lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150323123955.GE15177@pathway.suse.cz>
Date:	Mon, 23 Mar 2015 13:39:55 +0100
From:	Petr Mladek <pmladek@...e.cz>
To:	Ingo Molnar <mingo@...nel.org>
Cc:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	"David S. Miller" <davem@...emloft.net>,
	Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
	Ananth NMavinakayanahalli <ananth@...ibm.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Ingo Molnar <mingo@...hat.com>, Jiri Kosina <jkosina@...e.cz>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] kprobes: Disable Kprobe when ftrace arming fails

On Mon 2015-03-23 11:33:27, Ingo Molnar wrote:
> 
> * Petr Mladek <pmladek@...e.cz> wrote:
> 
> > On Mon 2015-03-23 09:54:26, Ingo Molnar wrote:
> > > 
> > > * Petr Mladek <pmladek@...e.cz> wrote:
> > > 
> > > > arm_kprobe_ftrace() could fail, especially after introducing ftrace 
> > > > IPMODIFY flag and LifePatching. But this situation is not properly 
> > > > handled.
> > > 
> > > s/LifePatching/LivePatching?
> > 
> > Great catch! This is well hidden typo. Please, find the fixed version
> > below.
> > 
> > 
> > > Why not fix live patching to still allow kprobes that worked before?
> > 
> > Yup, Kretprobes would work out of box. Masami is working on removing
> > the conflict there.
> > 
> > Jprobes are doable but the solution would be rather complicated. 
> > LivePatching would need to tell Jprobe the right address where to 
> > continue (according to the universe). We currently solve this by
> 
> wth is a 'universe' in this context?

We use the term "universe" to define whether the system or task uses
original or patched functions. It is especially important for patches
that modify semantic of functions. They need more complex consistency
model. It defines when it is safe time for the system or task to start
using the new functions (switch to the new universe).

In theory, different tasks might be in more universes if more patches are
being applied. In practice, we deal with only two universes. The trick is
that we allow to add new patch only when the whole system has switched
to the previous one.

Note that the current implementation does not support changes in
the function semantic. Therefore it is safe to start using the new
function immediately. It does not need any coordination.


> > the conflict. I am not sure if a better solution is worth the effort.
> > IMHO, LivePatch users won't want to have Kprobes on a production
> > system all the time. They could use Kprobe or attach Jprobe to the
> > new version of the function when needed.
> 
> So please outline the current usage limitations, why those limitations 
> are in place and how you see they should be fixed/addressed.

Good point, we should add some info under Documentation/


> > Below is the patch with the fixed typo.
> 
> So the typo is totally immaterial compared to the above fundamental 
> patch-coordination problems between live patching, ftrace and kprobes 
> ...

This patch makes sense even without live patching and IPMODIFY. The
ftrace operation might have failed even before and deserved some
sensible handling.

And yes, the coordination between live patching and kprobes has
to be improved. Masami and me are working on it.

Best Regards,
Petr
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ