lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190209091728.23046-1-kamalesh@linux.vnet.ibm.com>
Date:   Sat,  9 Feb 2019 14:47:28 +0530
From:   Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
To:     live-patching@...r.kernel.org
Cc:     Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
        linux-kernel@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>,
        Petr Mladek <pmladek@...e.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jiri Kosina <jikos@...nel.org>
Subject: [PATCH] livepatch: Enforce reliable stack trace as config dependency

While the consistency model was introduced, architectures without the
reliable stack trace implementation could use the immediate flag for
livepatching but with its own limitations.

After removal of the immediate flag by commit d0807da78e11
("livepatch: Remove immediate feature"), reliable stack trace became
enforcing dependency for livepatch support on any architecture. In
the current code, we ensure that the dependency is met when
enabling the patch during the module load.

This dependency check can be improved by moving it to the Kconfig,
which disables the support for livepatching in the kernel for unmet
dependencies. This patch moves both HAVE_RELIABLE_STACKTRACE and
STACKTRACE under config LIVEPATCH, it also removes the
klp_have_reliable_stack() function.

Loading a livepatching module on an architecture where reliable
stack trace is yet to be implemented, the user should see:

insmod: ERROR: could not insert module ./livepatch-sample.ko: Invalid module format

...
[  286.453463] livepatch_sample: module is marked as livepatch module, but livepatch support is disabled

[pmladek@...e.com: Suggested to explicitly add CONFIG_STACKTRACE under
 config LIVEPATCH]
Signed-off-by: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
Cc: Miroslav Benes <mbenes@...e.cz>
Cc: Petr Mladek <pmladek@...e.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Jiri Kosina <jikos@...nel.org>
---
Patch is based on a087cdd4073b (origin/for-5.1/atomic-replace) branch

 include/linux/livepatch.h | 6 ------
 kernel/livepatch/Kconfig  | 2 ++
 kernel/livepatch/core.c   | 6 ------
 3 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 53551f470722..7848c7bbffbb 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -214,12 +214,6 @@ static inline bool klp_patch_pending(struct task_struct *task)
 	return test_tsk_thread_flag(task, TIF_PATCH_PENDING);
 }
 
-static inline bool klp_have_reliable_stack(void)
-{
-	return IS_ENABLED(CONFIG_STACKTRACE) &&
-	       IS_ENABLED(CONFIG_HAVE_RELIABLE_STACKTRACE);
-}
-
 typedef int (*klp_shadow_ctor_t)(void *obj,
 				 void *shadow_data,
 				 void *ctor_data);
diff --git a/kernel/livepatch/Kconfig b/kernel/livepatch/Kconfig
index ec4565122e65..4e4e4fe040f5 100644
--- a/kernel/livepatch/Kconfig
+++ b/kernel/livepatch/Kconfig
@@ -10,6 +10,8 @@ config LIVEPATCH
 	depends on SYSFS
 	depends on KALLSYMS_ALL
 	depends on HAVE_LIVEPATCH
+	depends on STACKTRACE
+	depends on HAVE_RELIABLE_STACKTRACE
 	depends on !TRIM_UNUSED_KSYMS
 	help
 	  Say Y here if you want to support kernel live patching.
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index d1af69e9f0e3..a7a00478f6c3 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -1034,12 +1034,6 @@ int klp_enable_patch(struct klp_patch *patch)
 	if (!klp_initialized())
 		return -ENODEV;
 
-	if (!klp_have_reliable_stack()) {
-		pr_err("This architecture doesn't have support for the livepatch consistency model.\n");
-		return -EOPNOTSUPP;
-	}
-
-
 	mutex_lock(&klp_mutex);
 
 	ret = klp_init_patch_early(patch);
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ