livepatch: Restoring code segment permissions after stop_machine completed

hulk inclusion category: bugfix bugzilla: 51821 CVE: NA --------------------------- The function 'arch_klp_code_modify_prepare' is called before stop_machine to change the permissions of the code segment to be readable and writable, but the permissions of the code segment were not restored to the original state after the stop_mahcine was completed. This may introduce security issues, so 'arch_klp_code_modify_post_process' is used after 'stop_machine' to fix this problem in this commit. Signed-off-by: N Zhao Xuehui <zhaoxuehui1@huawei.com> Reviewed-by: N Yang Jihong <yangjihong1@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

livepatch: Restoring code segment permissions after stop_machine completed
hulk inclusion category: bugfix bugzilla: 51821 CVE: NA --------------------------- The function 'arch_klp_code_modify_prepare' is called before stop_machine to change the permissions of the code segment to be readable and writable, but the permissions of the code segment were not restored to the original state after the stop_mahcine was completed. This may introduce security issues, so 'arch_klp_code_modify_post_process' is used after 'stop_machine' to fix this problem in this commit. Signed-off-by: N Zhao Xuehui <zhaoxuehui1@huawei.com> Reviewed-by: N Yang Jihong <yangjihong1@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
36f72d8e · Zhao Xuehui · Yang Yingliang · f360724e · 36f72d8e
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

kernel/livepatch/core.c kernel/livepatch/core.c +1 -1

未找到文件。
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -663,7 +663,7 @@ static int __klp_enable_patch(struct klp_patch *patch)

 	arch_klp_code_modify_prepare();
 	ret = stop_machine(klp_try_enable_patch, &patch_data, cpu_online_mask);
-	arch_klp_code_modify_prepare();
+	arch_klp_code_modify_post_process();
 	if (ret)
 		return ret;