From: Ingo Molnar <mingo@elte.hu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Slaby <jirislaby@gmail.com>,
David Miller <davem@davemloft.net>,
zdenek.kabelac@gmail.com, rjw@sisk.pl,
paulmck@linux.vnet.ibm.com, akpm@linux-foundation.org,
linux-ext4@vger.kernel.org, herbert@gondor.apana.org.au,
penberg@cs.helsinki.fi, clameter@sgi.com,
linux-kernel@vger.kernel.org,
Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>,
Andi Kleen <andi@firstfloor.org>,
pageexec@freemail.hu, "H. Peter Anvin" <hpa@zytor.com>,
Jeremy Fitzhardinge <jeremy@goop.org>
Subject: Re: [PATCH 1/1] x86: fix text_poke
Date: Fri, 25 Apr 2008 17:32:07 +0200 [thread overview]
Message-ID: <20080425153207.GA2280@elte.hu> (raw)
In-Reply-To: <20080425152650.GA894@elte.hu>
* Ingo Molnar <mingo@elte.hu> wrote:
> > > > The 0xf0 pattern comes from alternatives_smp_lock: text_poke(*ptr,
> > > > ((unsigned char []){0xf0}), 1);
> > >
> > > And we should really add a lot more sanity checking there.
>
> something like the patch below? (untested)
the one below even builds and boots.
this assumes that all modules areas are allocated via PAGE_KERNEL_EXEC -
but that is generally true on x86 due to NX. 32-bit uses vmalloc_exec(),
64-bit uses __vmalloc_area(..., PAGE_KERNEL_EXEC).
Jiri ... if you have any desire/stamina to still test this code - does
the patch below produce any warnings if you unapply your fix as well,
during suspend/resume?
Ingo
--------------->
Subject: x86: harden kernel code patching
From: Ingo Molnar <mingo@elte.hu>
Date: Fri Apr 25 17:07:03 CEST 2008
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
arch/x86/kernel/alternative.c | 5 +++++
mm/vmalloc.c | 3 +++
2 files changed, 8 insertions(+)
Index: linux/arch/x86/kernel/alternative.c
===================================================================
--- linux.orig/arch/x86/kernel/alternative.c
+++ linux/arch/x86/kernel/alternative.c
@@ -518,6 +518,11 @@ void *__kprobes text_poke(void *addr, co
if (core_kernel_text((unsigned long)addr)) {
struct page *pages[2] = { virt_to_page(addr),
virt_to_page(addr + PAGE_SIZE) };
+ /*
+ * Module text pages are PageReserved:
+ */
+ WARN_ON(pages[0] && !PageReserved(pages[0]));
+ WARN_ON(pages[1] && !PageReserved(pages[1]));
if (!pages[1])
nr_pages = 1;
vaddr = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL);
Index: linux/mm/vmalloc.c
===================================================================
--- linux.orig/mm/vmalloc.c
+++ linux/mm/vmalloc.c
@@ -391,6 +391,7 @@ static void __vunmap(const void *addr, i
struct page *page = area->pages[i];
BUG_ON(!page);
+ ClearPageReserved(page);
__free_page(page);
}
@@ -507,6 +508,8 @@ static void *__vmalloc_area_node(struct
area->nr_pages = i;
goto fail;
}
+ if (pgprot_val(prot) == pgprot_val(PAGE_KERNEL_EXEC))
+ SetPageReserved(page);
area->pages[i] = page;
}
next prev parent reply other threads:[~2008-04-25 15:32 UTC|newest]
Thread overview: 173+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200804191522.54334.rjw@sisk.pl>
2008-04-20 19:04 ` 2.6.25-git2: BUG: unable to handle kernel paging request at ffffffffffffffff Rafael J. Wysocki
2008-04-20 19:14 ` Rafael J. Wysocki
2008-04-20 21:31 ` Linus Torvalds
2008-04-21 1:18 ` Herbert Xu
2008-04-21 2:08 ` Paul E. McKenney
2008-04-21 4:59 ` Paul E. McKenney
2008-04-21 5:47 ` Paul E. McKenney
2008-04-21 13:00 ` Ingo Molnar
2008-04-21 16:06 ` Linus Torvalds
2008-04-21 16:24 ` Rafael J. Wysocki
2008-04-21 15:49 ` Linus Torvalds
2008-04-21 17:05 ` Paul E. McKenney
2008-04-21 17:30 ` Linus Torvalds
2008-04-21 17:43 ` Paul E. McKenney
2008-04-22 1:03 ` Herbert Xu
2008-04-22 13:36 ` Paul E. McKenney
2008-04-21 16:12 ` Rafael J. Wysocki
2008-04-21 16:54 ` Linus Torvalds
2008-04-21 17:06 ` Jiri Slaby
2008-04-21 17:19 ` Rafael J. Wysocki
2008-04-21 17:48 ` Linus Torvalds
2008-04-21 18:22 ` Rafael J. Wysocki
2008-04-21 19:38 ` Jiri Slaby
2008-04-21 20:39 ` David Miller
2008-04-21 21:18 ` Jiri Slaby
2008-04-21 21:58 ` Jiri Slaby
2008-04-21 22:26 ` Jiri Slaby
2008-04-21 22:54 ` Paul E. McKenney
2008-04-21 23:02 ` Jiri Slaby
2008-04-21 23:11 ` Zdenek Kabelac
2008-04-21 23:17 ` Jiri Slaby
2008-04-22 0:54 ` Rafael J. Wysocki
2008-04-22 1:14 ` Linus Torvalds
2008-04-22 1:30 ` Rafael J. Wysocki
2008-04-22 9:49 ` Jiri Slaby
2008-04-22 9:53 ` Ingo Molnar
2008-04-22 18:35 ` Zdenek Kabelac
2008-04-22 18:48 ` Linus Torvalds
2008-04-23 8:50 ` Zdenek Kabelac
2008-04-23 15:53 ` Linus Torvalds
2008-04-23 16:58 ` Pekka Enberg
2008-04-23 17:28 ` Zdenek Kabelac
2008-04-23 17:40 ` Ingo Molnar
2008-04-23 18:52 ` Pekka Enberg
2008-04-23 19:05 ` Christoph Lameter
2008-04-23 19:19 ` Pekka J Enberg
2008-04-23 19:28 ` Christoph Lameter
2008-04-23 20:27 ` Zdenek Kabelac
2008-04-24 22:26 ` Jiri Slaby
2008-04-24 22:41 ` Linus Torvalds
2008-04-25 0:57 ` Jiri Slaby
2008-04-24 23:45 ` Linus Torvalds
2008-04-25 7:36 ` Jiri Slaby
2008-04-25 14:09 ` Pavel Machek
2008-04-25 15:30 ` Rafael J. Wysocki
2008-04-25 17:10 ` Jiri Slaby
2008-04-25 9:13 ` David Miller
2008-04-25 12:15 ` Zdenek Kabelac
2008-04-25 12:27 ` Zdenek Kabelac
2008-04-25 15:12 ` [PATCH 1/1] x86: fix text_poke Jiri Slaby
2008-04-25 15:03 ` Linus Torvalds
2008-04-25 15:17 ` Andi Kleen
2008-04-25 19:36 ` Christoph Lameter
2008-04-26 9:59 ` Andi Kleen
2008-04-26 11:16 ` Jiri Slaby
2008-04-26 11:34 ` Andi Kleen
2008-04-28 20:24 ` VIRTUAL_BUG_ON() Christoph Lameter
2008-05-01 19:22 ` [RFC 1/1] mm: add virt to phys debug Jiri Slaby
2008-05-01 20:18 ` Christoph Lameter
2008-05-06 21:54 ` Jiri Slaby
2008-05-07 17:30 ` Christoph Lameter
2008-05-13 14:38 ` Jiri Slaby
2008-04-25 15:19 ` [PATCH 1/1] x86: fix text_poke Ingo Molnar
2008-04-25 15:26 ` Ingo Molnar
2008-04-25 15:32 ` Ingo Molnar [this message]
2008-04-25 15:33 ` Linus Torvalds
2008-04-25 15:48 ` Andi Kleen
2008-04-25 16:06 ` Linus Torvalds
2008-04-25 16:19 ` Andi Kleen
2008-04-25 16:24 ` Linus Torvalds
2008-04-25 16:33 ` Ingo Molnar
2008-04-25 18:13 ` Jeremy Fitzhardinge
2008-05-05 2:36 ` Nick Piggin
2008-04-25 16:30 ` Mathieu Desnoyers
2008-04-25 16:42 ` H. Peter Anvin
2008-04-25 17:09 ` Mathieu Desnoyers
2008-04-25 18:37 ` Mathieu Desnoyers
2008-04-25 18:47 ` H. Peter Anvin
2008-04-25 19:19 ` H. Peter Anvin
2008-04-25 20:04 ` Mathieu Desnoyers
2008-04-25 20:09 ` H. Peter Anvin
2008-04-25 20:18 ` H. Peter Anvin
2008-04-25 20:37 ` Mathieu Desnoyers
2008-04-25 20:41 ` H. Peter Anvin
2008-04-25 20:51 ` Linus Torvalds
2008-04-25 21:12 ` Mathieu Desnoyers
2008-04-25 21:15 ` H. Peter Anvin
2008-04-25 21:47 ` Mathieu Desnoyers
2008-04-25 22:07 ` H. Peter Anvin
2008-04-25 22:30 ` Mathieu Desnoyers
2008-04-25 22:36 ` Linus Torvalds
2008-04-28 20:21 ` Ingo Molnar
2008-04-28 20:55 ` Jeremy Fitzhardinge
2008-04-28 21:01 ` H. Peter Anvin
2008-04-28 22:42 ` Mathieu Desnoyers
2008-04-28 20:43 ` Mathieu Desnoyers
2008-04-28 21:02 ` Jeremy Fitzhardinge
2008-05-04 15:03 ` Mathieu Desnoyers
2008-05-04 16:18 ` H. Peter Anvin
2008-04-25 22:38 ` H. Peter Anvin
2008-04-25 22:04 ` Linus Torvalds
2008-04-25 23:00 ` Mathieu Desnoyers
2008-04-25 23:13 ` Jeremy Fitzhardinge
2008-04-25 23:34 ` Masami Hiramatsu
2008-04-26 6:21 ` Jeremy Fitzhardinge
2008-04-26 11:56 ` Arnaldo Carvalho de Melo
2008-04-26 23:38 ` Jeremy Fitzhardinge
2008-04-27 1:00 ` Arnaldo Carvalho de Melo
2008-04-26 2:12 ` Frank Ch. Eigler
2008-06-05 17:44 ` Frank Ch. Eigler
2008-04-26 6:50 ` Jeremy Fitzhardinge
2008-04-28 0:49 ` Masami Hiramatsu
2008-04-25 21:02 ` David Miller
2008-04-25 21:11 ` H. Peter Anvin
2008-04-25 16:22 ` Ingo Molnar
2008-04-25 16:37 ` Linus Torvalds
2008-04-25 16:43 ` Ingo Molnar
2008-04-25 16:45 ` Ingo Molnar
2008-04-25 16:51 ` Linus Torvalds
2008-04-25 17:02 ` Ingo Molnar
2008-04-25 17:13 ` Linus Torvalds
2008-04-25 17:26 ` Andi Kleen
2008-04-25 17:29 ` Linus Torvalds
2008-04-25 17:53 ` Ingo Molnar
2008-04-25 18:04 ` Ingo Molnar
2008-04-25 18:09 ` Linus Torvalds
2008-04-25 18:19 ` Ingo Molnar
2008-04-25 18:56 ` Ingo Molnar
2008-04-25 18:13 ` Ingo Molnar
2008-04-25 16:52 ` Ingo Molnar
2008-04-25 16:56 ` Andi Kleen
2008-04-25 15:50 ` Ingo Molnar
2008-04-25 15:57 ` H. Peter Anvin
2008-04-25 18:53 ` Pavel Machek
2008-04-25 16:11 ` Linus Torvalds
2008-04-25 15:54 ` Mathieu Desnoyers
2008-04-25 15:59 ` Ingo Molnar
2008-04-25 16:11 ` Mathieu Desnoyers
2008-04-25 15:27 ` Andi Kleen
2008-04-25 20:18 ` David Miller
2008-04-25 15:23 ` Jiri Slaby
2008-04-25 1:35 ` 2.6.25-git2: BUG: unable to handle kernel paging request at ffffffffffffffff David Miller
2008-04-25 1:48 ` Linus Torvalds
2008-04-25 1:57 ` David Miller
2008-04-25 7:41 ` Jiri Slaby
2008-04-25 7:45 ` David Miller
2008-04-25 8:02 ` Jiri Slaby
2008-04-25 10:53 ` Craig Schlenter
2008-04-25 7:42 ` Jiri Slaby
2008-04-25 7:49 ` David Miller
2008-04-25 7:56 ` Jiri Slaby
2008-04-25 7:58 ` David Miller
2008-04-25 8:00 ` Jiri Slaby
2008-04-25 15:47 ` Randy Dunlap
2008-04-22 21:46 ` Rafael J. Wysocki
2008-04-22 19:09 ` Ingo Molnar
2008-04-22 1:15 ` Rafael J. Wysocki
2008-04-22 1:25 ` [ProbableSpam]Re: " Paul E. McKenney
2008-04-21 21:19 ` Linus Torvalds
2008-04-21 21:54 ` David Miller
2008-04-21 13:17 ` Ingo Molnar
2008-04-21 13:35 ` Rafael J. Wysocki
2008-04-21 18:56 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080425153207.GA2280@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=clameter@sgi.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jeremy@goop.org \
--cc=jirislaby@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@polymtl.ca \
--cc=pageexec@freemail.hu \
--cc=paulmck@linux.vnet.ibm.com \
--cc=penberg@cs.helsinki.fi \
--cc=rjw@sisk.pl \
--cc=torvalds@linux-foundation.org \
--cc=zdenek.kabelac@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).