lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1508511411-4189-2-git-send-email-pmladek@suse.com>
Date:   Fri, 20 Oct 2017 16:56:50 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Jiri Kosina <jikos@...nel.org>,
        Joe Lawrence <joe.lawrence@...hat.com>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>, Jessica Yu <jeyu@...nel.org>,
        Miroslav Benes <mbenes@...e.cz>,
        Chris J Arges <chris.j.arges@...onical.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        Petr Mladek <pmladek@...e.com>
Subject: [PATCH 1/2] livepatch: Correctly call klp_post_unpatch_callback() in error paths

The flag post_unpatch_enabled in struct klp_callbacks is need in
the error paths. We need to call the post_unpatch callback
only when the pre_patch one was called.

We should clear the flag in klp_post_unpatch_callback() to make
sure that the callback is not called twice. It makes the API
more safe.

Note that we actually would call the callback twice in
klp_module_coming() when klp_patch_object() fails.
In this case, we explicitly call klp_post_unpatch_callback()
for the failed object. And we are going to call it once
again when reverting operations for all the patches by
reusing the klp_module_going() code. There is a patch
doing this in the queue.

There was another mistake in the error path in klp_comming_module().
It called klp_post_unpatch_callback() only when
patch != klp_transition_patch. But klp_pre_patch_callback()
was called even for this patch.

In fact, we could remove klp_post_unpatch_callback() from
the error path at all because it will be covered by
the reuse of the klp_module_going() code. But I think
that it is cleaner this way. For example, someone
might later decide to call the callback only when
obj->patched flag is set.

Finally, I used this opportunity to make klp_pre_patch_callback()
more readable.

Signed-off-by: Petr Mladek <pmladek@...e.com>
---
 kernel/livepatch/core.c | 4 +---
 kernel/livepatch/core.h | 8 +++++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index cafb5a84417d..eb134479c394 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -894,9 +894,7 @@ int klp_module_coming(struct module *mod)
 				pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
 					patch->mod->name, obj->mod->name, ret);
 
-				if (patch != klp_transition_patch)
-					klp_post_unpatch_callback(obj);
-
+				klp_post_unpatch_callback(obj);
 				goto err;
 			}
 
diff --git a/kernel/livepatch/core.h b/kernel/livepatch/core.h
index 6fc907b54e71..cc3aa708e0b4 100644
--- a/kernel/livepatch/core.h
+++ b/kernel/livepatch/core.h
@@ -12,10 +12,10 @@ static inline bool klp_is_object_loaded(struct klp_object *obj)
 
 static inline int klp_pre_patch_callback(struct klp_object *obj)
 {
-	int ret;
+	int ret = 0;
 
-	ret = (obj->callbacks.pre_patch) ?
-		(*obj->callbacks.pre_patch)(obj) : 0;
+	if (obj->callbacks.pre_patch)
+		ret = (*obj->callbacks.pre_patch)(obj);
 
 	obj->callbacks.post_unpatch_enabled = !ret;
 
@@ -39,6 +39,8 @@ static inline void klp_post_unpatch_callback(struct klp_object *obj)
 	if (obj->callbacks.post_unpatch_enabled &&
 	    obj->callbacks.post_unpatch)
 		(*obj->callbacks.post_unpatch)(obj);
+
+	obj->callbacks.post_unpatch_enabled = false;
 }
 
 #endif /* _LIVEPATCH_CORE_H */
-- 
1.8.5.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ