| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Jan 2022 14:44:09 +0100 (CET)
From: Miroslav Benes <mbenes@...e.cz>
To: Alexander Lobakin <alexandr.lobakin@...el.com>
cc: linux-hardening@...r.kernel.org, x86@...nel.org,
Jesse Brandeburg <jesse.brandeburg@...el.com>,
Kristen Carlson Accardi <kristen@...ux.intel.com>,
Kees Cook <keescook@...omium.org>,
Miklos Szeredi <miklos@...redi.hu>,
Ard Biesheuvel <ardb@...nel.org>,
Tony Luck <tony.luck@...el.com>,
Bruce Schlobohm <bruce.schlobohm@...el.com>,
Jessica Yu <jeyu@...nel.org>,
kernel test robot <lkp@...el.com>,
Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
Jonathan Corbet <corbet@....net>,
Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Thomas Gleixner <tglx@...utronix.de>,
Will Deacon <will@...nel.org>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Arnd Bergmann <arnd@...db.de>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Nathan Chancellor <nathan@...nel.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Marios Pomonis <pomonis@...gle.com>,
Sami Tolvanen <samitolvanen@...gle.com>,
"H.J. Lu" <hjl.tools@...il.com>, Nicolas Pitre <nico@...xnic.net>,
linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
linux-arch@...r.kernel.org, live-patching@...r.kernel.org,
llvm@...ts.linux.dev
Subject: Re: [PATCH v9 02/15] livepatch: use `-z unique-symbol` if available
to nuke pos-based search
> --- a/kernel/livepatch/core.c
> +++ b/kernel/livepatch/core.c
> @@ -143,11 +143,13 @@ static int klp_find_callback(void *data, const char *name,
> args->count++;
>
> /*
> - * Finish the search when the symbol is found for the desired position
> - * or the position is not defined for a non-unique symbol.
> + * Finish the search when unique symbol names are enabled
> + * or the symbol is found for the desired position or the
> + * position is not defined for a non-unique symbol.
> */
> - if ((args->pos && (args->count == args->pos)) ||
> - (!args->pos && (args->count > 1)))
> + if (IS_ENABLED(CONFIG_LD_HAS_Z_UNIQUE_SYMBOL) ||
> + (args->pos && args->count == args->pos) ||
> + (!args->pos && args->count > 1))
> return 1;
>
> return 0;
> @@ -171,17 +173,21 @@ static int klp_find_object_symbol(const char *objname, const char *name,
>
> /*
> * Ensure an address was found. If sympos is 0, ensure symbol is unique;
> - * otherwise ensure the symbol position count matches sympos.
> + * otherwise ensure the symbol position count matches sympos. If the LD
> + * `-z unique` flag is enabled, sympos checks are not relevant.
> */
> - if (args.addr == 0)
> + if (args.addr == 0) {
> pr_err("symbol '%s' not found in symbol table\n", name);
> - else if (args.count > 1 && sympos == 0) {
> + } else if (IS_ENABLED(CONFIG_LD_HAS_Z_UNIQUE_SYMBOL)) {
> + goto out_ok;
> + } else if (args.count > 1 && sympos == 0) {
> pr_err("unresolvable ambiguity for symbol '%s' in object '%s'\n",
> name, objname);
> } else if (sympos != args.count && sympos > 0) {
> pr_err("symbol position %lu for symbol '%s' in object '%s' not found\n",
> sympos, name, objname ? objname : "vmlinux");
> } else {
> +out_ok:
> *addr = args.addr;
> return 0;
> }
I think it would be better to return to something like
if (IS_ENABLED(CONFIG_LD_HAS_Z_UNIQUE_SYMBOL))
sympos = 0;
in klp_find_object_symbol() just after kallsyms search is performed.
You would not need the above changes at all. I did not like it before when
sympos clearing was proposed, but the situation was different back then.
'-z unique-symbol' was not available. It has changed and we have a
guarantee that symbols are unique now. There would not be any impact on
the user.
What do you think?
Miroslav
Powered by blists - more mailing lists