lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161110153608.jsxlygej4r3ux42g@treble>
Date:   Thu, 10 Nov 2016 09:36:08 -0600
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     live-patching@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC 0/2] livepatch: patch creation tooling proposal

On Thu, Oct 27, 2016 at 09:35:48AM -0500, Josh Poimboeuf wrote:
> So here's my proposal: use the existing kernel build infrastructure.  If
> klp relocations are needed, manually specify them with a new
> klp_module_reloc struct and corresponding KLP_MODULE_RELOC macro.  Then
> run a post-processing tool called klp-convert which converts those
> klp_module_reloc structs into the sections, relocations, and symbols
> needed by the klp runtime code.

I think the biggest blocker for this approach is detecting gcc
optimizations which break function ABI, i.e. Miroslav's presentation:

  http://www.linuxplumbersconf.org/2016/ocw//system/presentations/3573/original/pres_gcc.pdf

Right now we have no way of finding all such cases.

I think our options are:

1) Find a way for gcc to report when function ABI has been broken;

2) Disable all gcc optimizations which can break function ABI.  Not sure
   if this is even possible, but if so, we'd need to quantify the
   performance impact.  (Note we might be able to leave some options
   enabled if they result in a function name change (e.g.,
   -fpartial-inlining, -fipa-sra, -fipa-cp)); or

3) Stay with the status quo (kpatch-build?), since it has detection of
   such optimizations "built in".

Does anybody want to take ownership of this patch set and/or try to
explore the options further?  I don't have any more bandwidth right now
(mainly due to the consistency model and porting objtool to DWARF).

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ