lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  9 May 2019 10:38:59 -0400
From:   Joe Lawrence <joe.lawrence@...hat.com>
To:     linux-kernel@...r.kernel.org, live-patching@...r.kernel.org,
        linux-kbuild@...r.kernel.org
Subject: [PATCH v4 10/10] livepatch/klp-convert: abort on special sections

To properly convert alternatives, paravirt ops, and static keys,
klp-convert needs to implement "klp.arch" sections as supported by
d4c3e6e1b193 (“livepatch/x86: apply alternatives and paravirt patches
after relocations”).

There is some amount of ELF section bookkeeping required for this (ie,
moving data structure entries and relocations to their ".klp.arch"
equivalents) but the hardest part will be determining klp_object
relationships.  This may require some larger changes to livepatch API,
so defer support for now.

Signed-off-by: Joe Lawrence <joe.lawrence@...hat.com>
---
 scripts/livepatch/klp-convert.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/scripts/livepatch/klp-convert.c b/scripts/livepatch/klp-convert.c
index 72b65428e738..b5873abecefb 100644
--- a/scripts/livepatch/klp-convert.c
+++ b/scripts/livepatch/klp-convert.c
@@ -617,6 +617,18 @@ static void free_converted_resources(struct elf *klp_elf)
 	}
 }
 
+/* Check for special sections that klp-convert doesn't support */
+static bool is_section_supported(char *sname)
+{
+	if (strcmp(sname, ".rela.altinstructions") == 0)
+		return false;
+	if (strcmp(sname, ".rela.parainstructions") == 0)
+		return false;
+	if (strcmp(sname, ".rela__jump_table") == 0)
+		return false;
+	return true;
+}
+
 int main(int argc, const char **argv)
 {
 	const char *klp_in_module, *klp_out_module, *symbols_list;
@@ -649,6 +661,12 @@ int main(int argc, const char **argv)
 	}
 
 	list_for_each_entry_safe(sec, aux, &klp_elf->sections, list) {
+		if (!is_section_supported(sec->name)) {
+			WARN("Special ELF section: %s not supported",
+				sec->name);
+			return -1;
+		}
+
 		if (!is_rela_section(sec) ||
 		    is_klp_rela_section(sec->name))
 			continue;
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ