lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1501080037030.15299@pobox.suse.cz>
Date:	Thu, 8 Jan 2015 00:49:49 +0100 (CET)
From:	Jiri Kosina <jkosina@...e.cz>
To:	Andrew Morton <akpm@...ux-foundation.org>
cc:	Stephen Rothwell <sfr@...b.auug.org.au>,
	Josh Poimboeuf <jpoimboe@...hat.com>,
	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org, live-patching@...r.kernel.org,
	linux-next@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Subject: Re: livepatching tree for linux-next

On Wed, 7 Jan 2015, Andrew Morton wrote:

> Please find a way to fix it.  Copying CONFIG_CC_STACKPROTECTOR is one way.

Hmm ... is that actually really a good example? 

I think it will warn (explicitly from the top-level Makefile so that you 
are aware why the things that will follow are happening), and then let gcc 
fail the build due to unsupported option anyway ... because it will 
(deliberately, so that the build fails) keep the 'stackp-flag' set even 
for unsupported compiler options. No?

If we really don't want to be causing this though, how about the below 
instead?



From: Jiri Kosina <jkosina@...e.cz>
Subject: [PATCH] livepatching: handle ancient compilers with more grace

We are aborting a build in case when gcc doesn't support fentry on x86_64 
(regs->ip modification can't really reliably work with mcount).

This however breaks allmodconfig for people with older gccs that don't 
support -mfentry.

Turn the build-time failure into runtime failure, resulting in the whole 
infrastructure not being initialized if CC_USING_FENTRY is unset.

Signed-off-by: Jiri Kosina <jkosina@...e.cz>
---
 arch/x86/include/asm/livepatch.h | 6 +++++-
 kernel/livepatch/core.c          | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
index b5608d7..fa7f448 100644
--- a/arch/x86/include/asm/livepatch.h
+++ b/arch/x86/include/asm/livepatch.h
@@ -25,9 +25,13 @@
 #include <linux/ftrace.h>
 
 #ifdef CONFIG_LIVE_PATCHING
+static inline int klp_check_compiler_support(void)
+{
 #ifndef CC_USING_FENTRY
-#error Your compiler must support -mfentry for live patching to work
+	        return 1;
 #endif
+	        return 0;
+}
 extern int klp_write_module_reloc(struct module *mod, unsigned long type,
 				  unsigned long loc, unsigned long value);
 
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 6f63879..ce42d3b 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -911,6 +911,12 @@ static int klp_init(void)
 {
 	int ret;
 
+	ret = klp_check_compiler_support();
+	if (ret) {
+		pr_info("Your compiler is too old; turning off.\n");
+		return -EINVAL;
+	}
+
 	ret = register_module_notifier(&klp_module_nb);
 	if (ret)
 		return ret;

-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ