[PATCH 17/17] module: Prevent module removal racing with text_poke()

Nadav Amit namit at vmware.com
Thu Jan 17 18:07:03 UTC 2019


> On Jan 16, 2019, at 11:54 PM, Masami Hiramatsu <mhiramat at kernel.org> wrote:
> 
> On Wed, 16 Jan 2019 16:32:59 -0800
> Rick Edgecombe <rick.p.edgecombe at intel.com> wrote:
> 
>> From: Nadav Amit <namit at vmware.com>
>> 
>> It seems dangerous to allow code modifications to take place
>> concurrently with module unloading. So take the text_mutex while the
>> memory of the module is freed.
> 
> At that point, since the module itself is removed from module list,
> it seems no actual harm. Or would you have any concern?

So it appears that you are right and all the users of text_poke() and
text_poke_bp() do install module notifiers, and remove the module from their
internal data structure when they are done (*). As long as they prevent
text_poke*() to be called concurrently (e.g., using jump_label_lock()),
everything is fine.

Having said that, the question is whether you “trust” text_poke*() users to
do so. text_poke() description does not day explicitly that you need to
prevent modules from being removed.

What do you say?


(*) I am not sure about kgdb, but it probably does not matter much



More information about the Linux-security-module-archive mailing list