lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191008155022.61db3108@gandalf.local.home>
Date:   Tue, 8 Oct 2019 15:50:22 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Joe Lawrence <joe.lawrence@...hat.com>
Cc:     Miroslav Benes <mbenes@...e.cz>, mingo@...hat.com,
        jpoimboe@...hat.com, jikos@...nel.org, pmladek@...e.com,
        linux-kernel@...r.kernel.org, live-patching@...r.kernel.org
Subject: Re: [PATCH 0/3] ftrace: Introduce PERMANENT ftrace_ops flag

On Tue, 8 Oct 2019 15:35:34 -0400
Joe Lawrence <joe.lawrence@...hat.com> wrote:

> 
> I wonder if the opposite would be more intuitive: when ftrace_enabled is
> not set, don't allow livepatches to register ftrace filters and
> likewise, don't allow ftrace_enabled to be unset if any livepatches are
> already registered.  I guess you could make an argument either way, but
> just offering another option.  Perhaps livepatches should follow similar
> behavior of other ftrace clients (like perf probes?)

I believe I suggested the "PERMANENT" flag, but disabling ftrace_enable
may be another approach. Might be much easier to maintain.

> 
> As for the approach in this patchset, is it consistent that livepatches
> loaded after setting ftrace_enabled to 0 will successfully load, but not
> execute their new code...  but then when ftrace_enabled is toggled, the
> new livepatch code remains on?
> 
> For example:
> 
> 1 - Turn ftrace_enabled off and load the /proc/cmdline livepatch test
>     case, note that it reports a success patching transition, but
>     doesn't run new its code:
> 
>   % dmesg -C
>   % sysctl kernel.ftrace_enabled=0
>   kernel.ftrace_enabled = 0
>   % insmod lib/livepatch/test_klp_livepatch.ko 
>   % echo $?
>   0
>   % dmesg
>   [  450.579980] livepatch: enabling patch 'test_klp_livepatch'
>   [  450.581243] livepatch: 'test_klp_livepatch': starting patching transition
>   [  451.942971] livepatch: 'test_klp_livepatch': patching complete
>   % cat /proc/cmdline 
>   BOOT_IMAGE=(hd0,msdos1)/boot/vmlinuz-5.4.0-rc2+ root=UUID=c42bb089-b5c1-4e17-82bd-132f55bee54c ro console=ttyS0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto
> 
> 2 - Turn ftrace_enabled on and see that the livepatch now works:
> 
>   % sysctl kernel.ftrace_enabled=1
>   kernel.ftrace_enabled = 1
>   % cat /proc/cmdline 
>   test_klp_livepatch: this has been live patched
> 
> 3 - Turn ftrace_enabled off and see that it's still enabled:
> 
>   % sysctl kernel.ftrace_enabled=0
>   kernel.ftrace_enabled = 0
>   % cat /proc/cmdline 
>   test_klp_livepatch: this has been live patched
> 
> Steps 2 and 3 match the behavior described by the patchset, but I was
> particularly wondering what you thought about step 1.
> 
> IMHO, I would expect step 1 to fully enable the livepatch, or at the
> very least, not report a patch transition (though that may confuse
> userspace tools waiting for that report).
> 

I think I like your idea better. To prevent ftrace_enable from being
disabled if a "permanent" option is set. Then we only need to have a
permanent flag for the ftrace_ops, that will disable the ftrace_enable
from being cleared. We can also prevent the ftrace_ops from being
loaded if ftrace_enable is not set and the ftrace_ops has the PERMANENT
flag set.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ