From: Cheng Jian <cj.chengjian@huawei.com>
To: <linux-kernel@vger.kernel.org>, <live-patching@vger.kernel.org>
Cc: <cj.chengjian@huawei.com>, <chenwandun@huawei.com>,
<xiexiuqi@huawei.com>, <bobo.shaobowang@huawei.com>,
<huawei.libin@huawei.com>, <jeyu@kernel.org>, <jikos@kernel.org>
Subject: [PATCH] module: make module symbols visible after init
Date: Wed, 3 Jun 2020 14:12:00 +0000 [thread overview]
Message-ID: <20200603141200.17745-1-cj.chengjian@huawei.com> (raw)
When lookup the symbols of module by module_kallsyms_lookup_name(),
the symbols address is visible only if the module's status isn't
MODULE_STATE_UNFORMED, This is problematic.
When complete_formation is done, the state of the module is modified
to MODULE_STATE_COMING, and the symbol of module is visible to the
outside.
At this time, the init function of the module has not been called,
so if the address of the function symbol has been found and called,
it may cause some exceptions.
For livepatch module, the relocation information of the livepatch
module is completed in init by klp_write_object_relocations(), and
the symbol name of the old and new functions are the same. Therefore,
when we lookup the symbol, we may get the function address of the
livepatch module. a crash can occurs when we call this function.
CPU 0 CPU 1
==================================================
load_module
add_unformed_module # MODULE_STATE_UNFORMED;
post_relocation
complete_formation # MODULE_STATE_COMING;
------------------
module_kallsymc_lookup_name("A")
call A() # CRASH
------------------
do_init_module
klp_write_object_relocations
mod->state = MODULE_STATE_LIVE;
In commit 0bd476e6c671 ("kallsyms: unexport kallsyms_lookup_name() and
kallsyms_on_each_symbol()") restricts the invocation for kernel unexported
symbols, but it is still incorrect to make the symbols of non-LIVE modules
visible to the outside.
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 64a2b4daaaa5..96c9cb64de57 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4220,7 +4220,7 @@ unsigned long module_kallsyms_lookup_name(const char *name)
ret = find_kallsyms_symbol_value(mod, colon+1);
} else {
list_for_each_entry_rcu(mod, &modules, list) {
- if (mod->state == MODULE_STATE_UNFORMED)
+ if (mod->state != MODULE_STATE_LIVE)
continue;
if ((ret = find_kallsyms_symbol_value(mod, name)) != 0)
break;
--
2.17.1
next reply other threads:[~2020-06-03 14:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 14:12 Cheng Jian [this message]
2020-06-03 17:00 ` [PATCH] module: make module symbols visible after init Miroslav Benes
2020-06-04 9:49 ` Jessica Yu
2020-06-04 8:57 ` Petr Mladek
2020-06-04 12:55 ` chengjian (D)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200603141200.17745-1-cj.chengjian@huawei.com \
--to=cj.chengjian@huawei.com \
--cc=bobo.shaobowang@huawei.com \
--cc=chenwandun@huawei.com \
--cc=huawei.libin@huawei.com \
--cc=jeyu@kernel.org \
--cc=jikos@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=xiexiuqi@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).