lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20181010010400.0aa342ebdf80bbfa835fb6c5@kernel.org>
Date:   Wed, 10 Oct 2018 01:04:00 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Matthew Helsley <mhelsley@...are.com>,
        "Rafael J . Wysocki" <rafael.j.wysocki@...el.com>,
        David Woodhouse <dwmw2@...radead.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>, Jiri Kosina <jkosina@...e.cz>
Subject: Re: [POC][RFC][PATCH 1/2] jump_function: Addition of new feature
 "jump_function"

On Mon, 8 Oct 2018 23:55:34 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Tue, 9 Oct 2018 12:44:01 +0900
> Masami Hiramatsu <mhiramat@...nel.org> wrote:
> 
> > On Fri, 05 Oct 2018 21:51:11 -0400
> > Steven Rostedt <rostedt@...dmis.org> wrote:
> > 
> > > +typedef long dynfunc_t;
> > > +
> > > +struct dynfunc_struct;
> > > +
> > > +#define arch_dynfunc_trampoline(name, def)	\
> > > +	asm volatile (				\
> > > +	".globl dynfunc_" #name "; \n\t"	\
> > > +	"dynfunc_" #name ": \n\t"		\
> > > +	"jmp " #def " \n\t"			\
> > > +	".balign 8 \n \t"			\
> > > +	: : : "memory" )
> > > +  
> > 
> > I have just a question, what is this different from livepatch? :)
> 
> I actually thought about this a bit, but decided against it.
> 
> I didn't want to hook another infrastructure into the fentry nop. It's
> already complex enough with kprobes, live patching and ftrace.
> 
> The ideal solution is what Peter suggested, and that's to patch the
> call sites, and I think that is attainable with objtool modifications.

OK, the ideal solution sounds good to me. 

> 
> > 
> > I think we can replace the first 5 bytes of the default function
> > to jmp instruction (to alternative function) instead of making
> > this trampoline.
> > 
> > IOW, as far as I can see, this is changing
> > 
> > ----
> > call %reg (or retpoline_reg)
> > ----
> > 
> > to 
> > 
> > ----
> > call dynfunc_A
> > 
> > dynfunc_A:
> > jmp func_A or altered_func_A
> > ----
> > 
> > If so, why don't we put the jmp on default func_A directly?
> > ----
> > call func_A
> > 
> > func_A:
> > "jmp altered_func" or "original sequence"
> > ----
> > (this is idealy same as jprobes did)
> > 
> > Of course we have to arbitrate it with ftrace (fentry) but it may
> > not so hard (simplest way is just adding "notrace" on the default
> > function)
> 
> Then we lose the 5 byte nop.

Yeah, but we can remove the trampoline code.

> > BTW, I think "dynamic_function" may not correct name, it may be
> > "alternative_function" or something like that, because this
> > function must be replaced system-wide and this means we can
> > not use this for generic function pointer usage which depends
> > on thread context (like file_operations). But good for something
> > pluggable code (LSM?).
> 
> I don't like the name alternative, as that's usually a one shot deal
> (SMP vs UP).
> 
> It is dynamic, as it's a function that changes dynamically. Yes its
> global, but that's not mutually exclusive to dynamic.

OK, so we may add a note that this is "global" patching :)

> The use case I want this for is for tracing. But it can be useful for
> KVM and power management governors. Basically anything that has a
> global function pointer (hmm, even the idle call can use this).

Indeed.

Thanks,

> 
> -- Steve


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ