Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Ingo Molnar

Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel

Date: Wednesday, December 22, 2010 - 2:57 pm

* Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:

quoted text> On Wed, 22 Dec 2010 13:40:19 +0100, Ingo Molnar said:
> > 
> > * mat <castet.matthieu@free.fr> wrote:
> > 
> > > Le Wed, 8 Dec 2010 14:19:51 -0800,
> > > Kees Cook <kees.cook@canonical.com> a écrit :
> > > 
> > > > On Fri, Nov 26, 2010 at 06:23:55PM +0100, mat wrote:
> > > > > could you try the attached patch ?
> > > > > 
> > > > > on module load, we sort the __jump_table section. So we should make
> > > > > it writable.
> > > > > 
> > > > > 
> > > > > Matthieu
> > > > 
> > > > > diff --git a/arch/x86/include/asm/jump_label.h
> > > > > b/arch/x86/include/asm/jump_label.h index f52d42e..574dbc2 100644
> > > > > --- a/arch/x86/include/asm/jump_label.h
> > > > > +++ b/arch/x86/include/asm/jump_label.h
> > > > > @@ -14,7 +14,7 @@
> > > > >  	do
> > > > > {							\ asm
> > > > > goto("1:"					\
> > > > > JUMP_LABEL_INITIAL_NOP			\
> > > > > -			".pushsection __jump_table,  \"a\" \n\t"\
> > > > > +			".pushsection __jump_table,  \"aw\" \n\t"\
> > > > >  			_ASM_PTR "1b, %l[" #label "], %c0 \n\t" \
> > > > >  			".popsection \n\t"			\
> > > > >  			: :  "i" (key) :  : label);
> > > > > \
> > > > 
> > > > Acked-by: Kees Cook <kees.cook@canonical.com>
> > > > 
> > > > Can this please get committed to tip?
> > > I think it is not need anymore with  Steven Rostedt patch [1]
> > > 
> > > Matthieu
> > > 
> > > [1]
> > > > > Here we set the text read only before we call the notifiers. The
> > > > > function tracer changes the calls to mcount into nops via a notifier
> > > > > call so this must be done after the module notifiers.
> > 
> > What's the status of this bug?
> > 
> > If we still need the patch then please submit it standalone with a proper subject 
> > line, with acks/signoffs added, etc.
> 
> Steve Rostedt's patch that moves the setting of the page permissions seems to make 
> this patch no longer necessary.  I tripped over this same issue, but the version 
> in the latest -mmotm does not need it, as it includes Steve's fix.

It would be nice to see that fix submitted so that it gets into the tree that 
introduced the bug.

Steve, Andrew?

Thanks,

	Ingo
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 3/3 V13] RO/NX protection for loadable kernel, matthieu castet, (Tue Nov 16, 2:35 pm)

[tip:x86/security] x86: Add RO/NX protection for loadable ..., tip-bot for matthieu ..., (Thu Nov 18, 7:13 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Valdis.Kletnieks, (Wed Nov 24, 8:41 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, mat, (Fri Nov 26, 10:23 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Valdis.Kletnieks, (Mon Nov 29, 9:59 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Steven Rostedt, (Mon Nov 29, 11:15 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Rusty Russell, (Mon Nov 29, 4:35 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Steven Rostedt, (Tue Nov 30, 7:46 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, mat, (Tue Nov 30, 2:20 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Steven Rostedt, (Tue Nov 30, 5:38 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Rusty Russell, (Wed Dec 1, 6:36 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Kees Cook, (Wed Dec 8, 3:19 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, mat, (Fri Dec 10, 4:18 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Kees Cook, (Fri Dec 10, 5:27 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Kees Cook, (Sat Dec 11, 4:15 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Ingo Molnar, (Wed Dec 22, 5:40 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Valdis.Kletnieks, (Wed Dec 22, 2:35 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Ingo Molnar, (Wed Dec 22, 2:57 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Steven Rostedt, (Wed Dec 22, 3:02 pm)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Ingo Molnar, (Thu Dec 23, 1:49 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Steven Rostedt, (Thu Dec 23, 8:01 am)

Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel, Valdis.Kletnieks, (Thu Dec 23, 6:43 pm)

Navigation

Popular discussions


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Hugh Dickins	Re: Linux 2.6.26-rc1 - pgtable_32.c:178 pmd_bad
Bernhard Beck	[PATCH 001/001] usb-serial: Add ThinkOptics WavIT
Oleg Nesterov	Re: [PATCH 4/5] don't panic if /sbin/init exits or killed
Greg KH	[patch 07/21] rtc-pcf8563: detect polarity of century bit automatically
git:
Jonathan del Strother	Re: [PATCH] Fixing path quoting issues
Gerrit Pape	[PATCH] fix skipping merge-order test with NO_OPENSSL=1.
Linus Torvalds	Re: Implementing branch attributes in git config
Johannes Schindelin	Re: Trying to use git-filter-branch to compress history by removing large, obsolet...
Gerrit Pape	[PATCH] hooks--update: fix test for properly set up project description file
linux-netdev:
David Miller	Re: [PATCH 04/15] tg3: Preserve LAA when device control is released
Jean-Louis Dupond	Re: tg3 driver not advertising 1000mbit
Sven Wegener	[PATCH] ipvs: Add missing locking during connection table hashing and unhashing
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
Stephen Hemminger	[PATCH 2/2] sky2: fix transmit state on resume
git-commits-head:
Linux Kernel Mailing List	[SCSI] scsi ioctl: fix kernel-doc warning
Linux Kernel Mailing List	ALSA: HDA - Correct trivial typos in comments.
Linux Kernel Mailing List	i2c-viapro: Add support for SMBus Process Call transactions
Linux Kernel Mailing List	i2c: Documentation: upgrading clients HOWTO
Linux Kernel Mailing List	[PATCH] fix sysctl_nr_open bugs
openbsd-misc:
Die Gestalt	Re: How to re-build openssl with SHA1 support?
Edwin Eyan Moragas	Re: managing routes for multiple PPPoE connections
Brian Candler	Re: OBSD's perspective on SELinux
Jonathan Schleifer	Why is getaddrinfo breaking POSIX?
Predrag Punosevac	Re: Kernel developers guide/tutorial

Colocation donated by:

Syndicate