lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190228040553.oenweqfivepfrhkv@treble>
Date:   Wed, 27 Feb 2019 22:05:53 -0600
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Miroslav Benes <mbenes@...e.cz>
Cc:     Joao Moreira <jmoreira@...e.de>, live-patching@...r.kernel.org,
        pmladek@...e.cz, jikos@...e.cz, nstange@...e.de,
        khlebnikov@...dex-team.ru, jeyu@...nel.org, matz@...e.de,
        linux-kernel@...r.kernel.org, yamada.masahiro@...ionext.com,
        michal.lkml@...kovi.net, linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v2 6/8] modpost: Add modinfo flag to livepatch modules

On Wed, Feb 20, 2019 at 04:50:08PM +0100, Miroslav Benes wrote:
> Adding CCs...

Where was this posted?  I don't see it on lkml.  It would be good to be
able to see the whole series for review.

> 
> On Wed, 30 Jan 2019, Joao Moreira wrote:
> 
> > From: Miroslav Benes <mbenes@...e.cz>
> > 
> > Currently, livepatch infrastructure in the kernel relies on
> > MODULE_INFO(livepatch, "Y") statement in a livepatch module. Then the
> > kernel module loader knows a module is indeed livepatch module and can
> > behave accordingly.
> > 
> > klp-convert, on the other hand relies on LIVEPATCH_* statement in the
> > module's Makefile for exactly the same reason.
> > 
> > Remove dependency on modinfo and generate MODULE_INFO flag
> > automatically in modpost when LIVEPATCH_* is defined in the module's
> > Makefile. Generate a list of all built livepatch modules based on
> > the .livepatch file and store it in (MODVERDIR)/livepatchmods. Give
> > this list as an argument for modpost which will use it to identify
> > livepatch modules.
> > 
> > As MODULE_INFO is no longer needed, remove it.
> > 
> > [jmoreira:
> > * fix modpost.c (add_livepatch_flag) to update module structure with
> > livepatch flag and prevent modpost from breaking due to unresolved
> > symbols]
> > 
> > Signed-off-by: Miroslav Benes <mbenes@...e.cz>
> > Signed-off-by: Joao Moreira <jmoreira@...e.de>
> > ---
> >  samples/livepatch/livepatch-sample.c |  1 -
> >  scripts/Makefile.modpost             |  8 +++-
> >  scripts/mod/modpost.c                | 84 +++++++++++++++++++++++++++++++++---
> >  3 files changed, 85 insertions(+), 8 deletions(-)
> > 
> > diff --git a/samples/livepatch/livepatch-sample.c b/samples/livepatch/livepatch-sample.c
> > index 2d554dd930e2..20a5891ebf7b 100644
> > --- a/samples/livepatch/livepatch-sample.c
> > +++ b/samples/livepatch/livepatch-sample.c
> > @@ -90,4 +90,3 @@ static void livepatch_exit(void)
> >  module_init(livepatch_init);
> >  module_exit(livepatch_exit);
> >  MODULE_LICENSE("GPL");
> > -MODULE_INFO(livepatch, "Y");
> 
> Again, we shoud do the same for the other samples we have in 
> samples/livepatch/ directory.
> 
> > diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost
> > index da779a185218..0149a72ea7ae 100644
> > --- a/scripts/Makefile.modpost
> > +++ b/scripts/Makefile.modpost
> > @@ -65,6 +65,11 @@ MODLISTCMD := find $(MODVERDIR) -name '*.mod' | xargs -r grep -h '\.ko$$' | sort
> >  __modules := $(shell $(MODLISTCMD))
> >  modules   := $(patsubst %.o,%.ko, $(wildcard $(__modules:.ko=.o)))
> >  
> > +# find all .livepatch files listed in $(MODVERDIR)/
> > +ifdef CONFIG_LIVEPATCH
> > +$(shell find $(MODVERDIR) -name '*.livepatch' | xargs -r -I{} basename {} .livepatch > $(MODVERDIR)/livepatchmods)
> > +endif
> > +
> >  # Stop after building .o files if NOFINAL is set. Makes compile tests quicker
> >  _modpost: $(if $(KBUILD_MODPOST_NOFINAL), $(modules:.ko:.o),$(modules))
> >  
> > @@ -79,7 +84,8 @@ modpost = scripts/mod/modpost                    \
> >   $(if $(KBUILD_EXTMOD),-o $(modulesymfile))      \
> >   $(if $(CONFIG_DEBUG_SECTION_MISMATCH),,-S)      \
> >   $(if $(CONFIG_SECTION_MISMATCH_WARN_ONLY),,-E)  \
> > - $(if $(KBUILD_EXTMOD)$(KBUILD_MODPOST_WARN),-w)
> > + $(if $(KBUILD_EXTMOD)$(KBUILD_MODPOST_WARN),-w) \
> > + $(if $(CONFIG_LIVEPATCH),-l $(MODVERDIR)/livepatchmods)
> >  
> >  MODPOST_OPT=$(subst -i,-n,$(filter -i,$(MAKEFLAGS)))
> >  
> > diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> > index 1dfc34d8b668..2fd1d409ca5a 100644
> > --- a/scripts/mod/modpost.c
> > +++ b/scripts/mod/modpost.c
> > @@ -1979,10 +1979,6 @@ static void read_symbols(const char *modname)
> >  		license = get_next_modinfo(&info, "license", license);
> >  	}
> >  
> > -	/* Livepatch modules have unresolved symbols resolved by klp-convert */
> > -	if (get_modinfo(info.modinfo, info.modinfo_len, "livepatch"))
> > -		mod->livepatch = 1;
> > -
> >  	for (sym = info.symtab_start; sym < info.symtab_stop; sym++) {
> >  		symname = remove_dot(info.strtab + sym->st_name);
> >  
> > @@ -2421,6 +2417,76 @@ static void write_dump(const char *fname)
> >  	free(buf.p);
> >  }
> >  
> > +struct livepatch_mod_list {
> > +	struct livepatch_mod_list *next;
> > +	char *livepatch_mod;
> > +};
> > +
> > +static struct livepatch_mod_list *load_livepatch_mods(const char *fname)
> > +{
> > +	struct livepatch_mod_list *list_iter, *list_start = NULL;
> > +	unsigned long size, pos = 0;
> > +	void *file = grab_file(fname, &size);
> > +	char *line;
> > +
> > +	if (!file)
> > +		return NULL;
> > +
> > +	while ((line = get_next_line(&pos, file, size))) {
> > +		list_iter = NOFAIL(malloc(sizeof(*list_iter)));
> > +		list_iter->next = list_start;
> > +		list_iter->livepatch_mod = NOFAIL(strdup(line));
> > +		list_start = list_iter;
> > +	}
> > +	release_file(file, size);
> > +
> > +	return list_start;
> > +}
> > +
> > +static void free_livepatch_mods(struct livepatch_mod_list *list_start)
> > +{
> > +	struct livepatch_mod_list *list_iter;
> > +
> > +	while (list_start) {
> > +		list_iter = list_start->next;
> > +		free(list_start->livepatch_mod);
> > +		free(list_start);
> > +		list_start = list_iter;
> > +	}
> > +}
> > +
> > +static int is_livepatch_mod(const char *modname,
> > +		struct livepatch_mod_list *list)
> > +{
> > +	const char *myname;
> > +
> > +	if (!list)
> > +		return 0;
> > +
> > +	myname = strrchr(modname, '/');
> > +	if (myname)
> > +		myname++;
> > +	else
> > +		myname = modname;
> > +
> > +	while (list) {
> > +		if (!strcmp(myname, list->livepatch_mod))
> > +			return 1;
> > +		list = list->next;
> > +	}
> > +	return 0;
> > +}
> > +
> > +static void add_livepatch_flag(struct buffer *b, struct module *mod,
> > +		struct livepatch_mod_list *list)
> > +{
> > +	if (is_livepatch_mod(mod->name, list)) {
> > +		buf_printf(b, "\nMODULE_INFO(livepatch, \"Y\");\n");
> > +		mod->livepatch = 1;
> > +	}
> > +}
> > +
> > +
> >  struct ext_sym_list {
> >  	struct ext_sym_list *next;
> >  	const char *file;
> > @@ -2436,8 +2502,9 @@ int main(int argc, char **argv)
> >  	int err;
> >  	struct ext_sym_list *extsym_iter;
> >  	struct ext_sym_list *extsym_start = NULL;
> > +	struct livepatch_mod_list *livepatch_mods = NULL;
> >  
> > -	while ((opt = getopt(argc, argv, "i:I:e:mnsST:o:awE")) != -1) {
> > +	while ((opt = getopt(argc, argv, "i:I:e:l:mnsST:o:awM:K:E")) != -1) {
> >  		switch (opt) {
> >  		case 'i':
> >  			kernel_read = optarg;
> > @@ -2454,6 +2521,9 @@ int main(int argc, char **argv)
> >  			extsym_iter->file = optarg;
> >  			extsym_start = extsym_iter;
> >  			break;
> > +		case 'l':
> > +			livepatch_mods = load_livepatch_mods(optarg);
> > +			break;
> >  		case 'm':
> >  			modversions = 1;
> >  			break;
> > @@ -2514,15 +2584,16 @@ int main(int argc, char **argv)
> >  		buf.pos = 0;
> >  
> >  		err |= check_modname_len(mod);
> > -		err |= check_exports(mod);
> >  		add_header(&buf, mod);
> >  		add_intree_flag(&buf, !external_module);
> >  		add_retpoline(&buf);
> >  		add_staging_flag(&buf, mod->name);
> > +		add_livepatch_flag(&buf, mod, livepatch_mods);
> >  		err |= add_versions(&buf, mod);
> >  		add_depends(&buf, mod);
> >  		add_moddevtable(&buf, mod);
> >  		add_srcversion(&buf, mod);
> > +		err |= check_exports(mod);
> >  
> >  		sprintf(fname, "%s.mod.c", mod->name);
> >  		write_if_changed(&buf, fname);
> > @@ -2541,6 +2612,7 @@ int main(int argc, char **argv)
> >  			      "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n");
> >  		}
> >  	}
> > +	free_livepatch_mods(livepatch_mods);
> >  	free(buf.p);
> >  
> >  	return err;
> > -- 
> > 2.16.4
> > 
> 
> Miroslav

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ