lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150413094121.GD16088@pathway.suse.cz>
Date:	Mon, 13 Apr 2015 11:41:21 +0200
From:	Petr Mladek <pmladek@...e.cz>
To:	Minfei Huang <minfei.huang@...mail.com>
Cc:	jpoimboe@...hat.com, sjenning@...hat.com, jkosina@...e.cz,
	vojtech@...e.cz, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] livepatch: Add a new function to verify the address
 and name match for extra module

On Mon 2015-04-13 17:11:19, Minfei Huang wrote:
> On 04/13/15 at 10:37P, Petr Mladek wrote:
> > On Sun 2015-04-12 21:15:53, Minfei Huang wrote:
> > > In order to restrict the patch, we can verify the provided function
> > > address and name match. Now we have can only verify the vmlinux function
> > > name and address.
> > > 
> > > Add a new function to verify extra module function name and address. The
> > > patch would not be patched, if the function name and address are not
> > > matched.
> > 
> > old_addr could be predefined only for vmlinux. It does not make sense
> > to define it for modules because they are loaded dynamically, each
> > time on a different addresses. It means that it does not make sense
> > to verify addresses from modules. They always need to be detected.
> > 
> 
> Please correct me if there is something wrong for below comment.
> 
> As commented in the doc that function address is optional, it is more
> confortable during patching the patch, if function name and address are
> provided.
> 
> For now we only use function name to detect the module function. It is
> more accurate to detect the function using function name and address.

I think that it is the other way. It is easier to create patch without
the addresses. It is enough for most patches.

The function address is needed only if there are more functions of
the same name. There are only few in vmlinux.

We currently does not allow to handle name conflicts inside a module.
But the chance is very small that there will be such a conflict.
Do you know about any module that could not be patched because
of this?


> Maybe the function address being optional to be added is more accepted. 
> 
> Also what the patches's purpose is to support the situation that
> function name is larger than 128.
>
> I think the patches make sense, because we can not disallow the extra
> module to be patch, which function name may be larger than 128.

Do you know about any such function name, please?

Best Regards,
Petr
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ