lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.20.1704111327160.2203@pobox.suse.cz>
Date:   Tue, 11 Apr 2017 13:31:33 +0200 (CEST)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Petr Mladek <pmladek@...e.com>
cc:     Josh Poimboeuf <jpoimboe@...hat.com>, Jessica Yu <jeyu@...hat.com>,
        Jiri Kosina <jikos@...nel.org>, linux-kernel@...r.kernel.org,
        live-patching@...r.kernel.org
Subject: Re: [PATCH] livepatch: Cancel transition a safe way for immediate
 patches

On Tue, 11 Apr 2017, Petr Mladek wrote:

> klp_init_transition() does not set func->transition for immediate patches.
> Then klp_ftrace_handler() could use the new code immediately. As a result,
> it is not safe to put the livepatch module in klp_cancel_transition().
> 
> This patch reverts most of the last minute changes klp_cancel_transition().
> It keeps the warning about a misuse because it still makes sense.
> 
> Signed-off-by: Petr Mladek <pmladek@...e.com>
> ---
> Hi,
> 
> I am afraid that Mirek was not right in the mail
> https://lkml.kernel.org/r/alpine.LSU.2.20.1702161504020.16310@pobox.suse.cz
> IMHO, it is not safe to put the module when the immediate
> patch cannot be applied.
> 
> Best Regards,
> Petr

You're right, Petr. Thanks for fixing my fault.

If needed, we could still follow the idea - set func->transition even for 
immediate patches/funcs. But for now, removing the code is the best.

Acked-by: Miroslav Benes <mbenes@...e.cz>

Jiri, this (obviously) needs to go to 4.12 with the patch set...

Miroslav
 
>  kernel/livepatch/transition.c | 20 --------------------
>  1 file changed, 20 deletions(-)
> 
> diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
> index 2de09e0c4e5c..adc0cc64aa4b 100644
> --- a/kernel/livepatch/transition.c
> +++ b/kernel/livepatch/transition.c
> @@ -120,31 +120,11 @@ static void klp_complete_transition(void)
>   */
>  void klp_cancel_transition(void)
>  {
> -	struct klp_patch *patch = klp_transition_patch;
> -	struct klp_object *obj;
> -	struct klp_func *func;
> -	bool immediate_func = false;
> -
>  	if (WARN_ON_ONCE(klp_target_state != KLP_PATCHED))
>  		return;
>  
>  	klp_target_state = KLP_UNPATCHED;
>  	klp_complete_transition();
> -
> -	/*
> -	 * In the enable error path, even immediate patches can be safely
> -	 * removed because the transition hasn't been started yet.
> -	 *
> -	 * klp_complete_transition() doesn't have a module_put() for immediate
> -	 * patches, so do it here.
> -	 */
> -	klp_for_each_object(patch, obj)
> -		klp_for_each_func(obj, func)
> -			if (func->immediate)
> -				immediate_func = true;
> -
> -	if (patch->immediate || immediate_func)
> -		module_put(patch->mod);
>  }
>  
>  /*
> -- 
> 1.8.5.6
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ