* [PATCH] kernel/module.c: Mark module state before set RO and NX regions
@ 2015-01-06 9:07 ` Jungseung Lee
0 siblings, 0 replies; 8+ messages in thread
From: Jungseung Lee @ 2015-01-06 9:07 UTC (permalink / raw)
To: Rusty Russell, linux-kernel, linux-arm-kernel, Catalin Marinas,
Russell King, Laura Abbott, Will Deacon, Andrew Morton
Cc: Jungseung Lee
In some architectures like arm/arm64, set_memory_*() check module address
and state as well. Mark module state before set RO and NX regions for
the routine is passed.
It will fix wrong RO/NX protection for loadable kernel modules on arm/arm64.
Signed-off-by: Jungseung Lee <js07.lee@gmail.com>
---
kernel/module.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index 3965511..7e7cc9f 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3152,6 +3152,10 @@ static int complete_formation(struct module *mod, struct load_info *info)
/* This relies on module_mutex for list integrity. */
module_bug_finalize(info->hdr, info->sechdrs, mod);
+ /* Mark state as coming so strong_try_module_get() ignores us,
+ * but kallsyms etc. can see us. */
+ mod->state = MODULE_STATE_COMING;
+
/* Set RO and NX regions for core */
set_section_ro_nx(mod->module_core,
mod->core_text_size,
@@ -3164,9 +3168,6 @@ static int complete_formation(struct module *mod, struct load_info *info)
mod->init_ro_size,
mod->init_size);
- /* Mark state as coming so strong_try_module_get() ignores us,
- * but kallsyms etc. can see us. */
- mod->state = MODULE_STATE_COMING;
mutex_unlock(&module_mutex);
blocking_notifier_call_chain(&module_notify_list,
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] kernel/module.c: Mark module state before set RO and NX regions
@ 2015-01-06 9:07 ` Jungseung Lee
0 siblings, 0 replies; 8+ messages in thread
From: Jungseung Lee @ 2015-01-06 9:07 UTC (permalink / raw)
To: linux-arm-kernel
In some architectures like arm/arm64, set_memory_*() check module address
and state as well. Mark module state before set RO and NX regions for
the routine is passed.
It will fix wrong RO/NX protection for loadable kernel modules on arm/arm64.
Signed-off-by: Jungseung Lee <js07.lee@gmail.com>
---
kernel/module.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index 3965511..7e7cc9f 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3152,6 +3152,10 @@ static int complete_formation(struct module *mod, struct load_info *info)
/* This relies on module_mutex for list integrity. */
module_bug_finalize(info->hdr, info->sechdrs, mod);
+ /* Mark state as coming so strong_try_module_get() ignores us,
+ * but kallsyms etc. can see us. */
+ mod->state = MODULE_STATE_COMING;
+
/* Set RO and NX regions for core */
set_section_ro_nx(mod->module_core,
mod->core_text_size,
@@ -3164,9 +3168,6 @@ static int complete_formation(struct module *mod, struct load_info *info)
mod->init_ro_size,
mod->init_size);
- /* Mark state as coming so strong_try_module_get() ignores us,
- * but kallsyms etc. can see us. */
- mod->state = MODULE_STATE_COMING;
mutex_unlock(&module_mutex);
blocking_notifier_call_chain(&module_notify_list,
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] kernel/module.c: Mark module state before set RO and NX regions
2015-01-06 9:07 ` Jungseung Lee
@ 2015-01-07 4:16 ` Rusty Russell
-1 siblings, 0 replies; 8+ messages in thread
From: Rusty Russell @ 2015-01-07 4:16 UTC (permalink / raw)
To: Jungseung Lee, linux-kernel, linux-arm-kernel, Catalin Marinas,
Russell King, Laura Abbott, Will Deacon, Andrew Morton
Cc: Jungseung Lee, Laura Abbott
Jungseung Lee <js07.lee@gmail.com> writes:
> In some architectures like arm/arm64, set_memory_*() check module address
> and state as well. Mark module state before set RO and NX regions for
> the routine is passed.
>
> It will fix wrong RO/NX protection for loadable kernel modules on arm/arm64.
This partially reverts commit 4982223e51e8ea9d09bb33c8323b5ec1877b2b51
Author: Rusty Russell <rusty@rustcorp.com.au>
Date: Wed May 14 10:54:19 2014 +0930
module: set nx before marking module MODULE_STATE_COMING.
Laura Abbott (CC'd) was looking at an alternative fix for this. Laura?
Thanks,
Rusty.
> Signed-off-by: Jungseung Lee <js07.lee@gmail.com>
> ---
> kernel/module.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 3965511..7e7cc9f 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3152,6 +3152,10 @@ static int complete_formation(struct module *mod, struct load_info *info)
> /* This relies on module_mutex for list integrity. */
> module_bug_finalize(info->hdr, info->sechdrs, mod);
>
> + /* Mark state as coming so strong_try_module_get() ignores us,
> + * but kallsyms etc. can see us. */
> + mod->state = MODULE_STATE_COMING;
> +
> /* Set RO and NX regions for core */
> set_section_ro_nx(mod->module_core,
> mod->core_text_size,
> @@ -3164,9 +3168,6 @@ static int complete_formation(struct module *mod, struct load_info *info)
> mod->init_ro_size,
> mod->init_size);
>
> - /* Mark state as coming so strong_try_module_get() ignores us,
> - * but kallsyms etc. can see us. */
> - mod->state = MODULE_STATE_COMING;
> mutex_unlock(&module_mutex);
>
> blocking_notifier_call_chain(&module_notify_list,
> --
> 1.9.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] kernel/module.c: Mark module state before set RO and NX regions
@ 2015-01-07 4:16 ` Rusty Russell
0 siblings, 0 replies; 8+ messages in thread
From: Rusty Russell @ 2015-01-07 4:16 UTC (permalink / raw)
To: linux-arm-kernel
Jungseung Lee <js07.lee@gmail.com> writes:
> In some architectures like arm/arm64, set_memory_*() check module address
> and state as well. Mark module state before set RO and NX regions for
> the routine is passed.
>
> It will fix wrong RO/NX protection for loadable kernel modules on arm/arm64.
This partially reverts commit 4982223e51e8ea9d09bb33c8323b5ec1877b2b51
Author: Rusty Russell <rusty@rustcorp.com.au>
Date: Wed May 14 10:54:19 2014 +0930
module: set nx before marking module MODULE_STATE_COMING.
Laura Abbott (CC'd) was looking at an alternative fix for this. Laura?
Thanks,
Rusty.
> Signed-off-by: Jungseung Lee <js07.lee@gmail.com>
> ---
> kernel/module.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 3965511..7e7cc9f 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3152,6 +3152,10 @@ static int complete_formation(struct module *mod, struct load_info *info)
> /* This relies on module_mutex for list integrity. */
> module_bug_finalize(info->hdr, info->sechdrs, mod);
>
> + /* Mark state as coming so strong_try_module_get() ignores us,
> + * but kallsyms etc. can see us. */
> + mod->state = MODULE_STATE_COMING;
> +
> /* Set RO and NX regions for core */
> set_section_ro_nx(mod->module_core,
> mod->core_text_size,
> @@ -3164,9 +3168,6 @@ static int complete_formation(struct module *mod, struct load_info *info)
> mod->init_ro_size,
> mod->init_size);
>
> - /* Mark state as coming so strong_try_module_get() ignores us,
> - * but kallsyms etc. can see us. */
> - mod->state = MODULE_STATE_COMING;
> mutex_unlock(&module_mutex);
>
> blocking_notifier_call_chain(&module_notify_list,
> --
> 1.9.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] kernel/module.c: Mark module state before set RO and NX regions
2015-01-07 4:16 ` Rusty Russell
@ 2015-01-07 17:55 ` Laura Abbott
-1 siblings, 0 replies; 8+ messages in thread
From: Laura Abbott @ 2015-01-07 17:55 UTC (permalink / raw)
To: Rusty Russell, Jungseung Lee, linux-kernel, linux-arm-kernel,
Catalin Marinas, Russell King, Will Deacon, Andrew Morton
On 1/6/2015 8:16 PM, Rusty Russell wrote:
> Jungseung Lee <js07.lee@gmail.com> writes:
>> In some architectures like arm/arm64, set_memory_*() check module address
>> and state as well. Mark module state before set RO and NX regions for
>> the routine is passed.
>>
>> It will fix wrong RO/NX protection for loadable kernel modules on arm/arm64.
>
> This partially reverts commit 4982223e51e8ea9d09bb33c8323b5ec1877b2b51
> Author: Rusty Russell <rusty@rustcorp.com.au>
> Date: Wed May 14 10:54:19 2014 +0930
>
> module: set nx before marking module MODULE_STATE_COMING.
>
> Laura Abbott (CC'd) was looking at an alternative fix for this. Laura?
>
> Thanks,
> Rusty.
>
Yes, my proposal was to stop using is_module_address and just bounds
check against the module ranges[1]. I got bogged down with other
tasks and hadn't submitted a patch for review yet.
Thanks,
Laura
[1] http://lists.infradead.org/pipermail/linux-arm-kernel/2014-December/311574.html
--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] kernel/module.c: Mark module state before set RO and NX regions
@ 2015-01-07 17:55 ` Laura Abbott
0 siblings, 0 replies; 8+ messages in thread
From: Laura Abbott @ 2015-01-07 17:55 UTC (permalink / raw)
To: linux-arm-kernel
On 1/6/2015 8:16 PM, Rusty Russell wrote:
> Jungseung Lee <js07.lee@gmail.com> writes:
>> In some architectures like arm/arm64, set_memory_*() check module address
>> and state as well. Mark module state before set RO and NX regions for
>> the routine is passed.
>>
>> It will fix wrong RO/NX protection for loadable kernel modules on arm/arm64.
>
> This partially reverts commit 4982223e51e8ea9d09bb33c8323b5ec1877b2b51
> Author: Rusty Russell <rusty@rustcorp.com.au>
> Date: Wed May 14 10:54:19 2014 +0930
>
> module: set nx before marking module MODULE_STATE_COMING.
>
> Laura Abbott (CC'd) was looking at an alternative fix for this. Laura?
>
> Thanks,
> Rusty.
>
Yes, my proposal was to stop using is_module_address and just bounds
check against the module ranges[1]. I got bogged down with other
tasks and hadn't submitted a patch for review yet.
Thanks,
Laura
[1] http://lists.infradead.org/pipermail/linux-arm-kernel/2014-December/311574.html
--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] kernel/module.c: Mark module state before set RO and NX regions
2015-01-07 17:55 ` Laura Abbott
@ 2015-01-08 3:03 ` Jungseung Lee
-1 siblings, 0 replies; 8+ messages in thread
From: Jungseung Lee @ 2015-01-08 3:03 UTC (permalink / raw)
To: Laura Abbott
Cc: Rusty Russell, linux-kernel, linux-arm-kernel, Catalin Marinas,
Russell King, Will Deacon, Andrew Morton
2015-01-08 2:55 GMT+09:00 Laura Abbott <lauraa@codeaurora.org>:
> On 1/6/2015 8:16 PM, Rusty Russell wrote:
>>
>> Jungseung Lee <js07.lee@gmail.com> writes:
>>>
>>> In some architectures like arm/arm64, set_memory_*() check module address
>>> and state as well. Mark module state before set RO and NX regions for
>>> the routine is passed.
>>>
>>> It will fix wrong RO/NX protection for loadable kernel modules on
>>> arm/arm64.
>>
>>
>> This partially reverts commit 4982223e51e8ea9d09bb33c8323b5ec1877b2b51
>> Author: Rusty Russell <rusty@rustcorp.com.au>
>> Date: Wed May 14 10:54:19 2014 +0930
>>
>> module: set nx before marking module MODULE_STATE_COMING.
>>
>> Laura Abbott (CC'd) was looking at an alternative fix for this. Laura?
>>
>> Thanks,
>> Rusty.
>>
>
> Yes, my proposal was to stop using is_module_address and just bounds
> check against the module ranges[1]. I got bogged down with other
> tasks and hadn't submitted a patch for review yet.
>
I got it. I'll prepare bounds check patch for aarch32.
Thanks,
> Thanks,
> Laura
>
> [1]
> http://lists.infradead.org/pipermail/linux-arm-kernel/2014-December/311574.html
>
>
> --
> Qualcomm Innovation Center, Inc.
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
> a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] kernel/module.c: Mark module state before set RO and NX regions
@ 2015-01-08 3:03 ` Jungseung Lee
0 siblings, 0 replies; 8+ messages in thread
From: Jungseung Lee @ 2015-01-08 3:03 UTC (permalink / raw)
To: linux-arm-kernel
2015-01-08 2:55 GMT+09:00 Laura Abbott <lauraa@codeaurora.org>:
> On 1/6/2015 8:16 PM, Rusty Russell wrote:
>>
>> Jungseung Lee <js07.lee@gmail.com> writes:
>>>
>>> In some architectures like arm/arm64, set_memory_*() check module address
>>> and state as well. Mark module state before set RO and NX regions for
>>> the routine is passed.
>>>
>>> It will fix wrong RO/NX protection for loadable kernel modules on
>>> arm/arm64.
>>
>>
>> This partially reverts commit 4982223e51e8ea9d09bb33c8323b5ec1877b2b51
>> Author: Rusty Russell <rusty@rustcorp.com.au>
>> Date: Wed May 14 10:54:19 2014 +0930
>>
>> module: set nx before marking module MODULE_STATE_COMING.
>>
>> Laura Abbott (CC'd) was looking at an alternative fix for this. Laura?
>>
>> Thanks,
>> Rusty.
>>
>
> Yes, my proposal was to stop using is_module_address and just bounds
> check against the module ranges[1]. I got bogged down with other
> tasks and hadn't submitted a patch for review yet.
>
I got it. I'll prepare bounds check patch for aarch32.
Thanks,
> Thanks,
> Laura
>
> [1]
> http://lists.infradead.org/pipermail/linux-arm-kernel/2014-December/311574.html
>
>
> --
> Qualcomm Innovation Center, Inc.
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
> a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-01-08 3:11 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-06 9:07 [PATCH] kernel/module.c: Mark module state before set RO and NX regions Jungseung Lee
2015-01-06 9:07 ` Jungseung Lee
2015-01-07 4:16 ` Rusty Russell
2015-01-07 4:16 ` Rusty Russell
2015-01-07 17:55 ` Laura Abbott
2015-01-07 17:55 ` Laura Abbott
2015-01-08 3:03 ` Jungseung Lee
2015-01-08 3:03 ` Jungseung Lee
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.