Re: [PATCH 1/1] x86: fix text_poke

From: Ingo Molnar
Date: Fri Apr 25 2008 - 11:33:06 EST

Next message: Matthew Dharm: "Re: [RFC/PATCH] usb-storage: wait for device scanning before mounting root"
Previous message: Rafael J. Wysocki: "Re: 2.6.25-git2: BUG: unable to handle kernel paging request at ffffffffffffffff"
In reply to: Ingo Molnar: "Re: [PATCH 1/1] x86: fix text_poke"
Next in thread: Linus Torvalds: "Re: [PATCH 1/1] x86: fix text_poke"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Ingo Molnar <mingo@xxxxxxx> wrote:

> > > > The 0xf0 pattern comes from alternatives_smp_lock: text_poke(*ptr,
> > > > ((unsigned char []){0xf0}), 1);
> > >
> > > And we should really add a lot more sanity checking there.
>
> something like the patch below? (untested)

the one below even builds and boots.

this assumes that all modules areas are allocated via PAGE_KERNEL_EXEC -
but that is generally true on x86 due to NX. 32-bit uses vmalloc_exec(),
64-bit uses __vmalloc_area(..., PAGE_KERNEL_EXEC).

Jiri ... if you have any desire/stamina to still test this code - does
the patch below produce any warnings if you unapply your fix as well,
during suspend/resume?

Ingo

--------------->
Subject: x86: harden kernel code patching
From: Ingo Molnar <mingo@xxxxxxx>
Date: Fri Apr 25 17:07:03 CEST 2008

Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
arch/x86/kernel/alternative.c | 5 +++++
mm/vmalloc.c | 3 +++
2 files changed, 8 insertions(+)

Index: linux/arch/x86/kernel/alternative.c
===================================================================
--- linux.orig/arch/x86/kernel/alternative.c
+++ linux/arch/x86/kernel/alternative.c
@@ -518,6 +518,11 @@ void *__kprobes text_poke(void *addr, co
if (core_kernel_text((unsigned long)addr)) {
struct page *pages[2] = { virt_to_page(addr),
virt_to_page(addr + PAGE_SIZE) };
+ /*
+ * Module text pages are PageReserved:
+ */
+ WARN_ON(pages[0] && !PageReserved(pages[0]));
+ WARN_ON(pages[1] && !PageReserved(pages[1]));
if (!pages[1])
nr_pages = 1;
vaddr = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL);
Index: linux/mm/vmalloc.c
===================================================================
--- linux.orig/mm/vmalloc.c
+++ linux/mm/vmalloc.c
@@ -391,6 +391,7 @@ static void __vunmap(const void *addr, i
struct page *page = area->pages[i];

BUG_ON(!page);
+ ClearPageReserved(page);
__free_page(page);
}

@@ -507,6 +508,8 @@ static void *__vmalloc_area_node(struct
area->nr_pages = i;
goto fail;
}
+ if (pgprot_val(prot) == pgprot_val(PAGE_KERNEL_EXEC))
+ SetPageReserved(page);
area->pages[i] = page;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Dharm: "Re: [RFC/PATCH] usb-storage: wait for device scanning before mounting root"
Previous message: Rafael J. Wysocki: "Re: 2.6.25-git2: BUG: unable to handle kernel paging request at ffffffffffffffff"
In reply to: Ingo Molnar: "Re: [PATCH 1/1] x86: fix text_poke"
Next in thread: Linus Torvalds: "Re: [PATCH 1/1] x86: fix text_poke"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]