RepoMirrors/kpatch
1
0
Fork 0
mirror of https://github.com/dynup/kpatch synced 2025-05-11 04:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #223 from jpoimboe/dynrela-loc-check

Browse Source 
kmod/core: validate dynrela destination address
This commit is contained in:
Seth Jennings 2014-05-30 15:01:26 -05:00
commit 26a75e5207
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
kmod/core/core.c
View File

@ -462,8 +462,9 @@ static int kpatch_write_relocations(struct kpatch_module *kpmod)
int ret, i, size, readonly = 0; int ret, i, size, readonly = 0;
struct kpatch_dynrela *dynrela; struct kpatch_dynrela *dynrela;
u64 loc, val; u64 loc, val;
pte_t *pte; unsigned long core = (unsigned long)kpmod->mod->module_core;
unsigned int level; unsigned long core_ro_size = kpmod->mod->core_ro_size;
unsigned long core_size = kpmod->mod->core_size;
for (i = 0; i < kpmod->dynrelas_nr; i++) { for (i = 0; i < kpmod->dynrelas_nr; i++) {
dynrela = &kpmod->dynrelas[i]; dynrela = &kpmod->dynrelas[i];
@ -492,20 +493,30 @@ static int kpatch_write_relocations(struct kpatch_module *kpmod)
return -EINVAL; return -EINVAL;
} }
pte = lookup_address(loc, &level); if (loc >= core && loc < core + core_ro_size)
if (!pte_write(*pte)) {
readonly = 1; readonly = 1;
set_memory_rw(loc & PAGE_MASK, 1); else if (loc >= core + core_ro_size && loc < core + core_size)
readonly = 0;
else {
pr_err("bad dynrela location 0x%llx for symbol %s\n",
loc, dynrela->name);
return -EINVAL;
} }
if (readonly)
set_memory_rw(loc & PAGE_MASK, 1);
ret = probe_kernel_write((void *)loc, &val, size); ret = probe_kernel_write((void *)loc, &val, size);
if (readonly) if (readonly)
set_memory_ro(loc & PAGE_MASK, 1); set_memory_ro(loc & PAGE_MASK, 1);
if (ret) if (ret) {
pr_err("write to 0x%llx failed for symbol %s\n",
loc, dynrela->name);
return ret; return ret;
} }
}
return 0; return 0;
} }