lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160308111423.GB16502@lst.de>
Date:	Tue, 8 Mar 2016 12:14:23 +0100
From:	Torsten Duwe <duwe@....de>
To:	Petr Mladek <pmladek@...e.com>
Cc:	jeyu@...hat.com, jkosina@...e.cz, linux-kernel@...r.kernel.org,
	rostedt@...dmis.org, kamalesh@...ux.vnet.ibm.com,
	linuxppc-dev@...abs.org, live-patching@...r.kernel.org,
	mbenes@...e.cz
Subject: Re: [PATCH][v4] livepatch/ppc: Enable livepatching on powerpc

On Fri, Mar 04, 2016 at 08:22:22PM +0100, Torsten Duwe wrote:
> On Fri, Mar 04, 2016 at 07:16:57PM +0100, Torsten Duwe wrote:
> > On Fri, Mar 04, 2016 at 02:01:37PM +0100, Petr Mladek wrote:
> > > 
> > > Do I understand it correctly that we could not patch functions that
> > > pass arguments on the stack with this implementation? If yes, how hard
> > > would be to get it working, please? At least, it would be great to
> > > catch this problem and handle it with grace. Otherwise, it might
> > > be hard to debug.
> > 
> > No, those functions only require special attention.
> 
> So far it's correct. It's been a while since I wrote that code.
> 
> > I needed _any_ location to store the caller's TOC;
> > and the stack is thread-safe and recursion-safe.
> > The current caller's frame is already full so I had
> > to create a new one.
> 
> Correction: the TOC can be stored in the caller's stack frame at
> the usual location. Only the restore instruction is a problem.

Another correction :-( This is true only for local calls

    -*> Which become *global* calls due to live patching <*-

For callers that made a global call to the patched function originally,
they already _have_ stored their TOC value there, and the r2 they enter
ftrace caller with is bogus.

I see no way to determine which is the case, so my code preserves both:
24(r1) in the caller's frame is left untouched. R2, as it came, is saved in
the mini stack frame, as well as the caller's return address (LR,
shifted 1 frame). Remember, LR got modified to point to klp_return_helper.

Removing this auxiliary stack frame causes even more problems than it solves.

> So one solution could be to call the patch function via a small
> trampoline or pre-prologue that just pops that frame, and have
> the patch function restore R2 manually at the end.

I'll try to demonstrate that. It's not so hard. And klp_return_helper will
do the right thing for >90% of all function replacements automatically.

> Sorry for the confusion,

Once more.

	Torsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ