lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190208062005.GA21436@JAVRIS.in.ibm.com>
Date:   Fri, 8 Feb 2019 11:50:05 +0530
From:   Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
To:     Petr Mladek <pmladek@...e.com>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Alice Ferrazzi <alicef@...cef.me>, jeyu@...nel.org,
        jikos@...nel.org, mbenes@...e.cz, live-patching@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Alice Ferrazzi <alice.ferrazzi@...aclelinux.com>
Subject: Re: [PATCH v2] livepatch: core: Return EOPNOTSUPP instead of ENOSYS

On Wed, Feb 06, 2019 at 11:28:32AM +0100, Petr Mladek wrote:
> On Tue 2019-02-05 09:59:33, Josh Poimboeuf wrote:
> > On Tue, Feb 05, 2019 at 03:33:28AM +0900, Alice Ferrazzi wrote:
> > > From: Alice Ferrazzi <alice.ferrazzi@...aclelinux.com>
> > > 
> > > As a result of an unsupported operation is better to use EOPNOTSUPP
> > > as error code.
> > > ENOSYS is only used for 'invalid syscall nr' and nothing else.
> > > 
> > > Signed-off-by: Alice Ferrazzi <alice.ferrazzi@...aclelinux.com>
> > 
> > Acked-by: Josh Poimboeuf <jpoimboe@...hat.com>
> 
> I have applied the patch into for-5.1/atomic-replace branch.

Sorry to jump into the discussion so late. Thinking a little more about
the check itself, previously with immediate flag an architecture can do
livepatching with limitations and without the reliable stack trace
implemented yet.

After removal of the immediate flag by
commit d0807da78e11 ("livepatch: Remove immediate feature"), every
architecture enabling livepatching is required to have implemented
reliable stack trace.  Is it a better idea to make
HAVE_RELIABLE_STACKTRACE a config dependency, which will disable
livepatching support for architectures without reliable stack trace
function during kernel build?

The idea is to remove klp_have_reliable_stack() by moving
CONFIG_HAVE_RELIABLE_STACKTRACE as a config dependency to Kconfig file
and adding the other CONFIG_STACKTRACE as a config dependency is not
required, as it's selected via CONFIG_DYNAMIC_FTRACE_WITH_REGS
dependency chain. With the patch on architecture without
HAVE_RELIABLE_STACKTRACE, the user should see:

# insmod ./livepatch-sample.ko 
insmod: ERROR: could not insert module ./livepatch-sample.ko: Invalid module format

# dmesg
...
[  286.453463] livepatch_sample: module is marked as livepatch module, but livepatch support is disabled

I have done limited testing on PowerPC and to test the unsupported case,
the config dependency HAVE_RELIABLE_STACKTRACE was misspelled in Kconfig
file. If the idea sounds ok I will send a formal patch.

-------8<----------------------------

diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 53551f470722..7848c7bbffbb 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -214,12 +214,6 @@ static inline bool klp_patch_pending(struct task_struct *task)
        return test_tsk_thread_flag(task, TIF_PATCH_PENDING);
 }
 
-static inline bool klp_have_reliable_stack(void)
-{
-       return IS_ENABLED(CONFIG_STACKTRACE) &&
-              IS_ENABLED(CONFIG_HAVE_RELIABLE_STACKTRACE);
-}
-
 typedef int (*klp_shadow_ctor_t)(void *obj,
                                 void *shadow_data,
                                 void *ctor_data);
diff --git a/kernel/livepatch/Kconfig b/kernel/livepatch/Kconfig
index ec4565122e65..16b3692ddf9f 100644
--- a/kernel/livepatch/Kconfig
+++ b/kernel/livepatch/Kconfig
@@ -9,6 +9,7 @@ config LIVEPATCH
        depends on MODULES
        depends on SYSFS
        depends on KALLSYMS_ALL
+       depends on HAVE_RELIABLE_STACKTRACE
        depends on HAVE_LIVEPATCH
        depends on !TRIM_UNUSED_KSYMS
        help
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index fe1993399823..9a80f7574d75 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -1002,12 +1002,6 @@ int klp_enable_patch(struct klp_patch *patch)
        if (!klp_initialized())
                return -ENODEV;
 
-       if (!klp_have_reliable_stack()) {
-               pr_err("This architecture doesn't have support for the livepatch consistency model.\n");
-               return -ENOSYS;
-       }
-
-
        mutex_lock(&klp_mutex);
 
        ret = klp_init_patch_early(patch);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ