| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Feb 2024 11:28:46 -0800 From: Kees Cook <keescook@...omium.org> To: Christophe Leroy <christophe.leroy@...roup.eu> Cc: Luis Chamberlain <mcgrof@...nel.org>, linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org, "linux-hardening @ vger . kernel . org" <linux-hardening@...r.kernel.org>, Marek Szyprowski <m.szyprowski@...sung.com>, Mark Rutland <mark.rutland@....com> Subject: Re: [PATCH v2] module: Don't ignore errors from set_memory_XX() On Fri, Feb 16, 2024 at 09:14:27AM +0100, Christophe Leroy wrote: > set_memory_ro(), set_memory_nx(), set_memory_x() and other helpers > can fail and return an error. In that case the memory might not be > protected as expected and the module loading has to be aborted to > avoid security issues. > > Check return value of all calls to set_memory_XX() and handle > error if any. > > Add a check to not call set_memory_XX() on NULL pointers as some > architectures may not like it allthough numpages is always 0 in that > case. This also avoid a useless call to set_vm_flush_reset_perms(). > > Link: https://github.com/KSPP/linux/issues/7 > Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu> Yay! Glad to see this happening. Universal __must_check for set_memory_*() starts to appear on the horizon. ;) Reviewed-by: Kees Cook <keescook@...omium.org> -- Kees Cook
Powered by blists - more mailing lists