On Tue, Mar 12, 2024 at 11:22 AM Luis Chamberlain <mcgrof@xxxxxxxxxx> wrote:
>
> On Wed, Mar 06, 2024 at 10:24:10AM -0800, Suren Baghdasaryan wrote:
> > Skip freeing module's data section if there are non-zero allocation tags
> > because otherwise, once these allocations are freed, the access to their
> > code tag would cause UAF.
>
> So you just let them linger?
Well, I think this is not a normal situation when a module allocated
some memory and then is being unloaded without freeing that memory,
no?
>
> > Signed-off-by: Suren Baghdasaryan <surenb@xxxxxxxxxx>
>
>
> > /* Free a module, remove from lists, etc. */
> > static void free_module(struct module *mod)
> > {
> > + bool unload_codetags;
> > +
> > trace_module_free(mod);
> >
> > - codetag_unload_module(mod);
> > + unload_codetags = codetag_unload_module(mod);
> > + if (!unload_codetags)
> > + pr_warn("%s: memory allocation(s) from the module still alive, cannot unload cleanly\n",
> > + mod->name);
> > +
>
> Because this is not unwinding anything. Should'd we check if we can
> free all tags first, if we can't then we can't free the module. If we
> can then ensure we don't enter a state where we can't later?
unload_codetags already indicates that someone has a live reference to
one or more tags of that module, so we can't free them. Maybe I
misunderstood your suggestion?
>
> Luis
