> > > The 0xf0 pattern comes from alternatives_smp_lock: text_poke(*ptr,
> > > ((unsigned char []){0xf0}), 1);
> >
> > And we should really add a lot more sanity checking there.
something like the patch below? (untested)
Ingo
--------------->
Subject: harden kernel code patching
From: Ingo Molnar <mingo@xxxxxxx>
Date: Fri Apr 25 17:07:03 CEST 2008
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
arch/x86/kernel/alternative.c | 5 +++++
mm/vmalloc.c | 3 +++
2 files changed, 8 insertions(+)
Index: linux/arch/x86/kernel/alternative.c
===================================================================
--- linux.orig/arch/x86/kernel/alternative.c
+++ linux/arch/x86/kernel/alternative.c
@@ -518,6 +518,11 @@ void *__kprobes text_poke(void *addr, co
if (core_kernel_text((unsigned long)addr)) {
struct page *pages[2] = { virt_to_page(addr),
virt_to_page(addr + PAGE_SIZE) };
+ /*
+ * Module text pages are PageReserved:
+ */
+ WARN_ON(pages[0] && !PageReserved(pages[0]))
+ WARN_ON(pages[1] && !PageReserved(pages[1]))
if (!pages[1])
nr_pages = 1;
vaddr = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL);
Index: linux/mm/vmalloc.c
===================================================================
--- linux.orig/mm/vmalloc.c
+++ linux/mm/vmalloc.c
@@ -391,6 +391,7 @@ static void __vunmap(const void *addr, i
struct page *page = area->pages[i];
BUG_ON(!page);
+ ClearPageReserved(page);
__free_page(page);
}
@@ -507,6 +508,8 @@ static void *__vmalloc_area_node(struct
area->nr_pages = i;
goto fail;
}
+ if (prot == PAGE_KERNEL_EXEC)
+ SetPageReserved(page);
area->pages[i] = page;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
