[PATCH 17/17] module: Prevent module removal racing with text_poke()
Nadav Amit
nadav.amit at gmail.com
Fri Jan 18 01:15:27 UTC 2019
> On Jan 17, 2019, at 3:58 PM, H. Peter Anvin <hpa at zytor.com> wrote:
>
> On 1/16/19 11:54 PM, Masami Hiramatsu wrote:
>> On Wed, 16 Jan 2019 16:32:59 -0800
>> Rick Edgecombe <rick.p.edgecombe at intel.com> wrote:
>>
>>> From: Nadav Amit <namit at vmware.com>
>>>
>>> It seems dangerous to allow code modifications to take place
>>> concurrently with module unloading. So take the text_mutex while the
>>> memory of the module is freed.
>>
>> At that point, since the module itself is removed from module list,
>> it seems no actual harm. Or would you have any concern?
>
> The issue isn't the module list, but rather when it is safe to free the
> contents, so we don't clobber anything. We absolutely need to enforce
> that we can't text_poke() something that might have already been freed.
>
> That being said, we *also* really would prefer to enforce that we can't
> text_poke() memory that doesn't actually contain code; as far as I can
> tell we don't currently do that check.
Yes, that what the mutex was supposed to achieve. It’s not supposed just
to check whether it is a code page, but also that it is the same code
page that you wanted to patch.
> This, again, is a good use for a separate mm context. We can enforce
> that that context will only ever contain valid page mappings for actual
> code pages.
This will not tell you that you have the *right* code-page. The module
notifiers help to do so, since they synchronize the text poking with
the module removal.
> (Note: in my proposed algorithm, with a separate mm, replace INVLPG with
> switching CR3 if we have to do a rollback or roll forward in the
> breakpoint handler.)
I really need to read your patches more carefully to see what you mean.
Anyhow, so what do you prefer? I’m ok with either one:
1. Keep this patch
2. Remove this patch and change into a comment on text_poke()
3. Just drop the patch
More information about the Linux-security-module-archive
mailing list