On Mon, Oct 1, 2018 at 1:13 AM, Ard Biesheuvel <[email protected]> wrote: > Commit 19483677684b ("jump_label: Annotate entries that operate on > __init code earlier") refactored the code that manages runtime > patching of jump labels in modules that are tied to static keys > defined in other modules or in the core kernel. > > In the latter case, we may iterate over the static_key_mod linked > list until we hit the entry for the core kernel, whose 'mod' field > will be NULL, and attempt to dereference it to get at its 'state' > member. > > So let's add a non-NULL check: this forces the 'init' argument of > __jump_label_update() to false for static keys that are defined in > the core kernel, which is appropriate given that __init annotated > jump_label entries in the core kernel should no longer be active > at this point (i.e., when loading modules). > > Fixes: 19483677684b ("jump_label: Annotate entries that operate on ...") > Reported-by: Dan Carpenter <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: Thomas Gleixner <[email protected]> > Cc: Ingo Molnar <[email protected]> > Cc: Jessica Yu <[email protected]> > Cc: Peter Zijlstra <[email protected]> > Signed-off-by: Ard Biesheuvel <[email protected]>
Reviewed-by: Kees Cook <[email protected]> -Kees > --- > kernel/jump_label.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/jump_label.c b/kernel/jump_label.c > index e8cf3ff3149c..14a7f9881745 100644 > --- a/kernel/jump_label.c > +++ b/kernel/jump_label.c > @@ -516,7 +516,7 @@ static void __jump_label_mod_update(struct static_key > *key) > else > stop = m->jump_entries + m->num_jump_entries; > __jump_label_update(key, mod->entries, stop, > - m->state == MODULE_STATE_COMING); > + m && m->state == MODULE_STATE_COMING); > } > } > > -- > 2.17.1 > -- Kees Cook Pixel Security
