lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Mar 2015 09:22:04 -0500 From: Josh Poimboeuf <jpoimboe@...hat.com> To: Petr Mladek <pmladek@...e.cz> Cc: Seth Jennings <sjenning@...hat.com>, Jiri Kosina <jkosina@...e.cz>, Rusty Russell <rusty@...tcorp.com.au>, Miroslav Benes <mbenes@...e.cz>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, mingo@...nel.org, mathieu.desnoyers@...icios.com, oleg@...hat.com, paulmck@...ux.vnet.ibm.com, live-patching@...r.kernel.org, linux-kernel@...r.kernel.org, andi@...stfloor.org, rostedt@...dmis.org, tglx@...utronix.de Subject: Re: [PATCH v3] livepatch/module: Correctly handle coming and going modules On Tue, Mar 10, 2015 at 01:01:07PM +0100, Petr Mladek wrote: > On Mon 2015-03-09 09:40:55, Josh Poimboeuf wrote: > > On Mon, Mar 09, 2015 at 02:25:28PM +0100, Petr Mladek wrote: > > > + > > > mutex_unlock(&module_mutex); > > > } > > > > > > @@ -736,6 +748,7 @@ static int klp_init_object(struct klp_patch *patch, struct klp_object *obj) > > > return -EINVAL; > > > > > > obj->state = KLP_DISABLED; > > > + obj->mod = NULL; > > > > > > klp_find_object_module(obj); > > > > > > @@ -926,6 +939,15 @@ static int klp_module_notify(struct notifier_block *nb, unsigned long action, > > > > > > mutex_lock(&klp_mutex); > > > > > > + /* > > > + * Each module has to know that the notifier has been called. > > > + * We never know what module will get patched by a new patch. > > > + */ > > > + if (action == MODULE_STATE_COMING) > > > + mod->klp_alive = true; > > > + else /* MODULE_STATE_GOING */ > > > + mod->klp_alive = false; > > > + > > > > Any reason why this needs to be protected by the mutex? > > We need to synchronize it with the check in > klp_find_object_module(). Otherwise, for example, the check might read > "true" and add/enable new patch but this notify handler will be > blocked until the patch is added => it will mess the order of > patches. > > It might be more clean to take module_mutex here but the value is > needed only by livepatching, so klp_mutex seems to be enough. Ah, right. Looks good to me. > > > list_for_each_entry(patch, &klp_patches, list) { > > > for (obj = patch->objs; obj->funcs; obj++) { > > > if (!klp_is_module(obj) || strcmp(obj->name, mod->name)) > > > diff --git a/kernel/module.c b/kernel/module.c > > > index d856e96a3cce..b3ffc231ce0d 100644 > > > --- a/kernel/module.c > > > +++ b/kernel/module.c > > > @@ -3271,6 +3271,10 @@ static int load_module(struct load_info *info, const char __user *uargs, > > > } > > > #endif > > > > > > +#ifdef CONFIG_LIVEPATCH > > > + mod->klp_alive = false; > > > +#endif > > > + > > > > I don't think you need this initialization. It looks like the module > > struct is embedded in the mod->module_core region which is initialized > > to zero in move_module(). > > I have looked at this before but I was not able to find a code > zeroing struct module. If I get it correctly, mod->module_core > is a location where symbol table sections are copied or so. Yeah, it's far from obvious. AFAICT, it's cleared by the "memset(ptr, 0, mod->core_size)" line. -- Josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists