[PATCH] some large create_module(2) sizes can oops a kernel

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] some large create_module(2) sizes can oops a kernel
@ 2003-01-12  2:41 Joe Korty
  2003-01-13  2:34 ` Rusty Russell
  0 siblings, 1 reply; 3+ messages in thread
From: Joe Korty @ 2003-01-12  2:41 UTC (permalink / raw)
  To: trivial; +Cc: linux-kernel

Hi Rusty aka trivial patch monkey, everyone,

The 2.4 kernel will oops when create_module(2) is passed a size of
-1, -2, or any size larger than num_physpages.  The following patch
is one of the many simple ways to fix this.  Please consider it or
some variant for inclusion in 2.4.

I mention this issue only because the kernel should not be panic-able
based on user input to system services.

This patch leaves unfixed the sparc64, x86_64, and generic
architectures.  Only the i386 was tested.

Regards,
Joe



diff -ur 2.4.21-pre3/include/asm-alpha/module.h 2.4.21-pre3-jak/include/asm-alpha/module.h
--- 2.4.21-pre3/include/asm-alpha/module.h	2001-09-13 18:21:32.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-alpha/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the alpha architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	alpha_module_init(x)
 #define arch_init_modules(x)	alpha_init_modules(x)
diff -ur 2.4.21-pre3/include/asm-arm/module.h 2.4.21-pre3-jak/include/asm-arm/module.h
--- 2.4.21-pre3/include/asm-arm/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-arm/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the arm architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-cris/module.h 2.4.21-pre3-jak/include/asm-cris/module.h
--- 2.4.21-pre3/include/asm-cris/module.h	2001-10-08 14:43:54.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-cris/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the CRIS architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)    do { } while (0)
diff -ur 2.4.21-pre3/include/asm-i386/module.h 2.4.21-pre3-jak/include/asm-i386/module.h
--- 2.4.21-pre3/include/asm-i386/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-i386/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the i386 architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
Only in 2.4.21-pre3-jak/include/asm-i386: module.h.orig
diff -ur 2.4.21-pre3/include/asm-ia64/module.h 2.4.21-pre3-jak/include/asm-ia64/module.h
--- 2.4.21-pre3/include/asm-ia64/module.h	2002-11-28 18:53:15.000000000 -0500
+++ 2.4.21-pre3-jak/include/asm-ia64/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -11,7 +11,7 @@
 #include <linux/vmalloc.h>
 #include <asm/unwind.h>
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		ia64_module_unmap(x)
 #define module_arch_init(x)	ia64_module_init(x)
 
diff -ur 2.4.21-pre3/include/asm-m68k/module.h 2.4.21-pre3-jak/include/asm-m68k/module.h
--- 2.4.21-pre3/include/asm-m68k/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-m68k/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the m68k architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-mips/module.h 2.4.21-pre3-jak/include/asm-mips/module.h
--- 2.4.21-pre3/include/asm-mips/module.h	2001-09-09 13:43:01.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-mips/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -7,7 +7,7 @@
 #include <linux/module.h>
 #include <asm/uaccess.h>
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	mips_module_init(x)
 #define arch_init_modules(x)	mips_init_modules(x)
diff -ur 2.4.21-pre3/include/asm-mips64/module.h 2.4.21-pre3-jak/include/asm-mips64/module.h
--- 2.4.21-pre3/include/asm-mips64/module.h	2001-09-09 13:43:02.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-mips64/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -7,7 +7,7 @@
 #include <linux/module.h>
 #include <asm/uaccess.h>
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	mips64_module_init(x)
 #define arch_init_modules(x)	mips64_init_modules(x)
diff -ur 2.4.21-pre3/include/asm-parisc/module.h 2.4.21-pre3-jak/include/asm-parisc/module.h
--- 2.4.21-pre3/include/asm-parisc/module.h	2002-11-28 18:53:15.000000000 -0500
+++ 2.4.21-pre3-jak/include/asm-parisc/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the parisc architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-ppc/module.h 2.4.21-pre3-jak/include/asm-ppc/module.h
--- 2.4.21-pre3/include/asm-ppc/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-ppc/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -7,7 +7,7 @@
  * This file contains the PPC architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-ppc64/module.h 2.4.21-pre3-jak/include/asm-ppc64/module.h
--- 2.4.21-pre3/include/asm-ppc64/module.h	2002-08-02 20:39:45.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-ppc64/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -11,7 +11,7 @@
  * 2 of the License, or (at your option) any later version.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define arch_init_modules(x)	do { } while (0)
 #define module_arch_init(x)  (0)
diff -ur 2.4.21-pre3/include/asm-s390/module.h 2.4.21-pre3-jak/include/asm-s390/module.h
--- 2.4.21-pre3/include/asm-s390/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-s390/module.h	2003-01-11 20:51:39.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the s390 architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-s390x/module.h 2.4.21-pre3-jak/include/asm-s390x/module.h
--- 2.4.21-pre3/include/asm-s390x/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-s390x/module.h	2003-01-11 20:51:40.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the s390 architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-sh/module.h 2.4.21-pre3-jak/include/asm-sh/module.h
--- 2.4.21-pre3/include/asm-sh/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-sh/module.h	2003-01-11 20:51:40.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the SH architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)
diff -ur 2.4.21-pre3/include/asm-sparc/module.h 2.4.21-pre3-jak/include/asm-sparc/module.h
--- 2.4.21-pre3/include/asm-sparc/module.h	2001-09-13 19:33:03.000000000 -0400
+++ 2.4.21-pre3-jak/include/asm-sparc/module.h	2003-01-11 20:51:40.000000000 -0500
@@ -4,7 +4,7 @@
  * This file contains the sparc architecture specific module code.
  */
 
-#define module_map(x)		vmalloc(x)
+#define module_map(x)		(((size >> PAGE_SHIFT) > num_physpages) ? NULL : vmalloc(x))
 #define module_unmap(x)		vfree(x)
 #define module_arch_init(x)	(0)
 #define arch_init_modules(x)	do { } while (0)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] some large create_module(2) sizes can oops a kernel
  2003-01-12  2:41 [PATCH] some large create_module(2) sizes can oops a kernel Joe Korty
@ 2003-01-13  2:34 ` Rusty Russell
  2003-01-13  3:59   ` Joe Korty
  0 siblings, 1 reply; 3+ messages in thread
From: Rusty Russell @ 2003-01-13  2:34 UTC (permalink / raw)
  To: Joe Korty; +Cc: linux-kernel

In message <200301120241.CAA16791@rudolph.ccur.com> you write:
> Hi Rusty aka trivial patch monkey, everyone,
> 
> The 2.4 kernel will oops when create_module(2) is passed a size of
> -1, -2, or any size larger than num_physpages.  The following patch
> is one of the many simple ways to fix this.  Please consider it or
> some variant for inclusion in 2.4.

How about removing the BUG() from vmalloc.c, like 2.5 has done?

Rusty.
--
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] some large create_module(2) sizes can oops a kernel
  2003-01-13  2:34 ` Rusty Russell
@ 2003-01-13  3:59   ` Joe Korty
  0 siblings, 0 replies; 3+ messages in thread
From: Joe Korty @ 2003-01-13  3:59 UTC (permalink / raw)
  To: Rusty Russell; +Cc: Joe Korty, linux-kernel

> How about removing the BUG() from vmalloc.c, like 2.5 has done?

I was erring on the safe side of assuming the BUG was useful for
detecting internal (non-user) erronous uses of vmalloc.  However
if that is not an issue then removing the BUG is best.

Joe

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-01-13  3:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-12  2:41 [PATCH] some large create_module(2) sizes can oops a kernel Joe Korty
2003-01-13  2:34 ` Rusty Russell
2003-01-13  3:59   ` Joe Korty

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox