lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1602041742120.4407@pobox.suse.cz>
Date:	Thu, 4 Feb 2016 17:47:57 +0100 (CET)
From:	Miroslav Benes <mbenes@...e.cz>
To:	Petr Mladek <pmladek@...e.com>
cc:	Jessica Yu <jeyu@...hat.com>, Josh Poimboeuf <jpoimboe@...hat.com>,
	Seth Jennings <sjenning@...hat.com>,
	Jiri Kosina <jikos@...nel.org>,
	Vojtech Pavlik <vojtech@...e.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Steven Rostedt <rostedt@...dmis.org>,
	Ingo Molnar <mingo@...hat.com>, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] livepatch/module: remove livepatch module
 notifier

On Thu, 4 Feb 2016, Petr Mladek wrote:

> On Mon 2016-02-01 20:17:36, Jessica Yu wrote:
> >
> >  
> > -	if (patch->state == KLP_DISABLED)
> > -		goto disabled;
> > +			ret = klp_init_object_loaded(patch, obj);
> > +			if (ret) {
> > +				pr_warn("failed to initialize patch '%s' for module '%s' (%d)\n",
> > +					patch->mod->name, obj->mod->name, ret);
> > +				goto err;
> > +			}
> > +
> > +			if (patch->state == KLP_DISABLED)
> > +				break;
> >  
> > -	pr_notice("reverting patch '%s' on unloading module '%s'\n",
> > -		  pmod->name, mod->name);
> > +			pr_notice("applying patch '%s' to loading module '%s'\n",
> > +				  patch->mod->name, obj->mod->name);
> >  
> > -	klp_disable_object(obj);
> > +			ret = klp_enable_object(obj);
> > +			if (ret) {
> > +				pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
> > +					patch->mod->name, obj->mod->name, ret);
> > +				goto err;
> > +			}
> > +
> > +			break;
> > +		}
> > +	}
> > +
> > +	mutex_unlock(&klp_mutex);
> >  
> > -disabled:
> > -	klp_free_object_loaded(obj);
> > +	return 0;
> > +
> > +err:
> > +	/*
> > +	 * If a patch is unsuccessfully applied, return
> > +	 * error to the module loader.
> > +	 */
> > +	obj->mod = NULL;
> > +	pr_warn("patch '%s' is in an inconsistent state!\n", patch->mod->name);
> 
> This message is not correct. The module will not get loaded
> when the patch is not applied.

Yes, because we are in a better situation with this patch. We actually 
return an error and refuse to load the module. Message should take that 
into account.

> Instead, we need to revert all the operations that has already
> been done for this module. Note that the module stayed loaded
> before, so we did not need to release any memory or revert
> any ftrace call registration but we need to do so now!

Actually, I think the code is correct. If klp_init_object_loaded() there 
is no problem because we only write relocations there (which are written 
to the module being loaded) and resolve symbols via kallsyms. Nothing to 
revert there and it could be done again.

If klp_enable_object() fails, all the relevant error handling was already 
done there. See the call to klp_disable_object() if klp_enable_function() 
fails there.

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ