lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190425152628.ogk4woi3omeocwly@treble>
Date:   Thu, 25 Apr 2019 10:26:28 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     live-patching@...r.kernel.org
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Mark Rutland <mark.rutland@....com>,
        linux-kernel@...r.kernel.org
Subject: Livepatch vs LTO

Hi all,

On IRC, Peter expressed some concern about -flive-patching, specifically
that the flag isn't compatible with LTO.

The upstream kernel currently doesn't support LTO, but Android is using
it with LLVM:

  https://source.android.com/devices/tech/debug/kcfi

And there seems to be progress being made in that direction for
upstream.

Live patching has at least the following issues with LTO:

- For source-based patch generation (klp-convert and friends), the GCC
  manual says that -flive-patching is incompatible with LTO.  Does
  anybody know if that's a hard incompatibility, or can it be fixed?

  Also, what about the performance implications of this flag with LTO?
  Might they become more pronounced?

  Also I wonder if -fdump-ipa-clones works with LTO?

  I also wonder about the future of source-based patch generation with
  LLVM.  Will it also have -flive-patching and -fdump-ipa-clones flags?

- For binary-based patch generation (kpatch-build), we currently diff
  objects at a per-compilation-unit level.  That would have to be
  changed to work on vmlinux.o instead.

- Objtool would also have to be changed to work on vmlinux.o.  It's
  currently not optimized for large files, and the per-.o whitelisting
  would need to be fixed.  And there may be other issues lurking.

Also, thinking about objtool in this context has given me another idea,
which might allow us to get rid of the use of -flive-patching and
-fdump-ipa-clones altogether (which are both nasty and way too
compiler-dependent):

Since objtool is already reading every function in the kernel, it could
create a checksum associated with each function, based on all the
instructions (both within the function and any alternatives or other
special sections it relies on).  The function checksums could be written
to a file.

Then, when a patch file is applied and the kernel rebuilt, the checksum
files could be compared to determine exactly which functions have
changed at a binary level.

Thoughts?  Any reasons why that wouldn't work?

And, if we wanted to take the idea even further, objtool could have the
ability to write the changed functions to a new object file.  Voila, we
now pretty much have kpatch-build :-)  (Though whether this is better
than source-based patch generation is certainly an open question.)

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ