lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <564125BE.2090604@canonical.com>
Date:	Mon, 9 Nov 2015 17:01:18 -0600
From:	Chris J Arges <chris.j.arges@...onical.com>
To:	Josh Poimboeuf <jpoimboe@...hat.com>
Cc:	live-patching@...r.kernel.org, jeyu@...hat.com,
	Seth Jennings <sjenning@...hat.com>,
	Jiri Kosina <jikos@...nel.org>,
	Vojtech Pavlik <vojtech@...e.com>, linux-api@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] livepatch: old_name,number scheme in livepatch sysfs
 directory

On 11/09/2015 02:56 PM, Josh Poimboeuf wrote:
> I'd recommend splitting this up into two separate patches:
> 
> 1. introduce old_sympos
> 2. change the sysfs interface
> 
> On Mon, Nov 09, 2015 at 10:16:05AM -0600, Chris J Arges wrote:
>> In cases of duplicate symbols in vmlinux, old_sympos will be used to
>> disambiguate instead of old_addr. Normally old_sympos will be 0, and
>> default to only returning the first found instance of that symbol. If an
>> incorrect symbol position is specified then livepatching will fail.
> 
> In the case of old_sympos == 0, instead of just returning the first
> symbol it finds, I think it should ensure that the symbol is unique.  As
> Miroslav suggested:
> 
>   0 - default, preserve more or less current behaviour. If the symbol is 
>       unique there is no problem. If it is not the patching would fail.
>   1, 2, ... - occurrence of the symbol in kallsyms.
>   
>   The advantage is that if the user does not care and is certain that the 
>   symbol is unique he doesn't have to do anything. If the symbol is not 
>   unique he still has means how to solve it.
> 

So one part that will be confusing here is as follows.

If '0' is specified for old_sympos, should the symbol be 'func_name,0'
or 'func_name,1' provided we have a unique symbol? We could also default
to 'what the user provides', but this seems odd.

Another option would be to use no postfix when 0 is given, and only
introduce the ',n' postfix if old_sympos is > 0.

--chris

>> Finally, old_addr is now an internal structure element and not to be
>> specified by the user.
>>
>> The following directory structure will allow for cases when the same
>> function name exists in a single object.
>> 	/sys/kernel/livepatch/<patch>/<object>/<function.number>
> 
> Period should be changed to a comma.
> 
>> The number corresponds to the nth occurrence of the symbol name in
>> kallsyms for the patched object.
>>
>> An example of patching multiple symbols can be found here:
>> 	https://github.com/dynup/kpatch/issues/493
>>
>> Signed-off-by: Chris J Arges <chris.j.arges@...onical.com>
>> ---
>>  Documentation/ABI/testing/sysfs-kernel-livepatch |  6 ++-
>>  include/linux/livepatch.h                        | 20 ++++---
>>  kernel/livepatch/core.c                          | 66 ++++++++++++++++--------
>>  3 files changed, 61 insertions(+), 31 deletions(-)
>>
>> diff --git a/Documentation/ABI/testing/sysfs-kernel-livepatch b/Documentation/ABI/testing/sysfs-kernel-livepatch
>> index 5bf42a8..21b6bc1 100644
>> --- a/Documentation/ABI/testing/sysfs-kernel-livepatch
>> +++ b/Documentation/ABI/testing/sysfs-kernel-livepatch
>> @@ -33,7 +33,7 @@ Description:
>>  		The object directory contains subdirectories for each function
>>  		that is patched within the object.
>>  
>> -What:		/sys/kernel/livepatch/<patch>/<object>/<function>
>> +What:		/sys/kernel/livepatch/<patch>/<object>/<function,number>
>>  Date:		Nov 2014
>>  KernelVersion:	3.19.0
>>  Contact:	live-patching@...r.kernel.org
>> @@ -41,4 +41,8 @@ Description:
>>  		The function directory contains attributes regarding the
>>  		properties and state of the patched function.
>>  
>> +		The directory name contains the patched function name and a
>> +		number corresponding to the nth occurrence of the symbol name
>> +		in kallsyms for the patched object.
>> +
>>  		There are currently no such attributes.
>> diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
>> index 31db7a0..986e06d 100644
>> --- a/include/linux/livepatch.h
>> +++ b/include/linux/livepatch.h
>> @@ -37,8 +37,9 @@ enum klp_state {
>>   * struct klp_func - function structure for live patching
>>   * @old_name:	name of the function to be patched
>>   * @new_func:	pointer to the patched function code
>> - * @old_addr:	a hint conveying at what address the old function
>> + * @old_sympos: a hint indicating which symbol position the old function
>>   *		can be found (optional, vmlinux patches only)
> 
> Why is old_sympos only checked for vmlinux patches only?  It's a
> per-object count, so it should work for modules as well.
> 
>> + * @old_addr:	the address of the function being patched
>>   * @kobj:	kobject for sysfs resources
>>   * @state:	tracks function-level patch application state
>>   * @stack_node:	list node for klp_ops func_stack list
>> @@ -47,17 +48,20 @@ struct klp_func {
>>  	/* external */
>>  	const char *old_name;
>>  	void *new_func;
>> +
>>  	/*
>> -	 * The old_addr field is optional and can be used to resolve
>> -	 * duplicate symbol names in the vmlinux object.  If this
>> -	 * information is not present, the symbol is located by name
>> -	 * with kallsyms. If the name is not unique and old_addr is
>> -	 * not provided, the patch application fails as there is no
>> -	 * way to resolve the ambiguity.
>> +	 * The old_sympos field is optional and can be used to resolve duplicate
>> +	 * symbol names in the vmlinux object.  If this information is not
>> +	 * present, the first symbol located with kallsyms is used. This value
>> +	 * corresponds to the nth occurrence of the symbol name in kallsyms for
>> +	 * the patched object. If the name is not unique and old_sympos is not
>> +	 * provided, the patch application fails as there is no way to resolve
>> +	 * the ambiguity.
>>  	 */
>> -	unsigned long old_addr;
>> +	unsigned long old_sympos;
>>  
>>  	/* internal */
>> +	unsigned long old_addr;
>>  	struct kobject kobj;
>>  	enum klp_state state;
>>  	struct list_head stack_node;
>> diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
>> index 6e53441..1dd0d44 100644
>> --- a/kernel/livepatch/core.c
>> +++ b/kernel/livepatch/core.c
>> @@ -142,6 +142,7 @@ struct klp_find_arg {
>>  	 * name in the same object.
>>  	 */
>>  	unsigned long count;
>> +	unsigned long pos;
>>  };
>>  
>>  static int klp_find_callback(void *data, const char *name,
>> @@ -166,28 +167,39 @@ static int klp_find_callback(void *data, const char *name,
>>  	args->addr = addr;
>>  	args->count++;
>>  
>> +	/*
>> +	 * ensure count matches the symbol position
>> +	 */
>> +	if (args->pos == (args->count-1))
>> +		return 1;
>> +
> 
> The code can be simplified a bit if args->addr only gets set when
> args->pos is a match.  Then klp_find_object_symbol() only needs to check
> args.addr to see if a match was found.
> 
>>  	return 0;
>>  }
>>  
>>  static int klp_find_object_symbol(const char *objname, const char *name,
>> -				  unsigned long *addr)
>> +				  unsigned long *addr, unsigned long sympos)
>>  {
>>  	struct klp_find_arg args = {
>>  		.objname = objname,
>>  		.name = name,
>>  		.addr = 0,
>> -		.count = 0
>> +		.count = 0,
>> +		.pos = sympos,
>>  	};
>>  
>>  	mutex_lock(&module_mutex);
>>  	kallsyms_on_each_symbol(klp_find_callback, &args);
>>  	mutex_unlock(&module_mutex);
>>  
>> -	if (args.count == 0)
>> +	/*
>> +	 * Ensure an address was found, then check that the symbol position
>> +	 * count matches sympos.
>> +	 */
>> +	if (args.addr == 0)
>>  		pr_err("symbol '%s' not found in symbol table\n", name);
>> -	else if (args.count > 1)
>> -		pr_err("unresolvable ambiguity (%lu matches) on symbol '%s' in object '%s'\n",
>> -		       args.count, name, objname);
>> +	else if (sympos != (args.count - 1))
>> +		pr_err("symbol position %lu for symbol '%s' in object '%s' not found\n",
>> +		       sympos, name, objname ? objname : "vmlinux");
>>  	else {
>>  		*addr = args.addr;
>>  		return 0;
>> @@ -239,20 +251,19 @@ static int klp_verify_vmlinux_symbol(const char *name, unsigned long addr)
>>  static int klp_find_verify_func_addr(struct klp_object *obj,
>>  				     struct klp_func *func)
>>  {
>> +	int sympos = 0;
>>  	int ret;
>>  
>> -#if defined(CONFIG_RANDOMIZE_BASE)
>> -	/* If KASLR has been enabled, adjust old_addr accordingly */
>> -	if (kaslr_enabled() && func->old_addr)
>> -		func->old_addr += kaslr_offset();
>> -#endif
>> +	if (func->old_sympos && !klp_is_module(obj))
>> +		sympos = func->old_sympos;
>>  
>> -	if (!func->old_addr || klp_is_module(obj))
>> -		ret = klp_find_object_symbol(obj->name, func->old_name,
>> -					     &func->old_addr);
>> -	else
>> -		ret = klp_verify_vmlinux_symbol(func->old_name,
>> -						func->old_addr);
>> +	/*
>> +	 * Verify the symbol, find old_addr, and write it to the structure.
>> +	 * By default sympos will be 0 and thus will only look for the first
>> +	 * occurrence. If another value is specified then that will be used.
>> +	 */
>> +	ret = klp_find_object_symbol(obj->name, func->old_name,
>> +				     &func->old_addr, sympos);
>>  
>>  	return ret;
>>  }
>> @@ -277,7 +288,7 @@ static int klp_find_external_symbol(struct module *pmod, const char *name,
>>  	preempt_enable();
>>  
>>  	/* otherwise check if it's in another .o within the patch module */
>> -	return klp_find_object_symbol(pmod->name, name, addr);
>> +	return klp_find_object_symbol(pmod->name, name, addr, 0);
>>  }
>>  
>>  static int klp_write_object_relocations(struct module *pmod,
>> @@ -307,7 +318,7 @@ static int klp_write_object_relocations(struct module *pmod,
>>  			else
>>  				ret = klp_find_object_symbol(obj->mod->name,
>>  							     reloc->name,
>> -							     &reloc->val);
>> +							     &reloc->val, 0);
> 
> I think it would be a good idea to also add old_sympos to klp_reloc so
> the relocation code is consistent with the klp_func symbol addressing.
>

So you are thinking as an optional external field as well? I'll have to
look at this a bit more but makes sense to me.
--chris


>>  			if (ret)
>>  				return ret;
>>  		}
>> @@ -587,7 +598,7 @@ EXPORT_SYMBOL_GPL(klp_enable_patch);
>>   * /sys/kernel/livepatch/<patch>
>>   * /sys/kernel/livepatch/<patch>/enabled
>>   * /sys/kernel/livepatch/<patch>/<object>
>> - * /sys/kernel/livepatch/<patch>/<object>/<func>
>> + * /sys/kernel/livepatch/<patch>/<object>/<func,number>
>>   */
>>  
>>  static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr,
>> @@ -732,8 +743,7 @@ static int klp_init_func(struct klp_object *obj, struct klp_func *func)
>>  	INIT_LIST_HEAD(&func->stack_node);
>>  	func->state = KLP_DISABLED;
>>  
>> -	return kobject_init_and_add(&func->kobj, &klp_ktype_func,
>> -				    &obj->kobj, "%s", func->old_name);
>> +	return 0;
>>  }
> 
> The sysfs entry can still be created here, since the function name and
> sympos are both already known.
> 
>>  
>>  /* parts of the initialization that is done only when the object is loaded */
>> @@ -755,6 +765,18 @@ static int klp_init_object_loaded(struct klp_patch *patch,
>>  			return ret;
>>  	}
>>  
>> +	/*
>> +	 * for each function initialize and add, old_sympos will be already
>> +	 * verified at this point
>> +	 */
>> +	klp_for_each_func(obj, func) {
>> +		ret = kobject_init_and_add(&func->kobj, &klp_ktype_func,
>> +				    &obj->kobj, "%s,%lu", func->old_name,
>> +				    func->old_sympos ? func->old_sympos : 0);
>> +		if (ret)
>> +			return ret;
>> +	}
>> +
>>  	return 0;
>>  }
>>  
>> -- 
>> 1.9.1
>>
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ