lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20150401172256.GA6265@treble.redhat.com>
Date:	Wed, 1 Apr 2015 12:22:56 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Minfei Huang <mnfhuang@...il.com>
Cc:	Jiri Kosina <jkosina@...e.cz>, sjenning@...hat.com,
	vojtech@...e.cz, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] livepatch: Enhance livepatch to support remove patch
 module dynamically

On Wed, Apr 01, 2015 at 10:40:19PM +0800, Minfei Huang wrote:
> 2015-04-01 22:13 GMT+08:00 Jiri Kosina <jkosina@...e.cz>:
> > On Wed, 1 Apr 2015, Minfei Huang wrote:
> >
> >> > > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> >> > > index 3f9f1d6..0266950 100644
> >> > > --- a/kernel/livepatch/core.c
> >> > > +++ b/kernel/livepatch/core.c
> >> > > @@ -502,6 +502,17 @@ static int __klp_disable_patch(struct klp_patch *patch)
> >> > >       return 0;
> >> > >  }
> >> > >
> >> > > +static int __klp_disable_patch_nolock(struct klp_patch *patch)
> >> > > +{
> >> > > +     int ret = 0;
> >> > > +
> >> > > +     ret = __klp_disable_patch(patch);
> >> > > +     if (ret)
> >> > > +             return ret;
> >> > > +     module_put(patch->mod);
> >> > > +     return ret;
> >> > > +}
> >> > > +
> >> >
> >> > Your patch doesn't solve the problem at all.
> >> >
> >> > There is no guarantee that once __klp_disable_patch() returns noone is
> >> > using the old code any more.
> >> >
> >>
> >> Yes, thanks.
> >>
> >> The __klp_disable_patch only guarantees that we will never call the
> >> function in patch module. For now, patch module can never be removed
> >> from the kernel once it was loaded. It may be inconvenience if we want
> >> re-load a new patch module replace the old patch module.
> >
> > Patch stacking is possible though.
> >
> 
> How about check the stack when start to remove the patch module? We
> can use the interface stop_machine to hang other CPU, then check and
> remove if no function in patch module is used.

Yeah, we'll eventually have something like that as part of the
consistency model.  The exact implementation is still undecided.  Until
then I think we want to disallow removing the patch module.

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ