[PATCH 17/17] module: Prevent module removal racing with text_poke()
Nadav Amit
namit at vmware.com
Thu Jan 17 18:07:03 UTC 2019
> On Jan 16, 2019, at 11:54 PM, Masami Hiramatsu <mhiramat at kernel.org> wrote:
>
> On Wed, 16 Jan 2019 16:32:59 -0800
> Rick Edgecombe <rick.p.edgecombe at intel.com> wrote:
>
>> From: Nadav Amit <namit at vmware.com>
>>
>> It seems dangerous to allow code modifications to take place
>> concurrently with module unloading. So take the text_mutex while the
>> memory of the module is freed.
>
> At that point, since the module itself is removed from module list,
> it seems no actual harm. Or would you have any concern?
So it appears that you are right and all the users of text_poke() and
text_poke_bp() do install module notifiers, and remove the module from their
internal data structure when they are done (*). As long as they prevent
text_poke*() to be called concurrently (e.g., using jump_label_lock()),
everything is fine.
Having said that, the question is whether you “trust” text_poke*() users to
do so. text_poke() description does not day explicitly that you need to
prevent modules from being removed.
What do you say?
(*) I am not sure about kgdb, but it probably does not matter much
More information about the Linux-security-module-archive
mailing list