lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20170829190140.401-1-jmoreira@suse.de>
Date:   Tue, 29 Aug 2017 16:01:32 -0300
From:   Joao Moreira <jmoreira@...e.de>
To:     live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     mbenes@...e.cz, mmarek@...e.cz, pmladek@...e.com, jikos@...e.cz,
        nstange@...e.de, jroedel@...e.de, matz@...e.de,
        jpoimboe@...hat.com, khlebnikov@...dex-team.ru, jeyu@...nel.org,
        jmoreira@...e.de
Subject: [PATCH 0/8] livepatch: klp-convert tool

Livepatches may use symbols which are not contained in its own scope,
and, because of that, may end up compiled with relocations that will
only be resolved during module load. Yet, when the referenced symbols are
not exported, solving this relocation requires information on the object
that holds the symbol (either vmlinux or modules) and its position inside
the object, as an object may contain multiple symbols with the same name.
Providing such information must be done accordingly to what is specified
in Documentation/livepatch/module-elf-format.txt.

Currently, there is no trivial way to embed the required information as
requested in the final livepatch elf object. klp-convert solves this
problem in two different forms: (i) by relying on a symbol map, which is
built during kernel compilation, to automatically infers the relocation
targeted symbol, and, when such inference is not possible (ii) by using
annotations in the elf object to convert the relocation accordingly to
the specification, enabling it to be handled by the livepatch loader.

Given the above, add support for symbol mapping in the form of
Symbols.list file; add klp-convert tool; integrate klp-convert tool into
kbuild; make livepatch modules discernible during kernel compilation
pipeline; add data-structure and macros to enable users to annotate
livepatch source code; make modpost stage compatible with livepatches;
update livepatch-sample and update documentation.

The patch was tested under three use-cases:

use-case 1: There is a relocation in the lp that can be automatically
resolved by klp-convert (tested by removing the annotations from
samples/livepatch/livepatch-annotated-sample.c)

use-case 2: There is a relocation in the lp that cannot be automatically
resolved, as the name of the respective symbol appears in multiple
objects. The livepatch contains an annotation to enable a correct
relocation - reproducible with this livepatch sample:
www.livewire.com.br/suse/klp/livepatch-sample.1.c

use-case 3: There is a relocation in the lp that cannot be automatically
resolved similarly as 2, but no annotation was provided in the livepatch,
triggering an error during compilation - reproducible with this livepatch
sample: www.livewire.com.br/suse/klp/livepatch-sample.2.c

Joao Moreira (2):
  kbuild: Support for Symbols.list creation
  documentation: Update on livepatch elf format

Josh Poimboeuf (5):
  livepatch: Create and include UAPI headers
  livepatch: Add klp-convert tool
  livepatch: Add klp-convert annotation helpers
  modpost: Integrate klp-convert
  livepatch: Add sample livepatch module

Miroslav Benes (1):
  modpost: Add modinfo flag to livepatch modules

 .gitignore                                     |   1 +
 Documentation/livepatch/module-elf-format.txt  |  47 +-
 MAINTAINERS                                    |   2 +
 Makefile                                       |  29 +-
 include/linux/livepatch.h                      |  12 +
 include/uapi/linux/livepatch.h                 |  33 ++
 kernel/livepatch/core.c                        |   4 +-
 samples/livepatch/Makefile                     |   5 +-
 samples/livepatch/livepatch-annotated-sample.c | 128 +++++
 samples/livepatch/livepatch-sample.c           |   1 -
 scripts/Kbuild.include                         |   4 +-
 scripts/Makefile                               |   1 +
 scripts/Makefile.build                         |   6 +
 scripts/Makefile.modpost                       |  24 +-
 scripts/livepatch/.gitignore                   |   1 +
 scripts/livepatch/Makefile                     |   7 +
 scripts/livepatch/elf.c                        | 696 +++++++++++++++++++++++++
 scripts/livepatch/elf.h                        |  84 +++
 scripts/livepatch/klp-convert.c                | 567 ++++++++++++++++++++
 scripts/livepatch/list.h                       | 389 ++++++++++++++
 scripts/mod/modpost.c                          |  80 ++-
 scripts/mod/modpost.h                          |   1 +
 22 files changed, 2104 insertions(+), 18 deletions(-)
 create mode 100644 include/uapi/linux/livepatch.h
 create mode 100644 samples/livepatch/livepatch-annotated-sample.c
 create mode 100644 scripts/livepatch/.gitignore
 create mode 100644 scripts/livepatch/Makefile
 create mode 100644 scripts/livepatch/elf.c
 create mode 100644 scripts/livepatch/elf.h
 create mode 100644 scripts/livepatch/klp-convert.c
 create mode 100644 scripts/livepatch/list.h

-- 
2.12.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ