lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 10 Mar 2015 09:22:04 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Petr Mladek <pmladek@...e.cz>
Cc:	Seth Jennings <sjenning@...hat.com>, Jiri Kosina <jkosina@...e.cz>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Miroslav Benes <mbenes@...e.cz>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	mingo@...nel.org, mathieu.desnoyers@...icios.com, oleg@...hat.com,
	paulmck@...ux.vnet.ibm.com, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org, andi@...stfloor.org,
	rostedt@...dmis.org, tglx@...utronix.de
Subject: Re: [PATCH v3] livepatch/module: Correctly handle coming and going
 modules

On Tue, Mar 10, 2015 at 01:01:07PM +0100, Petr Mladek wrote:
> On Mon 2015-03-09 09:40:55, Josh Poimboeuf wrote:
> > On Mon, Mar 09, 2015 at 02:25:28PM +0100, Petr Mladek wrote:
> > > +
> > >  	mutex_unlock(&module_mutex);
> > >  }
> > >  
> > > @@ -736,6 +748,7 @@ static int klp_init_object(struct klp_patch *patch, struct klp_object *obj)
> > >  		return -EINVAL;
> > >  
> > >  	obj->state = KLP_DISABLED;
> > > +	obj->mod = NULL;
> > >  
> > >  	klp_find_object_module(obj);
> > >  
> > > @@ -926,6 +939,15 @@ static int klp_module_notify(struct notifier_block *nb, unsigned long action,
> > >  
> > >  	mutex_lock(&klp_mutex);
> > >  
> > > +	/*
> > > +	 * Each module has to know that the notifier has been called.
> > > +	 * We never know what module will get patched by a new patch.
> > > +	 */
> > > +	if (action == MODULE_STATE_COMING)
> > > +		mod->klp_alive = true;
> > > +	else /* MODULE_STATE_GOING */
> > > +		mod->klp_alive = false;
> > > +
> > 
> > Any reason why this needs to be protected by the mutex?
> 
> We need to synchronize it with the check in
> klp_find_object_module(). Otherwise, for example, the check might read
> "true" and add/enable new patch but this notify handler will be
> blocked until the patch is added => it will mess the order of
> patches.
> 
> It might be more clean to take module_mutex here but the value is
> needed only by livepatching, so klp_mutex seems to be enough.

Ah, right.  Looks good to me.

> > >  	list_for_each_entry(patch, &klp_patches, list) {
> > >  		for (obj = patch->objs; obj->funcs; obj++) {
> > >  			if (!klp_is_module(obj) || strcmp(obj->name, mod->name))
> > > diff --git a/kernel/module.c b/kernel/module.c
> > > index d856e96a3cce..b3ffc231ce0d 100644
> > > --- a/kernel/module.c
> > > +++ b/kernel/module.c
> > > @@ -3271,6 +3271,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
> > >  	}
> > >  #endif
> > >  
> > > +#ifdef CONFIG_LIVEPATCH
> > > +	mod->klp_alive = false;
> > > +#endif
> > > +
> > 
> > I don't think you need this initialization.  It looks like the module
> > struct is embedded in the mod->module_core region which is initialized
> > to zero in move_module().
> 
> I have looked at this before but I was not able to find a code
> zeroing struct module. If I get it correctly, mod->module_core
> is a location where symbol table sections are copied or so.

Yeah, it's far from obvious.  AFAICT, it's cleared by the
"memset(ptr, 0, mod->core_size)" line.

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists