lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190328201703.GA8658@redhat.com>
Date:   Thu, 28 Mar 2019 16:17:03 -0400
From:   Joe Lawrence <joe.lawrence@...hat.com>
To:     Joao Moreira <jmoreira@...e.de>, Miroslav Benes <mbenes@...e.cz>
Cc:     live-patching@...r.kernel.org, pmladek@...e.cz, jikos@...e.cz,
        nstange@...e.de, jpoimboe@...hat.com, khlebnikov@...dex-team.ru,
        jeyu@...nel.org, matz@...e.de, linux-kernel@...r.kernel.org,
        yamada.masahiro@...ionext.com, linux-kbuild@...r.kernel.org,
        michal.lkml@...kovi.net
Subject: Re: [PATCH v2 2/8] kbuild: Support for Symbols.list creation

On Tue, Mar 26, 2019 at 04:53:12PM -0400, Joe Lawrence wrote:
> On 3/26/19 2:13 PM, Joao Moreira wrote:
> > 
> > 
> > On 3/26/19 1:15 PM, Joe Lawrence wrote:
> >>
> > > Hi Joao,
> > > 
> > > This change seems to work okay for (again) single object modules, but
> > > I'm having issues with multi-object modules.
> > > 
> > 
> > Hi Joe, thanks for the sources, this made everything much easier in my
> > side :)
> > 
> > In the patch below I change a little bit the interface used to inform
> > kbuild that a module is a livepatch. Instead of defining the flag
> > LIVEPATCH_ per .o file, we define it per module (what actually makes
> > much more sense). We later use $(basetarget) in the Makefile for
> > checking the flags. By doing so, and invoking cmd_livepatch both from
> > the $(single-used-m) and $(multi-used-m) we ensure that the .livepatch
> > file is created for each module, what later in the pipeline flags the
> > invocation of klp-convert.
> > 
> > I tested the following patch with the sources you provided (with little
> > modifications, removing the .o from the LIVEPATCH_ definitions and using
> > the module name instead of the object names), achieving successful
> > compilation and conversion. I also tested against the sample
> > livepatches, thus I think it might be ok now.
> 
> Cool thanks for taking a look -- I can confirm that the toy code I sent over
> builds with those modifications and so does the sample and selftest I was
> working on.  I'll set about refactoring that klp-convert selftest to combine
> .o files into a more compact module.

Hmm, maybe I spoke too soon.

I am having issues if I have a two-object livepatch module in which each
object file needs to specify its own KLP_MODULE_RELOC for the same
symbol name.

For example: I have test_klp_convert.ko which is comprised of 
test_klp_convert_a.o. which needs to refer to state_show,1 and 
test_klp_convert_b.o. which needs to refer to state_show,2.

  % make
  ...
    KLP     lib/livepatch/test_klp_convert.ko
  klp-convert: Conflicting KLP_SYMPOS definition: vmlinux.state_show,0 vs. vmlinux.state_show,1.
  klp-convert: Unable to load user-provided sympos
  make[2]: *** [scripts/Makefile.modpost:148: lib/livepatch/test_klp_convert.ko] Error 255
  make[1]: *** [/home/cloud-user/disk/linux/Makefile:1282: modules] Error 2
  make: *** [Makefile:170: sub-make] Error 2

I take a closer look next week, but in the meantime, see the source
files below.

-- Joe


==> lib/livepatch/test_klp_convert_a.c <==
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/livepatch.h>

/* klp-convert symbols - vmlinux */
extern void *state_show;
__used void print_state_show(void)
{
	pr_info("%s: state_show: %p\n", __func__, state_show);
}

KLP_MODULE_RELOC(vmlinux) vmlinux_relocs_a[] = {
	KLP_SYMPOS(state_show, 1)
};

static struct klp_func funcs[] = {
	{
	}, { }
};

static struct klp_object objs[] = {
	{
		/* name being NULL means vmlinux */
		.funcs = funcs,
	}, { }
};

static struct klp_patch patch = {
	.mod = THIS_MODULE,
	.objs = objs,
};

static int test_klp_convert_init(void)
{
	int ret;

	ret = klp_enable_patch(&patch);
	if (ret)
		return ret;

	return 0;
}

static void test_klp_convert_exit(void)
{
}

module_init(test_klp_convert_init);
module_exit(test_klp_convert_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Joe Lawrence <joe.lawrence@...hat.com>");
MODULE_DESCRIPTION("Livepatch test: klp-convert");

==> lib/livepatch/test_klp_convert_b.c <==
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/livepatch.h>

/* klp-convert symbols - vmlinux */
extern void *state_show;

__used void print_state_show_b(void)
{
	pr_info("%s: state_show: %p\n", __func__, state_show);
}

KLP_MODULE_RELOC(vmlinux) vmlinux_relocs_b[] = {
	KLP_SYMPOS(state_show, 2)
};


==> lib/livepatch/Makefile <==
# SPDX-License-Identifier: GPL-2.0
#
# Makefile for livepatch test code.

LIVEPATCH_test_klp_atomic_replace := y
LIVEPATCH_test_klp_callbacks_demo := y
LIVEPATCH_test_klp_callbacks_demo2 := y
LIVEPATCH_test_klp_convert := y
LIVEPATCH_test_klp_livepatch := y

obj-$(CONFIG_TEST_LIVEPATCH) += test_klp_atomic_replace.o \
				test_klp_callbacks_demo.o \
				test_klp_callbacks_demo2.o \
				test_klp_callbacks_busy.o \
				test_klp_callbacks_mod.o \
				test_klp_convert.o \
				test_klp_livepatch.o \
				test_klp_shadow_vars.o

test_klp_convert-y := \
	test_klp_convert_a.o \
	test_klp_convert_b.o

# Target modules to be livepatched require CC_FLAGS_FTRACE
CFLAGS_test_klp_callbacks_busy.o	+= $(CC_FLAGS_FTRACE)
CFLAGS_test_klp_callbacks_mod.o		+= $(CC_FLAGS_FTRACE)
CFLAGS_test_klp_convert_mod.o		+= $(CC_FLAGS_FTRACE)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ