lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160406134833.GA12961@canonical.com>
Date:	Wed, 6 Apr 2016 14:48:34 +0100
From:	Chris J Arges <chris.j.arges@...onical.com>
To:	Miroslav Benes <mbenes@...e.cz>
Cc:	Josh Poimboeuf <jpoimboe@...hat.com>,
	Jiri Kosina <jikos@...nel.org>, jeyu@...hat.com,
	eugene.shatokhin@...alab.ru, live-patching@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	pmladek@...e.cz
Subject: Re: Bug with paravirt ops and livepatches

On Wed, Apr 06, 2016 at 02:09:01PM +0200, Miroslav Benes wrote:
> On Wed, 6 Apr 2016, Chris J Arges wrote:
> 
> > I think this approach needs more thought and my code has bug(s).
> 
> And indeed there is...
> 
> long (*__kvm_arch_vm_ioctl)(struct file *filp, unsigned long ioctl, unsigned long arg) = NULL;
> 
> Use a different name than __kvm_arch_vm_ioctl and (ideally) make it 
> static.
> 
> kallsyms_lookup_name("__kvm_arch_vm_ioctl") returns the address of this 
> variable from the patch module.
> 
> Miroslav
>

Well that was the bug, I was really stumped why it was giving me a wierd
address for a function. Once I changed my pointer name to something else it
worked, so there was no difference to these approaches. I also had to modify
the symbol lookup to happen in the livepatch so we ensure that the module is
loaded in this case and not get a NULL deref.

The fixed code is here:
http://people.canonical.com/~arges/livepatch_issue/livepatch_kvm_arch_vm_ioctl.works.2/

This out of tree patch doesn't have the same failure as building a patch with
kpatch-build which is what we expect since it doesn't have livepatch relocs. In
addition I tested with the kvm module loaded _after_ the livepatch module and
no failure was observed.

--chris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ