| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2019 16:50:08 +0100 (CET)
From: Miroslav Benes <mbenes@...e.cz>
To: Joao Moreira <jmoreira@...e.de>
cc: live-patching@...r.kernel.org, pmladek@...e.cz, jikos@...e.cz,
nstange@...e.de, jpoimboe@...hat.com, khlebnikov@...dex-team.ru,
jeyu@...nel.org, matz@...e.de, linux-kernel@...r.kernel.org,
yamada.masahiro@...ionext.com, michal.lkml@...kovi.net,
linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v2 6/8] modpost: Add modinfo flag to livepatch modules
Adding CCs...
On Wed, 30 Jan 2019, Joao Moreira wrote:
> From: Miroslav Benes <mbenes@...e.cz>
>
> Currently, livepatch infrastructure in the kernel relies on
> MODULE_INFO(livepatch, "Y") statement in a livepatch module. Then the
> kernel module loader knows a module is indeed livepatch module and can
> behave accordingly.
>
> klp-convert, on the other hand relies on LIVEPATCH_* statement in the
> module's Makefile for exactly the same reason.
>
> Remove dependency on modinfo and generate MODULE_INFO flag
> automatically in modpost when LIVEPATCH_* is defined in the module's
> Makefile. Generate a list of all built livepatch modules based on
> the .livepatch file and store it in (MODVERDIR)/livepatchmods. Give
> this list as an argument for modpost which will use it to identify
> livepatch modules.
>
> As MODULE_INFO is no longer needed, remove it.
>
> [jmoreira:
> * fix modpost.c (add_livepatch_flag) to update module structure with
> livepatch flag and prevent modpost from breaking due to unresolved
> symbols]
>
> Signed-off-by: Miroslav Benes <mbenes@...e.cz>
> Signed-off-by: Joao Moreira <jmoreira@...e.de>
> ---
> samples/livepatch/livepatch-sample.c | 1 -
> scripts/Makefile.modpost | 8 +++-
> scripts/mod/modpost.c | 84 +++++++++++++++++++++++++++++++++---
> 3 files changed, 85 insertions(+), 8 deletions(-)
>
> diff --git a/samples/livepatch/livepatch-sample.c b/samples/livepatch/livepatch-sample.c
> index 2d554dd930e2..20a5891ebf7b 100644
> --- a/samples/livepatch/livepatch-sample.c
> +++ b/samples/livepatch/livepatch-sample.c
> @@ -90,4 +90,3 @@ static void livepatch_exit(void)
> module_init(livepatch_init);
> module_exit(livepatch_exit);
> MODULE_LICENSE("GPL");
> -MODULE_INFO(livepatch, "Y");
Again, we shoud do the same for the other samples we have in
samples/livepatch/ directory.
> diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost
> index da779a185218..0149a72ea7ae 100644
> --- a/scripts/Makefile.modpost
> +++ b/scripts/Makefile.modpost
> @@ -65,6 +65,11 @@ MODLISTCMD := find $(MODVERDIR) -name '*.mod' | xargs -r grep -h '\.ko$$' | sort
> __modules := $(shell $(MODLISTCMD))
> modules := $(patsubst %.o,%.ko, $(wildcard $(__modules:.ko=.o)))
>
> +# find all .livepatch files listed in $(MODVERDIR)/
> +ifdef CONFIG_LIVEPATCH
> +$(shell find $(MODVERDIR) -name '*.livepatch' | xargs -r -I{} basename {} .livepatch > $(MODVERDIR)/livepatchmods)
> +endif
> +
> # Stop after building .o files if NOFINAL is set. Makes compile tests quicker
> _modpost: $(if $(KBUILD_MODPOST_NOFINAL), $(modules:.ko:.o),$(modules))
>
> @@ -79,7 +84,8 @@ modpost = scripts/mod/modpost \
> $(if $(KBUILD_EXTMOD),-o $(modulesymfile)) \
> $(if $(CONFIG_DEBUG_SECTION_MISMATCH),,-S) \
> $(if $(CONFIG_SECTION_MISMATCH_WARN_ONLY),,-E) \
> - $(if $(KBUILD_EXTMOD)$(KBUILD_MODPOST_WARN),-w)
> + $(if $(KBUILD_EXTMOD)$(KBUILD_MODPOST_WARN),-w) \
> + $(if $(CONFIG_LIVEPATCH),-l $(MODVERDIR)/livepatchmods)
>
> MODPOST_OPT=$(subst -i,-n,$(filter -i,$(MAKEFLAGS)))
>
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index 1dfc34d8b668..2fd1d409ca5a 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -1979,10 +1979,6 @@ static void read_symbols(const char *modname)
> license = get_next_modinfo(&info, "license", license);
> }
>
> - /* Livepatch modules have unresolved symbols resolved by klp-convert */
> - if (get_modinfo(info.modinfo, info.modinfo_len, "livepatch"))
> - mod->livepatch = 1;
> -
> for (sym = info.symtab_start; sym < info.symtab_stop; sym++) {
> symname = remove_dot(info.strtab + sym->st_name);
>
> @@ -2421,6 +2417,76 @@ static void write_dump(const char *fname)
> free(buf.p);
> }
>
> +struct livepatch_mod_list {
> + struct livepatch_mod_list *next;
> + char *livepatch_mod;
> +};
> +
> +static struct livepatch_mod_list *load_livepatch_mods(const char *fname)
> +{
> + struct livepatch_mod_list *list_iter, *list_start = NULL;
> + unsigned long size, pos = 0;
> + void *file = grab_file(fname, &size);
> + char *line;
> +
> + if (!file)
> + return NULL;
> +
> + while ((line = get_next_line(&pos, file, size))) {
> + list_iter = NOFAIL(malloc(sizeof(*list_iter)));
> + list_iter->next = list_start;
> + list_iter->livepatch_mod = NOFAIL(strdup(line));
> + list_start = list_iter;
> + }
> + release_file(file, size);
> +
> + return list_start;
> +}
> +
> +static void free_livepatch_mods(struct livepatch_mod_list *list_start)
> +{
> + struct livepatch_mod_list *list_iter;
> +
> + while (list_start) {
> + list_iter = list_start->next;
> + free(list_start->livepatch_mod);
> + free(list_start);
> + list_start = list_iter;
> + }
> +}
> +
> +static int is_livepatch_mod(const char *modname,
> + struct livepatch_mod_list *list)
> +{
> + const char *myname;
> +
> + if (!list)
> + return 0;
> +
> + myname = strrchr(modname, '/');
> + if (myname)
> + myname++;
> + else
> + myname = modname;
> +
> + while (list) {
> + if (!strcmp(myname, list->livepatch_mod))
> + return 1;
> + list = list->next;
> + }
> + return 0;
> +}
> +
> +static void add_livepatch_flag(struct buffer *b, struct module *mod,
> + struct livepatch_mod_list *list)
> +{
> + if (is_livepatch_mod(mod->name, list)) {
> + buf_printf(b, "\nMODULE_INFO(livepatch, \"Y\");\n");
> + mod->livepatch = 1;
> + }
> +}
> +
> +
> struct ext_sym_list {
> struct ext_sym_list *next;
> const char *file;
> @@ -2436,8 +2502,9 @@ int main(int argc, char **argv)
> int err;
> struct ext_sym_list *extsym_iter;
> struct ext_sym_list *extsym_start = NULL;
> + struct livepatch_mod_list *livepatch_mods = NULL;
>
> - while ((opt = getopt(argc, argv, "i:I:e:mnsST:o:awE")) != -1) {
> + while ((opt = getopt(argc, argv, "i:I:e:l:mnsST:o:awM:K:E")) != -1) {
> switch (opt) {
> case 'i':
> kernel_read = optarg;
> @@ -2454,6 +2521,9 @@ int main(int argc, char **argv)
> extsym_iter->file = optarg;
> extsym_start = extsym_iter;
> break;
> + case 'l':
> + livepatch_mods = load_livepatch_mods(optarg);
> + break;
> case 'm':
> modversions = 1;
> break;
> @@ -2514,15 +2584,16 @@ int main(int argc, char **argv)
> buf.pos = 0;
>
> err |= check_modname_len(mod);
> - err |= check_exports(mod);
> add_header(&buf, mod);
> add_intree_flag(&buf, !external_module);
> add_retpoline(&buf);
> add_staging_flag(&buf, mod->name);
> + add_livepatch_flag(&buf, mod, livepatch_mods);
> err |= add_versions(&buf, mod);
> add_depends(&buf, mod);
> add_moddevtable(&buf, mod);
> add_srcversion(&buf, mod);
> + err |= check_exports(mod);
>
> sprintf(fname, "%s.mod.c", mod->name);
> write_if_changed(&buf, fname);
> @@ -2541,6 +2612,7 @@ int main(int argc, char **argv)
> "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n");
> }
> }
> + free_livepatch_mods(livepatch_mods);
> free(buf.p);
>
> return err;
> --
> 2.16.4
>
Miroslav
Powered by blists - more mailing lists