() description does not day explicitly that you need to
> prevent modules from being removed.
> 
> What do you say?

I agreed, but in that case, this is just a fool proof. I think we should
prevent this kind of bug by review, and should comment it on text_poke(),
instead of locking text_mutex.

What I thought was even if we take text_mutex here, such user can modify
the (released) module code right after we exit this section.

Maybe we'd better make text_poke() more smart?

> (*) I am not sure about kgdb, but it probably does not matter much

I think we don't need to care about kgdb. It is a tool which should be able
to shoot your feet and we can not prevent it. Only expert can avoid it. :)

Thank you,

-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.