lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <564B39C7.6070605@canonical.com>
Date:	Tue, 17 Nov 2015 08:29:27 -0600
From:	Chris J Arges <chris.j.arges@...onical.com>
To:	Jiri Kosina <jikos@...nel.org>
Cc:	live-patching@...r.kernel.org, jpoimboe@...hat.com,
	sjenning@...hat.com, Vojtech Pavlik <vojtech@...e.com>,
	pmladek@...e.com, jeyu@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3 v7] livepatch: add old_sympos as disambiguator field
 to klp_func



On 11/16/2015 03:59 PM, Jiri Kosina wrote:
> On Mon, 16 Nov 2015, Chris J Arges wrote:
> 
>> In cases of duplicate symbols, old_sympos will be used to disambiguate
>> instead of old_addr. By default old_sympos will be 0, and patching will
>> only succeed if the symbol is unique. Specifying a positive value will
>> ensure that occurrence of the symbol in kallsyms for the patched object
>> will be used for patching if it is valid.
>>
>> In addition, make old_addr an internal structure field not to be specified
>> by the user. Finally, remove klp_find_verify_func_addr as it can be
>> replaced by klp_find_object_symbol directly.
>>
>> Support for symbol position disambiguation for relocations is added in the
>> next patch in this series.
> 
> Chris,
> 
> I am sorry to repeat myself, but the changelog is quite verbose with 
> respect to "what is being done", but it doesn't contain any information 
> whatsoever with respect to "why is this an improvement over current 
> state", IOW why we are changing the status quo at all.
> 
> This absolutely has to be present in the changelog.
> 
> Thanks,
> 

Jiri,
Ok, I had put this in the cover letter which I thought was ok as well.
I'll copy those parts into this commit message as well. Here is the text
below. Let me know if this is sufficient.

"
Currently, patching objects with duplicate symbol names fail because the
creation of the sysfs function directory collides with the previous
attempt. Appending old_addr to the function name is problematic as it
reveals the address of the function being patched to a normal user.
Using the symbol's occurrence in kallsyms to postfix the function name
in the sysfs directory solves the issue of having consistent unique
names and ensuring that the address is not exposed to a normal user.

In addition, using the symbol position as the user's method to
disambiguate symbols instead of addr allows for disambiguating symbols
in modules as well for both function addresses and for relocs. This also
simplifies much of the code. Special handling for kASLR is no longer
needed and can be removed. The klp_find_verify_func_addr function can be
replaced by klp_find_object_symbol, and klp_verify_vmlinux_symbol and
its callback can be removed completely.
"

--chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ