lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 6 Apr 2016 16:17:37 +0200 (CEST)
From:	Miroslav Benes <mbenes@...e.cz>
To:	Chris J Arges <chris.j.arges@...onical.com>
cc:	Josh Poimboeuf <jpoimboe@...hat.com>,
	Jiri Kosina <jikos@...nel.org>, jeyu@...hat.com,
	eugene.shatokhin@...alab.ru, live-patching@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	pmladek@...e.cz
Subject: Re: Bug with paravirt ops and livepatches

On Wed, 6 Apr 2016, Chris J Arges wrote:

> On Wed, Apr 06, 2016 at 02:09:01PM +0200, Miroslav Benes wrote:
> > On Wed, 6 Apr 2016, Chris J Arges wrote:
> > 
> > > I think this approach needs more thought and my code has bug(s).
> > 
> > And indeed there is...
> > 
> > long (*__kvm_arch_vm_ioctl)(struct file *filp, unsigned long ioctl, unsigned long arg) = NULL;
> > 
> > Use a different name than __kvm_arch_vm_ioctl and (ideally) make it 
> > static.
> > 
> > kallsyms_lookup_name("__kvm_arch_vm_ioctl") returns the address of this 
> > variable from the patch module.
> > 
> > Miroslav
> >
> 
> Well that was the bug, I was really stumped why it was giving me a wierd
> address for a function. Once I changed my pointer name to something else it
> worked, so there was no difference to these approaches. I also had to modify
> the symbol lookup to happen in the livepatch so we ensure that the module is
> loaded in this case and not get a NULL deref.

Just a remark. With this change there is a call to kallsyms_lookup_name 
for each call to patched function. This is not optimal. What we do in 
kgraft is that we register a module notifier which calls 
kallsyms_lookup_name when to-be-patched module arrives. It is not nice but 
it works.

Miroslav

> 
> The fixed code is here:
> http://people.canonical.com/~arges/livepatch_issue/livepatch_kvm_arch_vm_ioctl.works.2/
> 
> This out of tree patch doesn't have the same failure as building a patch with
> kpatch-build which is what we expect since it doesn't have livepatch relocs. In
> addition I tested with the kvm module loaded _after_ the livepatch module and
> no failure was observed.
> 
> --chris
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ