lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 20 Feb 2019 16:36:13 +0100 (CET)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Joao Moreira <jmoreira@...e.de>
cc:     live-patching@...r.kernel.org, pmladek@...e.cz, jikos@...e.cz,
        nstange@...e.de, jpoimboe@...hat.com, khlebnikov@...dex-team.ru,
        jeyu@...nel.org, matz@...e.de, linux-kernel@...r.kernel.org,
        yamada.masahiro@...ionext.com, michal.lkml@...kovi.net,
        linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v2 5/8] modpost: Integrate klp-convert

Adding CCs...

On Wed, 30 Jan 2019, Joao Moreira wrote:

> From: Josh Poimboeuf <jpoimboe@...hat.com>
> 
> Create cmd_klp_convert and hook it into scripts/Makefile.modpost.
> cmd_klp_convert invokes klp-convert with the right arguments for the
> conversion of unresolved symbols inside a livepatch.
> 
> [khlebnikov:
> * save cmd_ld_ko_o into .module.cmd, if_changed_rule doesn't do that
> * fix bashisms for debian where /bin/sh is a symlink to /bin/dash
> * rename rule_link_module to rule_ld_ko_o, otherwise arg-check inside
>   if_changed_rule compares cmd_link_module and cmd_ld_ko_o
> * check modinfo -F livepatch only if CONFIG_LIVEPATCH is true
> ]
> 
> [mbenes:
> * remove modinfo call. LIVEPATCH_ in Makefiled
> ]
> 
> [jmoreira:
> * split up: move the .livepatch file-based scheme for identifying
> livepatches to a previous patch, as it was required for correctly
> building Symbols.list there.
> ]
> 
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
> Signed-off-by: Miroslav Benes <mbenes@...e.cz>
> Signed-off-by: Joao Moreira <jmoreira@...e.de>

I'm definitely not an expert on this topic (and we talked about it in the 
past off-list), but I'd simplify the SoB chain. At least you don't need my 
SoB there. I'm happy that you took the code and transformed it.

> ---
>  scripts/Kbuild.include   |  4 +++-
>  scripts/Makefile.modpost | 16 +++++++++++++++-
>  scripts/mod/modpost.c    |  6 +++++-
>  scripts/mod/modpost.h    |  1 +
>  4 files changed, 24 insertions(+), 3 deletions(-)
> 
> diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
> index 30816037036e..c30a8573c816 100644
> --- a/scripts/Kbuild.include
> +++ b/scripts/Kbuild.include
> @@ -239,6 +239,8 @@ endif
>  # (needed for the shell)
>  make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1)))))
>  
> +save-cmd = printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd
> +
>  # Find any prerequisites that is newer than target or that does not exist.
>  # PHONY targets skipped in both cases.
>  any-prereq = $(filter-out $(PHONY),$?) $(filter-out $(PHONY) $(wildcard $^),$^)
> @@ -246,7 +248,7 @@ any-prereq = $(filter-out $(PHONY),$?) $(filter-out $(PHONY) $(wildcard $^),$^)
>  # Execute command if command has changed or prerequisite(s) are updated.
>  if_changed = $(if $(strip $(any-prereq) $(arg-check)),                       \
>  	$(cmd);                                                              \
> -	printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:)
> +	$(save-cmd), @:)
>  
>  # Execute the command and also postprocess generated .d dependencies file.
>  if_changed_dep = $(if $(strip $(any-prereq) $(arg-check)),$(cmd_and_fixdep),@:)
> diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost
> index 7d4af0d0accb..da779a185218 100644
> --- a/scripts/Makefile.modpost
> +++ b/scripts/Makefile.modpost
> @@ -125,8 +125,22 @@ quiet_cmd_ld_ko_o = LD [M]  $@
>                   -o $@ $(filter-out FORCE,$^) ;                         \
>  	$(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true)
>  
> +SLIST = $(objtree)/Symbols.list
> +KLP_CONVERT = scripts/livepatch/klp-convert
> +quiet_cmd_klp_convert = KLP $@
> +      cmd_klp_convert = mv $@ $(@:.ko=.klp.o);				\
> +			$(KLP_CONVERT) $(SLIST) $(@:.ko=.klp.o) $@
> +
> +define rule_ld_ko_o
> +	$(call cmd,ld_ko_o) $(cmd_ld_ko_o) ;				\
> +	$(call save-cmd,ld_ko_o) ;					\
> +	$(if $(CONFIG_LIVEPATCH),					\
> +	  $(if $(wildcard $(MODVERDIR)/$(basetarget).livepatch),	\
> +	    $(call echo-cmd,klp_convert) $(cmd_klp_convert) ))
> +endef
> +
>  $(modules): %.ko :%.o %.mod.o FORCE
> -	+$(call if_changed,ld_ko_o)
> +	+$(call if_changed_rule,ld_ko_o)
>  
>  targets += $(modules)
>  
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index 26bf886bd168..1dfc34d8b668 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -1979,6 +1979,10 @@ static void read_symbols(const char *modname)
>  		license = get_next_modinfo(&info, "license", license);
>  	}
>  
> +	/* Livepatch modules have unresolved symbols resolved by klp-convert */
> +	if (get_modinfo(info.modinfo, info.modinfo_len, "livepatch"))
> +		mod->livepatch = 1;
> +
>  	for (sym = info.symtab_start; sym < info.symtab_stop; sym++) {
>  		symname = remove_dot(info.strtab + sym->st_name);
>  
> @@ -2106,7 +2110,7 @@ static int check_exports(struct module *mod)
>  		const char *basename;
>  		exp = find_symbol(s->name);
>  		if (!exp || exp->module == mod) {
> -			if (have_vmlinux && !s->weak) {
> +			if (have_vmlinux && !s->weak && !mod->livepatch) {
>  				if (warn_unresolved) {
>  					warn("\"%s\" [%s.ko] undefined!\n",
>  					     s->name, mod->name);
> diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h
> index 8453d6ac2f77..2acfaae064ec 100644
> --- a/scripts/mod/modpost.h
> +++ b/scripts/mod/modpost.h
> @@ -118,6 +118,7 @@ struct module {
>  	int skip;
>  	int has_init;
>  	int has_cleanup;
> +	int livepatch;
>  	struct buffer dev_table_buf;
>  	char	     srcversion[25];
>  	int is_dot_o;
> -- 
> 2.16.4
> 

Miroslav

Powered by blists - more mailing lists