| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Feb 2019 14:47:28 +0530
From: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
To: live-patching@...r.kernel.org
Cc: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
linux-kernel@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>,
Petr Mladek <pmladek@...e.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Jiri Kosina <jikos@...nel.org>
Subject: [PATCH] livepatch: Enforce reliable stack trace as config dependency
While the consistency model was introduced, architectures without the
reliable stack trace implementation could use the immediate flag for
livepatching but with its own limitations.
After removal of the immediate flag by commit d0807da78e11
("livepatch: Remove immediate feature"), reliable stack trace became
enforcing dependency for livepatch support on any architecture. In
the current code, we ensure that the dependency is met when
enabling the patch during the module load.
This dependency check can be improved by moving it to the Kconfig,
which disables the support for livepatching in the kernel for unmet
dependencies. This patch moves both HAVE_RELIABLE_STACKTRACE and
STACKTRACE under config LIVEPATCH, it also removes the
klp_have_reliable_stack() function.
Loading a livepatching module on an architecture where reliable
stack trace is yet to be implemented, the user should see:
insmod: ERROR: could not insert module ./livepatch-sample.ko: Invalid module format
...
[ 286.453463] livepatch_sample: module is marked as livepatch module, but livepatch support is disabled
[pmladek@...e.com: Suggested to explicitly add CONFIG_STACKTRACE under
config LIVEPATCH]
Signed-off-by: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
Cc: Miroslav Benes <mbenes@...e.cz>
Cc: Petr Mladek <pmladek@...e.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Jiri Kosina <jikos@...nel.org>
---
Patch is based on a087cdd4073b (origin/for-5.1/atomic-replace) branch
include/linux/livepatch.h | 6 ------
kernel/livepatch/Kconfig | 2 ++
kernel/livepatch/core.c | 6 ------
3 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 53551f470722..7848c7bbffbb 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -214,12 +214,6 @@ static inline bool klp_patch_pending(struct task_struct *task)
return test_tsk_thread_flag(task, TIF_PATCH_PENDING);
}
-static inline bool klp_have_reliable_stack(void)
-{
- return IS_ENABLED(CONFIG_STACKTRACE) &&
- IS_ENABLED(CONFIG_HAVE_RELIABLE_STACKTRACE);
-}
-
typedef int (*klp_shadow_ctor_t)(void *obj,
void *shadow_data,
void *ctor_data);
diff --git a/kernel/livepatch/Kconfig b/kernel/livepatch/Kconfig
index ec4565122e65..4e4e4fe040f5 100644
--- a/kernel/livepatch/Kconfig
+++ b/kernel/livepatch/Kconfig
@@ -10,6 +10,8 @@ config LIVEPATCH
depends on SYSFS
depends on KALLSYMS_ALL
depends on HAVE_LIVEPATCH
+ depends on STACKTRACE
+ depends on HAVE_RELIABLE_STACKTRACE
depends on !TRIM_UNUSED_KSYMS
help
Say Y here if you want to support kernel live patching.
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index d1af69e9f0e3..a7a00478f6c3 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -1034,12 +1034,6 @@ int klp_enable_patch(struct klp_patch *patch)
if (!klp_initialized())
return -ENODEV;
- if (!klp_have_reliable_stack()) {
- pr_err("This architecture doesn't have support for the livepatch consistency model.\n");
- return -EOPNOTSUPP;
- }
-
-
mutex_lock(&klp_mutex);
ret = klp_init_patch_early(patch);
--
2.20.1
Powered by blists - more mailing lists