public inbox for linux-next@vger.kernel.org
 help / color / mirror / Atom feed
From: matthieu castet <castet.matthieu@free.fr>
To: Ingo Molnar <mingo@elte.hu>
Cc: Xiaotian Feng <xtfeng@gmail.com>,
	Valdis.Kletnieks@vt.edu, Kees Cook <kees.cook@canonical.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-next@vger.kernel.org,
	Arjan van de Ven <arjan@infradead.org>,
	James Morris <jmorris@namei.org>,
	Andrew Morton <akpm@linux-foundation.org>, Andi Kleen <ak@muc.de>,
	Thomas Gleixner <tglx@linutronix.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Rusty Russell <rusty@rustcorp.com.au>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	Dave Jones <davej@redhat.com>,
	Siarhei Liakh <sliakh.lkml@gmail.com>,
	Steven Rostedt <rostedt@goodmis.org>
Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel
Date: Sat, 8 Jan 2011 12:24:55 +0100	[thread overview]
Message-ID: <20110108122455.38d31524@mat-laptop> (raw)
In-Reply-To: <20110107130426.GA24259@elte.hu>

Le Fri, 7 Jan 2011 14:04:26 +0100,
Ingo Molnar <mingo@elte.hu> a écrit :

> 
> * Xiaotian Feng <xtfeng@gmail.com> wrote:
> 
> > 
> > I'm facing a boot failure (panic'ed on
> > remove_jump_label_module_init) on 2.6.37 (latest commit 3c0cb7c),
> > which is 100% reproducible. With this patch applied, I can boot my
> > machine successfully, so I do think this patch is needed.
> 
> That would be commit:
> 
>  94462ad3b147: module: Move RO/NX module protection to after ftrace
> module update
> 
> So if commit 3c0cb7c is still broken, it has 94462ad3b147 included
> already, and there's some other bug. Kees, Steve, any ideas?
> 
The problem comes from remove_jump_label_module_init that does :
if (within_module_init(iter->code, mod))
                        iter->key = 0;

This mean if there are jump label in the module init, we will
invalidate them by writing the the jump label section.

But this section is read only.

The solution is either to make the section read write, either we avoid
this write.

For avoid the write a solution could be to do something like
trim_init_extable :
/*
 * If the exception table is sorted, any referring to the module init
 * will be at the beginning or the end.
 */


Matthieu

  reply	other threads:[~2011-01-08 11:25 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-16 21:35 [PATCH 3/3 V13] RO/NX protection for loadable kernel matthieu castet
2010-11-25  3:41 ` Valdis.Kletnieks
2010-11-26 17:23   ` mat
2010-11-29 16:59     ` Valdis.Kletnieks
2010-12-08 22:19     ` Kees Cook
2010-12-10 23:18       ` mat
2010-12-11  0:27         ` Kees Cook
     [not found]           ` <20101211115735.21b616fe@mat-laptop>
2010-12-11 23:15             ` Kees Cook
2010-12-22 12:40         ` Ingo Molnar
2010-12-22 21:35           ` Valdis.Kletnieks
2010-12-22 21:57             ` Ingo Molnar
2010-12-22 22:02               ` Steven Rostedt
2010-12-23  8:49                 ` Ingo Molnar
2010-12-23 15:01             ` Steven Rostedt
2010-12-24  1:43               ` Valdis.Kletnieks
2011-01-07  9:34             ` Xiaotian Feng
2011-01-07 13:04               ` Ingo Molnar
2011-01-08 11:24                 ` matthieu castet [this message]
2011-01-10 23:49                   ` Kees Cook
2011-01-11 22:42                     ` matthieu castet
2011-01-20 20:32               ` matthieu castet
2011-01-21  2:35                 ` Xiaotian Feng
2010-11-29 18:15 ` Steven Rostedt
2010-11-29 23:35   ` Rusty Russell
2010-11-30 14:46     ` Steven Rostedt
2010-12-01 13:36       ` Rusty Russell
2010-11-30 21:20   ` mat
2010-12-01  0:38     ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110108122455.38d31524@mat-laptop \
    --to=castet.matthieu@free.fr \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=ak@muc.de \
    --cc=akpm@linux-foundation.org \
    --cc=arjan@infradead.org \
    --cc=davej@redhat.com \
    --cc=hpa@zytor.com \
    --cc=jmorris@namei.org \
    --cc=kees.cook@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-next@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=rostedt@goodmis.org \
    --cc=rusty@rustcorp.com.au \
    --cc=sfr@canb.auug.org.au \
    --cc=sliakh.lkml@gmail.com \
    --cc=tglx@linutronix.de \
    --cc=xtfeng@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox